Mad Dog Vee

Ok the issue is now fixed. It was a PITA but a system REFRESH + REINSTALLING some stuff FIXED the issue. If it reoccurs I'll use the diagnostic logs as suggested above. Thank you.

I'd like to thank everyone for attempting me to assist my friend even though we have gotten nowhere. It has been valuable input and I have begun to learn about Windows 8 & a tool I didn't know existed - DISM. I've attached the CBS & DISM log. So What Now? CBS.zip dism.log

FIRST LINK: Image Version: 6.3.9600.17031 Ran a scanhealth & it said The compoent store is repairable Ran a restorehealth & it said "The component store corruption was repaired. NOTHING CHANGED - I'm going to do a restart just in case before going to the second link (yes it was just a spacing error that gave the Error 87 before) LINK 2 METHOD 1 Instructions weren't perfect but close enough to get me where I needed to go Problems found: Windows Update components must be repaired - FIXED METHOD 2 - not required. METHOD 3 - I assume copy/paste and run of repair.bat worked. checked for updates, downloaded and installed & rebooted but NOTHING CHANGED So nothing changed using all these methods. Link 3 isn't needed as that was only a spacing error.

Toms Hardware suggestion: no change -------------- Eightforums: Asks for a Microsoft Account and well iirc that is unnecessary, using the diagcab & it fixed some service ------------------ Microsoft SFC scan = Windows Resource \protection found corrupt files but was unable to fix some of them. Details are included in the CBS.\log windir\Logs\CBS\CBS.log. For example\ C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not supported in offline servicing scenarios. DISM.exe = gives error 87 - doesn't recognise the command ''health'' --------------- RUNNING THE DIAGNOSTIC AGAIN Issues found Service registration is missing or corrupt Service registration is missing or corrupt Detected Reset service registration Not run Microsoft account required Microsoft account required Detected Switch to Microsoft account Not run I'm not Windows 8 savvy & this person is not even computer savvy really - Windows 8 was supposed to make it easier for these people. I reset the Service registration but did not do a Microsoft account thing - that's up to them and a general pain in the rear. NEXT STEP is to check Windows 8 is activated but doesn't say how - Somehow in all these instructions I managed to open Computer & noticed it said Windows Activated The steps are practically useless - they tell me to open PC Settings then they do not say what to do from there So after all this mucking around - we've established we only have a LOCAL ACCOUNT on this computer ================================ The instructions are near impossible to follow going through those many steps. The CBS log from earlier was sent to Microsoft through the Action Center. None of these things worked. She doesn't wish to refresh the computer as it will lose the printer and some other things that have been installed and is not savvy enough to put them back on. I may have done one of the apps in the early days. This computer is only used for email and news & now I know why no one thinks highly of Windows 8 ANY SUGGESTIONS WELCOME.

A friend of mine is having trouble with windows 8. I still have windows 7 so am not much help. When she opens apps - they don't seem to load up at all and automatically minimise. I've looked around on the net and this seems a common problem but there is no clear solution. The internet still works fine. Her emails work fine. Apps like Reader or even News don't seem to load and automatically minimise. You restore them and they haven't loaded and they also quickly minimise again. What course of action do you suggest?

restorefix.reg was never ran - I was hesitant to do so give restorefix.bat didn't work. DAR.reg is just a registry backup before they were ran. @echo off setlocal set key=HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore set disableconfig=DisableConfig set disablesr=DisableSR :Enable swreg add %key% /v %disableconfig% /t REG_DWORD /d 0 > NUL swreg add %key% /v %disablesr% /t REG_DWORD /d 0 > NUL :eof IT IS OLD INFO SO PROBABLY NOT APPLICABLE TO WINDOWS 7

Hi all, I think I've seen a similar issue to this before. Windows 7 - No System Restore - Mouse on black screen when loading windows normally. I tried a system restore without success but that also seemed to kill system restore - as it is not active - not under services to reinstate either. I can get in in safe mode hence the logs. FRST LOG Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014Ran by JTR (administrator) on JTR-PC on 24-10-2014 00:41:10Running from C:\Users\JTR\DesktopLoaded Profile: JTR (Available profiles: JTR)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Safe Mode (with Networking)Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [] => [X]HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-06] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-10] (TOSHIBA Corporation)HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-29] (TOSHIBA Corporation)HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-06] (TOSHIBA Corporation)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1815848 2009-07-21] (Synaptics Incorporated)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-08-04] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-05] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [596328 2009-08-07] (TOSHIBA Corporation)HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2000-01-01] (Realtek Semiconductor)HKLM\...\Run: [Telstra_McciTrayApp] => C:\Program Files\Telstra Broadband Assistant\1.0.1.10\ma\bin\pcTrayApp.exe [2835456 2014-07-30] (Telstra Corporation Ltd.)HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2009-07-10] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-03] (TOSHIBA Electronics, Inc.)HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-14] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [YSearchProtection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-04] (Yahoo! Inc)HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [236016 2009-07-08] (Sonic Solutions)HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5187088 2014-08-11] (AVG Technologies CZ, s.r.o.)HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe [761024 2013-12-13] ()HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-27] (Google Inc.)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [ccleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-27] (Piriform Ltd)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [search Protection] => C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe [111856 2009-02-04] (Yahoo! Inc)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-11-08] (Garmin Ltd or its subsidiaries)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [Driver Detective] => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe /applicationMode:systemTray /showWelcome:falseHKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21446272 2014-05-08] (Skype Technologies S.A.)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [Google Update] => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-03-28] (Google Inc.)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [fastclean] => "C:\Program Files (x86)\FastClean PRO\fastcleanpro.exe"HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-27] (Piriform Ltd)HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\Policies\Explorer: [NoThumbnailCache] 1HKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\MountPoints2: {05a642a9-6f02-11df-9607-70f1a12ba276} - E:\WIN\setup.exeHKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\MountPoints2: {2aa9efb1-9d3e-11e0-a6c6-70f1a12ba276} - F:\autorun.exeHKU\S-1-5-21-4096225383-1857649611-4187784336-1004\...\MountPoints2: {b4e14541-501b-11e0-aa9c-70f1a12ba276} - E:\setup_vmc_lite.exe /checkApplicationPresenceAppInit_DLLs-x32: c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll => "c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll" File Not FoundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 9.1 PE.lnkShortcutTarget: PHOTOfunSTUDIO 9.1 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)Startup: C:\Users\JTR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)ShellIconOverlayIdentifiers: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\windows\system32\mscoree.dll (Microsoft Corporation)ShellIconOverlayIdentifiers: [1AMPCBSyncing] -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} => No FileShellIconOverlayIdentifiers-x32: [1AMPCBOK] -> {04cd1f3e-81d5-4904-a3ab-e0f99a7d769d} => C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)ShellIconOverlayIdentifiers-x32: [1AMPCBSyncing] -> {4d87b7a7-23f1-470c-aa45-96b25b9bd138} => No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) StartMenuInternet: IEXPLORE.EXE - iexplore.exeSearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAUSearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAUSearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=146SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=146SearchScopes: HKCU - {0A5A7107-A666-4766-B710-11758ADFFBD0} URL = http://www.flickr.com/search/?q={searchTerms}SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60434SearchScopes: HKCU - {1F4DF0F4-6C8A-45E4-888B-96F8A11B5A07} URL = http://nz.news.search.yahoo.com/search/news?p={searchTerms}&fr=yessvSearchScopes: HKCU - {524BDF88-4EE0-4BC4-8852-44ACB3F77CF8} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYAU&apn_uid=3D89AF5D-4B0B-4654-9F02-6268CB236496&apn_sauid=211543CE-513C-45C6-8F0D-34EE46D55646SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSAU_enSearchScopes: HKCU - {9CB36A63-8BF0-4AF2-AA43-75D811F2C7F8} URL = http://nz.search.yahoo.com/search/video?p={searchTerms}&fr=yessvSearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = http://nz.search.yahoo.com/search?p={searchTerms}&fr=chr-tyc8SearchScopes: HKCU - {EF5AF3EC-C542-4290-B15B-FB1F2AA57E96} URL = http://nz.search.yahoo.com/search/images?p={searchTerms}&fr=yessvBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No FileDPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: HKLM-x32 {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dllDPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocxDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No FileHandler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin: @garmin.com/GpsControl -> C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll (CANON INC.)FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Telstra Broadband Assistant\1.0.1.10\ma\bin\npMotive.dll (Telstra Corporation Ltd.)FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Telstra Corporation Ltd.)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\JTR\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\JTR\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\JTR\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)FF Plugin ProgramFiles/Appdata: C:\Users\JTR\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-04-16]FF HKLM-x32\...\Firefox\Extensions: [siteranker@siteranker.com] - C:\Program Files (x86)\SiteRanker\firefoxFF HKLM-x32\...\Firefox\Extensions: [speedtestanalysis@SpeedAnalysis.com] - C:\Users\JTR\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.comFF HKLM-x32\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\JTR\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffersFF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF HKCU\...\Firefox\Extensions: [freegames4357@BestOffers] - C:\Users\JTR\AppData\Roaming\Mozilla\Extensions\freegames4357@BestOffers Chrome: =======CHR Profile: C:\Users\JTR\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Telstra Extension) - C:\Users\JTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec [2014-05-31]CHR Extension: (Skype Click to Call) - C:\Users\JTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-08-08]CHR Extension: (Google Wallet) - C:\Users\JTR\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]CHR HKLM-x32\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files (x86)\Common Files\Motive\extensions\MotiveRequest.crx [2014-05-31]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx [2014-07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1417160 2014-08-11] (AVG Technologies CZ, s.r.o.)S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3244048 2014-08-11] (AVG Technologies CZ, s.r.o.)S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-11] (AVG Technologies CZ, s.r.o.)S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)S2 cfWiMAXService; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs.exe [181616 2009-07-18] (TOSHIBA CORPORATION)S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-11-08] (Garmin Ltd or its subsidiaries)S2 gupdate1cae996bb638bf3; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2010-05-02] (Google Inc.)S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]S2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S2 MSSQL$SQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [369152 2013-10-23] (Alcatel-Lucent) [File not signed]S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460800 2013-10-23] (Alcatel-Lucent) [File not signed]S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S2 SlimService; C:\Program Files\SlimCleaner+\SlimServiceFactory.exe [232256 2013-10-30] (SlimWare Utilities, Inc.)S2 Telstra MAHostService; C:\Program Files (x86)\Telstra Broadband Assistant\1.0.1.10\ma\bin\MAHostService.exe [321024 2014-07-30] (Alcatel-Lucent) [File not signed]S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143072 2012-05-29] (TuneUp Software)S2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] () ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.)S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)R1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [46368 2013-10-03] (AVG Technologies)S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-23] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-03] (Printing Communications Assoc., Inc. (PCAUSA))S3 NPF; C:\Windows\System32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [118016 2010-07-27] (TCT International Mobile Ltd)S3 RimUsb; No ImagePathS3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)S3 RSUSBSTOR; No ImagePathS3 RtsUIR; No ImagePathS3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2014-08-30] ()S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-05-08] (TuneUp Software)S3 USBCCID; No ImagePathS3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 00:41 - 2014-10-24 00:41 - 00024875 _____ () C:\Users\JTR\Desktop\FRST.txt2014-10-24 00:41 - 2014-10-23 16:38 - 02112000 _____ (Farbar) C:\Users\JTR\Desktop\FRST64.exe2014-10-24 00:34 - 2014-10-24 00:35 - 00049893 _____ () C:\Users\JTR\Downloads\Addition.txt2014-10-24 00:32 - 2014-10-24 00:41 - 00000000 ____D () C:\FRST2014-10-24 00:32 - 2014-10-24 00:35 - 00029086 _____ () C:\Users\JTR\Downloads\FRST.txt2014-10-24 00:25 - 2014-10-24 00:25 - 00000793 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-10-24 00:24 - 2014-10-24 00:25 - 04965896 _____ (Piriform Ltd) C:\Users\JTR\Downloads\ccsetup418.exe2014-10-23 16:37 - 2014-10-23 16:38 - 02112000 _____ (Farbar) C:\Users\JTR\Downloads\FRST64.exe2014-10-23 16:28 - 2014-10-23 16:28 - 325253922 _____ () C:\Users\JTR\Desktop\dar.reg2014-10-23 16:27 - 2014-10-23 16:27 - 00002350 _____ () C:\Users\JTR\Desktop\restorefix.reg2014-10-23 16:25 - 2014-10-23 16:25 - 00000282 _____ () C:\Users\JTR\Desktop\restorefix.bat2014-10-23 16:04 - 2014-10-23 16:04 - 00000640 _____ () C:\windows\PFRO.log2014-10-23 15:01 - 2014-10-23 16:01 - 00000168 _____ () C:\windows\setupact.log2014-10-23 15:01 - 2014-10-23 15:01 - 00000000 _____ () C:\windows\setuperr.log ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-24 00:35 - 2009-07-14 16:13 - 00853802 _____ () C:\windows\system32\PerfStringBackup.INI2014-10-24 00:31 - 2014-04-30 09:37 - 01178738 _____ () C:\windows\WindowsUpdate.log2014-10-24 00:29 - 2012-03-09 16:48 - 00065536 _____ () C:\windows\system32\Ikeext.etl2014-10-24 00:25 - 2011-02-09 12:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner2014-10-24 00:25 - 2011-02-09 12:03 - 00000000 ____D () C:\Program Files\CCleaner2014-10-23 17:39 - 2010-04-26 19:14 - 00000000 ____D () C:\Users\JTR2014-10-23 15:21 - 2014-07-05 18:17 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-10-23 14:00 - 2014-04-30 13:01 - 00000000 ___SD () C:\windows\system32\CompatTel2014-10-23 14:00 - 2009-07-14 18:45 - 00000000 ____D () C:\Program Files\Windows Journal2014-10-23 14:00 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-10-23 14:00 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\system32\Dism2014-10-23 14:00 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\PolicyDefinitions2014-10-23 13:59 - 2014-02-03 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java2014-10-23 13:59 - 2013-03-18 22:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight2014-10-23 13:59 - 2013-03-13 12:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight2014-10-23 13:59 - 2010-04-27 09:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight2014-10-23 13:59 - 2009-07-14 14:20 - 00000000 ____D () C:\windows\servicing2014-10-23 13:59 - 2009-07-14 14:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared2014-10-23 13:57 - 2010-05-02 12:30 - 00000000 ____D () C:\Users\JTR\AppData\Roaming\Skype2014-10-23 13:56 - 2009-08-21 10:16 - 00000000 ____D () C:\Program Files (x86)\Java Some content of TEMP:====================C:\Users\JTR\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj7dpte.dllC:\Users\JTR\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-29 22:59 ==================== End Of Log ============================ ADDITION LOG Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014Ran by JTR at 2014-10-24 00:41:51Running from C:\Users\JTR\DesktopBoot Mode: Safe Mode (with Networking)========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAcrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 3.9.0.1210 - Adobe Systems Incorporated) HiddenAdobe AIR Free Download Packages (HKCU\...\Adobe AIR Free Download Packages) (Version: - ) <==== ATTENTIONAdobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player ActiveX Free Download Packages (HKCU\...\Adobe Flash Player ActiveX Free Download Packages) (Version: - ) <==== ATTENTIONAdobe Flash Player Plugin Free Download Packages (HKCU\...\Adobe Flash Player Plugin Free Download Packages) (Version: - ) <==== ATTENTIONAdobe Reader X (10.1.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{9C98CA38-4C1A-4AC8-B55C-169497C8826B}) (Version: 4.0.0.96 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4745 - AVG Technologies)AVG 2014 (Version: 14.0.4015 - AVG Technologies) HiddenAVG 2014 (Version: 14.0.4745 - AVG Technologies) HiddenAVG PC Tuneup (HKLM-x32\...\{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1) (Version: 10.0.0.27 - AVG)B110 (x32 Version: 140.0.283.000 - Hewlett-Packard) HiddenBCL easyConverter Desktop 3 (Word Version) (HKLM-x32\...\{8C5845B5-729F-40E3-A945-4454E67F65F4}) (Version: 3.0.18 - BCL Technologies)BigPond Broadband ADSL (HKLM-x32\...\{2A36014E-DF1D-4840-A209-3185B17BFC71}) (Version: 11.0 - BigPond)Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.02(T) - TOSHIBA CORPORATION)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenCanon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - ‪Canon Inc.‬)Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)Canon MG2200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG2200_series) (Version: 1.00 - Canon Inc.)Canon MG2200 series On-screen Manual (HKLM-x32\...\Canon MG2200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenDefraggler (HKLM\...\Defraggler) (Version: 2.09 - Piriform)Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) HiddenDeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenDirect DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) HiddenDocuments To Go Desktop for iOS (HKLM-x32\...\DTGDesktop) (Version: 4.0001.010 - DataViz, Inc.)DriverUpdate (HKLM-x32\...\{24EDC8CC-1E94-4D2B-9B1B-1D63DFF05F6D}) (Version: 2.2.36927 - SlimWare Utilities, Inc.)Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)DVD MovieFactory for TOSHIBA (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)DVD MovieFactory for TOSHIBA (x32 Version: 7.0.0 - Corel Corporation) HiddenElevated Installer (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) Hiddene-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office)Garmin City Navigator Australia And New Zealand NT 2013.10 Update (HKLM-x32\...\{D8077FA2-97A4-48C6-BDCA-C3E426B06FF9}) (Version: 13.10.0.0 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)Garmin Express (HKLM-x32\...\{6f60b921-2ae3-43fe-a6fb-ad849bd91451}) (Version: 2.3.16.0 - Garmin Ltd or its subsidiaries)Garmin Express (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) HiddenGarmin Express Tray (x32 Version: 2.3.16.0 - Garmin Ltd or its subsidiaries) HiddenGarmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 32.0.1700.107 - Google Inc.)Google Drive (HKLM-x32\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)Google Earth (HKLM-x32\...\{A2264E8F-1649-11E3-8BED-B8AC6F98CCE3}) (Version: 7.1.2.2019 - Google)Google Earth Free Download Packages (HKCU\...\Google Earth Free Download Packages) (Version: - ) <==== ATTENTIONGoogle Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenGPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddenHP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) HiddenHPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) HiddenHPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) HiddenHPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenHPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) HiddeniCloud (HKLM\...\{704C0303-D20C-45AF-BD2B-556EAF31BE09}) (Version: 2.1.2.8 - Apple Inc.)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1883 - Intel Corporation)Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.290 - Sun Microsystems, Inc.)Jump Flip (HKLM\...\Jump Flip) (Version: 2014.01.16.002256 - Jump Flip) <==== ATTENTIONJunk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLoiLoScope Download (HKLM-x32\...\{C2A254F4-AC74-482F-8F09-DB2843AC2AAE}_is1) (Version: 2.0 - LoiLo inc)LSI V92 MOH Application (HKLM\...\LTMOH) (Version: - LSI Corporation)LUMIX Map Tool (HKLM-x32\...\InstallShield_{7DCF5B1D-79C2-4F24-9746-511436EBC6B4}) (Version: 1.1.0 - Panasonic Corporation)LUMIX Map Tool (x32 Version: 1.1.0 - Panasonic Corporation) HiddenMalwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenMesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMessenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2003 Web Components (HKLM-x32\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)Microsoft Office Small Business 2007 (HKLM-x32\...\SMALLBUSINESSR) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Small Business Connectivity Components (HKLM-x32\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)Microsoft SQL Server 2005 (HKLM-x32\...\Microsoft SQL Server 2005) (Version: - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Native Client (HKLM\...\{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server Setup Support Files (English) (HKLM-x32\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft SQL Server VSS Writer (HKLM\...\{B636C9B9-A3F2-4DCE-ADCC-72E095018385}) (Version: 9.00.5000.00 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)MobileMe Control Panel (HKLM\...\{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}) (Version: 3.1.8.0 - Apple Inc.)Mobogenie (HKLM-x32\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTIONMSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTIONNETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)Network64 (Version: 140.0.215.000 - Hewlett-Packard) HiddenNetwork64 (Version: 140.0.221.000 - Hewlett-Packard) HiddenOptimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.2 - PC Utilities Software Limited) <==== ATTENTIONPHOTOfunSTUDIO 9.1 PE (HKLM-x32\...\{C13FE7DE-D34D-48CC-9FA3-8DB9A3621B98}) (Version: 9.01.709 - Panasonic Corporation)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) HiddenQuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) HiddenRealtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7183 - Realtek Semiconductor Corp.)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30101 - Realtek Semiconductor Corp.)Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)Recuva (HKLM\...\Recuva) (Version: 1.47 - Piriform)Roxio Media Manager (x32 Version: 9.4.067 - Roxio) HiddenScan (x32 Version: 140.0.80.000 - Hewlett-Packard) HiddenSearch-Gol Chrome Toolbar (HKLM-x32\...\Search-Gol Chrome Toolbar) (Version: - Search-Gol) <==== ATTENTIONSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype Download Packages (HKCU\...\Skype Download Packages) (Version: - ) <==== ATTENTIONSkype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)SlimCleaner+ (HKLM\...\{4CA4B2E7-3F49-4C15-9869-547FDB24C8E6}) (Version: 1.0.16057 - SlimWare Utilities, Inc.)SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) HiddenSolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) HiddenStatus (x32 Version: 140.0.256.000 - Hewlett-Packard) HiddenSynaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.1 - Synaptics Incorporated)Telstra Broadband Assistant (HKLM-x32\...\Telstra-Telstra Broadband Assistant) (Version: 1.0.1.10 - Telstra Corporation Ltd.)Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) HiddenTOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1E9E8BA6-FD0B-465D-AFA2-ECE10BF095F9}) (Version: 1.0.04.64 - TOSHIBA Corporation)TOSHIBA Bulletin Board (Version: 1.0.04.64 - Your Company Name) HiddenTOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.19 - TOSHIBA Corporation)TOSHIBA DVD PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 3.01.0.07-A - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.6.64 - TOSHIBA Corporation)TOSHIBA eco Utility (Version: 1.1.6.64 - TOSHIBA Corporation) HiddenTOSHIBA eco Utility (x32 Version: 1.1.6.64 - TOSHIBA Corporation) HiddenTOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: - )TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) HiddenTOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.0.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (Version: 3.1.0.64 - TOSHIBA Corporation) HiddenTOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.4C - TOSHIBA CORPORATION)TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.4C - TOSHIBA CORPORATION) HiddenTOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.11C - TOSHIBA CORPORATION)TOSHIBA Hardware Setup (x32 Version: 1.63.0.11C - TOSHIBA CORPORATION) HiddenTOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.0 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (Version: 3.1.64.0 - TOSHIBA Corporation) HiddenTOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.0 - TOSHIBA Corporation) HiddenTOSHIBA Internal Modem Region Select Utility (HKLM-x32\...\InstallShield_{89F7D66C-777D-473B-AA11-319C0F190EAC}) (Version: 2.3.0.0 - TOSHIBA Corporation)TOSHIBA Internal Modem Region Select Utility (Version: 2.3.0.01 - TOSHIBA Corporation) HiddenTOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.1 for x64 - TOSHIBA Corporation)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{C2DDF845-7107-40E8-8D2A-8719F1799570}) (Version: 1.0.04.64 - TOSHIBA Corporation)TOSHIBA ReelTime (Version: 1.0.04.64 - TOSHIBA Corporation) HiddenTOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.9.1.12 - TOSHIBA)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.33 - TOSHIBA)TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.2.97 - LSI Corporation)TOSHIBA Speech System Applications (HKLM-x32\...\{EE033C1F-443E-41EC-A0E2-559B539A4E4D}) (Version: 1.00.2518 - )TOSHIBA Speech System SR Engine(U.S.) Version1.0 (HKLM-x32\...\{008D69EB-70FF-46AB-9C75-924620DF191A}) (Version: - )TOSHIBA Speech System TTS Engine(U.S.) Version1.0 (HKLM-x32\...\{3FBF6F99-8EC6-41B4-8527-0A32241B5496}) (Version: - )TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)TOSHIBA Supervisor Password (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) HiddenTOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.25.64 - TOSHIBA Corporation)TOSHIBA Value Added Package (Version: 1.2.25.64 - TOSHIBA Corporation) HiddenTOSHIBA Value Added Package (x32 Version: 1.2.25.64 - TOSHIBA Corporation) HiddenTOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.4 - TOSHIBA Corporation)TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) HiddenTuneUp Utilities 2012 (x32 Version: 12.0.3600.104 - TuneUp Software) HiddenTuneUp Utilities Language Pack (en-US) (x32 Version: 12.0.3600.104 - TuneUp Software) HiddenUpdate for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTIONUtility Common Driver (x32 Version: 1.0.50.26C - TOSHIBA) HiddenVD64Inst (Version: 1.00.0000 - Roxio, Inc.) HiddenVisual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) HiddenWindows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)Windows Driver Package - NETGEAR Inc. (RTL8187) Net (12/01/2006 6.1258.1201.2006) (HKLM\...\5AF8BE22A56B38B1816F36BAC6A71F1277E45440) (Version: 12/01/2006 6.1258.1201.2006 - NETGEAR Inc.)Windows Driver Package - Thomson (USB_RNDIS) Net (02/15/2007 2.0.0.0) (HKLM\...\2CA3B8348CD526E9B8928840AC68738C5B5A4F8F) (Version: 02/15/2007 2.0.0.0 - Thomson)Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) HiddenWindows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) HiddenWindows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) HiddenWindows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) HiddenWindows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenWindows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)Yahoo! Install Manager (HKLM-x32\...\YInstHelper) (Version: - )Yahoo!Xtra Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No FileCustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\JTR\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)CustomCLSID: HKU\S-1-5-21-4096225383-1857649611-4187784336-1004_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\JTR\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 13:34 - 2009-06-11 08:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {027DD4B0-847A-4682-A924-D34AA665CF4F} - \ParetoLogic Registration3 No Task File <==== ATTENTIONTask: {079E34C5-35D1-40EA-84AA-9ACB995B3F3D} - System32\Tasks\SlimCleaner+ (Check for Updates - JTR) => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-30] (SlimWare Utilities, Inc.)Task: {0B6B55E0-D5A3-4363-BFFD-8F4147D8FA2F} - System32\Tasks\Primax Electronics online update program => C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exeTask: {0F81D1B7-8FA7-4662-9AC2-72B0894242FD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02] (Google Inc.)Task: {0FEAFE5B-6C19-4EB9-9352-BE09CFA9E1D8} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\TuneUp Utilities 2012\OneClick.exe [2012-05-29] (TuneUp Software)Task: {16E99ADD-B821-45A0-9BAC-391C9872F355} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-27] (Piriform Ltd)Task: {28709D3A-D8AA-4A9C-BA6B-E81F8299D1E4} - \ProgramRefresh-ATFST No Task File <==== ATTENTIONTask: {2CD3FBCB-7621-4244-90F9-47DE767A875C} - \ProgramUpdateCheck No Task File <==== ATTENTIONTask: {32DF6A55-D78C-4021-A599-76A8C1161BE1} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)Task: {3711A3A7-79D7-4BF3-A0B5-1C63BC264D77} - System32\Tasks\{31B21CFF-71D4-41C0-8D3B-F4AC187C4B9D} => C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exeTask: {3D64CBE5-489F-4FF2-B473-B61A231BDD4D} - System32\Tasks\LaunchApp => C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe <==== ATTENTIONTask: {3D7163D8-FD04-452F-87EC-42C873E1255B} - System32\Tasks\{8FE5F148-586E-400A-8476-40DD23469111} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)Task: {4BF58B21-6030-4224-9352-5814BCFFFDCB} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-07-14] (TOSHIBA CORPORATION)Task: {512EB5D1-002C-4F7A-AEAB-71DD6BA73732} - System32\Tasks\SlimCleaner+ (Scheduled Scan - JTR) => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-30] (SlimWare Utilities, Inc.)Task: {5CBB9682-EF9B-4149-A679-080159C3DA87} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {66814F25-0103-4668-994E-427FA5487EA6} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exeTask: {7F91B93E-21AD-4B91-93DD-492A989510BC} - System32\Tasks\HP online update program => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exeTask: {991B3505-D735-4180-871A-3329872133BD} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-22] (Adobe Systems Incorporated)Task: {9AE9DB52-E10D-4234-A5D7-D796B7767A21} - System32\Tasks\AVG\PC Tuneup\Integrator\Start On JTR Logon => C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe [2011-11-03] (AVG)Task: {A0B462CD-2576-4BF7-B54A-2114E60D6C9D} - System32\Tasks\Defraggler Volume C Task => C:\Program Files\Defraggler\df64.exe [2012-01-17] (Piriform Ltd)Task: {B5178E9F-4176-47B5-ADCE-12844CA788F6} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2014-03-19] (SlimWare Utilities, Inc.)Task: {B557AC1C-B301-466B-8EE8-A46318178854} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {BC044562-E213-4C57-953F-ADDD761C08E6} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)Task: {CE498654-D544-4860-82E4-73F5D88AD855} - System32\Tasks\{03F5EA17-BFF2-4028-8EA8-88C52738AEF6} => C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exeTask: {CEFAF4C3-8AFE-4A22-BDB6-6D95080C3511} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004Core => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)Task: {D3AB13C8-D037-4FFB-A9D3-441E5C0E9215} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-02] (Google Inc.)Task: {DCD46123-EC2A-48C9-B8A8-60D89EF4BBA9} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exeTask: {DF46F28C-3AA4-49C4-8860-5CA14276CE8C} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exeTask: {F1161AFF-14ED-40E6-8045-473891B7944E} - System32\Tasks\SlimCleaner+ (StartupTask - JTR) => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe [2013-10-30] (SlimWare Utilities, Inc.)Task: {F41F5F23-EAE3-48AB-85BE-A520D92D9FF3} - \Scheduled Update for Ask Toolbar No Task File <==== ATTENTIONTask: {F64F897B-FB5A-4B9B-B53C-751387A120FE} - \BonanzaDealsUpdate No Task File <==== ATTENTIONTask: {FC6D5E92-7B80-4AF8-A6C5-B9038AD23E68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004UA => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exe [2014-03-28] (Google Inc.)Task: {FFF49258-29DC-4604-A716-328CC4301F93} - System32\Tasks\ParetoLogic Registration => Rundll32.exe "C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dll" RunUnsTask: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\Defraggler Volume C Task.job => C:\Program Files\Defraggler\df64.exeTask: C:\windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004Core.job => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4096225383-1857649611-4187784336-1004UA.job => C:\Users\JTR\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\ParetoLogic Registration.job => C:\Program Files (x86)\Common Files\ParetoLogic\UUS2\UUS.dllTask: C:\windows\Tasks\SlimCleaner+ (Check for Updates - JTR).job => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exeTask: C:\windows\Tasks\SlimCleaner+ (Scheduled Scan - JTR).job => C:\Program Files\SlimCleaner+\SlimCleanerPlus.exe ==================== Loaded Modules (whitelisted) ============= 2013-09-20 09:37 - 2013-09-20 09:37 - 03889152 _____ () C:\Program Files (x86)\MyPC Backup\MPCBIconOverlays.dll2013-09-20 09:32 - 2013-09-20 09:32 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll2013-04-05 13:58 - 2013-04-05 13:58 - 00954696 _____ () C:\Program Files\Common Files\Apple\Internet Services\ShellStreams64.dll2014-02-04 18:10 - 2014-02-02 10:42 - 04055368 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll2014-02-04 18:10 - 2014-02-02 10:42 - 00399688 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll2014-02-04 18:10 - 2014-02-02 10:41 - 01634632 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\ProgramData\Temp:0B4227B4AlternateDataStreams: C:\ProgramData\Temp:373E1720AlternateDataStreams: C:\ProgramData\Temp:98181191AlternateDataStreams: C:\Users\JTR\Downloads\Marg Dixon's Farewell.eml:OECustomPropertyAlternateDataStreams: C:\Users\JTR\Downloads\noname (1).eml:OECustomPropertyAlternateDataStreams: C:\Users\JTR\Downloads\noname.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NaveriskAgent => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NaveriskServiceMonitor => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\startupreg: Microsoft Default Manager => "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeMSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"MSCONFIG\startupreg: Yahoo! Pager => "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet ========================= Accounts: ========================== Administrator (S-1-5-21-4096225383-1857649611-4187784336-500 - Administrator - Disabled)Guest (S-1-5-21-4096225383-1857649611-4187784336-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-4096225383-1857649611-4187784336-1006 - Limited - Enabled)JTR (S-1-5-21-4096225383-1857649611-4187784336-1004 - Administrator - Enabled) => C:\Users\JTR ==================== Faulty Device Manager Devices ============= Name: Photosmart B110 seriesDescription: Photosmart B110 seriesClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Security Processor Loader DriverDescription: Security Processor Loader DriverClass Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}Manufacturer: Service: spldrProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (10/23/2014 05:42:28 PM) (Source: WinMgmt) (EventID: 4) (User: )Description: 0x8004100aC:\PROGRAM FILES (X86)\MICROSOFT SQL SERVER\90\SHARED\SQLMGMPROVIDERXPSP2UP.MOF Error: (10/23/2014 02:20:49 PM) (Source: Wininit) (EventID: 1015) (User: )Description: A critical system process, C:\windows\system32\lsass.exe, failed with status code 255. The machine must now be restarted. Error: (10/23/2014 02:20:44 PM) (Source: Application Error) (EventID: 1005) (User: )Description: Windows cannot access the file C:\Windows\System32\lsasrv.dll for one of the following reasons:there is a problem with the network connection, the disk that the file is stored on, or the storagedrivers installed on this computer; or the disk is missing.Windows closed the program Local Security Authority Process because of this error. Program: Local Security Authority ProcessFile: C:\Windows\System32\lsasrv.dll The error value is listed in the Additional Data section.User Action1. Open the file again.This situation might be a temporary problem that corrects itself when the program runs again.2.If the file still cannot be accessed and- It is on the network,your network administrator should verify that there is not a problem with the network and that the server can be contacted.- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.4. If the problem persists, restore the file from a backup copy.5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor forfurther assistance. Additional DataError value: C0000185Disk type: 3 Error: (10/23/2014 02:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: lsass.exe, version: 6.1.7601.18443, time stamp: 0x5348920cFaulting module name: lsasrv.dll, version: 6.1.7601.18443, time stamp: 0x5348a24bException code: 0xc0000006Fault offset: 0x00000000000b0120Faulting process id: 0x1e4Faulting application start time: 0xlsass.exe0Faulting application path: lsass.exe1Faulting module path: lsass.exe2Report Id: lsass.exe3 Error: (08/30/2014 04:36:41 PM) (Source: ESENT) (EventID: 454) (User: )Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery/restore failed with unexpected error -1216. Error: (08/30/2014 04:36:41 PM) (Source: ESENT) (EventID: 494) (User: )Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\TEMP\AppData\Local\SlimWare Utilities Inc\SlimCleaner+\settings.db', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 454) (User: )Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery/restore failed with unexpected error -1216. Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 494) (User: )Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\TEMP\AppData\Local\SlimWare Utilities Inc\SlimCleaner+\settings.db', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 454) (User: )Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery/restore failed with unexpected error -1216. Error: (08/30/2014 04:36:40 PM) (Source: ESENT) (EventID: 494) (User: )Description: SlimService (5508) {86A89AE9-FFF7-415F-B973-AD40DA0E3B71}: Database recovery failed with error -1216 because it encountered references to a database, 'C:\Users\TEMP\AppData\Local\SlimWare Utilities Inc\SlimCleaner+\settings.db', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message. System errors:=============Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:41:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:38:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:38:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:38:34 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (10/24/2014 00:37:20 AM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (05/15/2014 10:13:52 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6691.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 130 seconds with 120 seconds of active time. This session ended with a crash. Error: (01/13/2014 08:37:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 34 seconds with 0 seconds of active time. This session ended with a crash. Error: (02/20/2011 03:14:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHzPercentage of memory in use: 22%Total physical RAM: 3932.88 MBAvailable physical RAM: 3033.48 MBTotal Pagefile: 7863.93 MBAvailable Pagefile: 7002.4 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (S3A8050D003) (Fixed) (Total:453.99 GB) (Free:370.59 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 8397E41A)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=454 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=10.3 GB) - (Type=17) ==================== End Of Log ============================

I'm confused as what if anything is FREE (as it is suggested scan and removals still are) and what costs $24.95 a year. To me it wasn't clear.

I haven't heard from my Aunt so I guess everything is OK.

I'll leave it with the Aunt for a while and she will let me know. If there is I'll be back. Thank you, much appreciated.

deleted this one C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb and the other couldn't be found after deleting that one. Opened chrome and it appears to be gone used systemlook to find the folders again and it found nothing

SystemLook 30.07.11 by jpshortstuff Log created at 14:28 on 20/02/2014 by Art Administrator - Elevation successful ========== regfind ========== Searching for "hkplcpjdkjhdlbpaocppfjjpfmgpcmfb" No data found. ========== folderfind ========== Searching for "hkplcpjdkjhdlbpaocppfjjpfmgpcmfb" C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb d------ [17:13 05/01/2014] C:\Users\All Users\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb d------ [17:13 05/01/2014] -= EOF =-

Think I know what happened, Avira picked it up Begin scan in 'C:\ProgramData\saveron\EGE.dll' C:\ProgramData\saveron\EGE.dll [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen Beginning disinfection: C:\ProgramData\saveron\EGE.dll [DETECTION] Contains virus patterns of Adware ADWARE/Adware.Gen [NOTE] The file was moved to the quarantine directory under the name '5bff98e2.qua'!

No policies set. I even looked at policies with no value set. It was not found.

you may be typing now but it does seem to stay permanently disabled if I only disable it and restart chrome same after a reboot

Saveron extension is in chrome still I can now remove it via chrome extension settings I restart chrome and it is back again. Otherwise it seems good.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 18-02-2014 Ran by Art at 2014-02-20 13:20:01 Run:1 Running from C:\Users\Art\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User: Group Policy restriction detected <======= ATTENTION SearchScopes: HKLM - DefaultScope value is missing. BHO: saveron - {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - C:\ProgramData\saveron\EGE.x64.dll No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File CHR Plugin: (Google Update) - C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Extension: (HtmmlCHEcckeer) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj [2014-02-03] CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION AlternateDataStreams: C:\ProgramData\TEMP:373E1720 Task: {A41B1331-DC0C-4FE4-9E05-E930025B0D9D} - \EPUpdater No Task File Task: {DD910BBB-5371-40A9-BC84-21E50F862758} - \Desk 365 RunAsStdUser No Task File Task: {8A608056-CE9E-4F89-A3BD-A30C7805F516} - \LaunchApp No Task File C:\Users\Art\AppData\Local\Temp\avgnt.exe C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll C:\Users\Art\AppData\Local\Temp\Quarantine.exe ***************** C:\Windows\system32\GroupPolicy\Machine => Moved successfully. C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully. C:\Windows\system32\GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User => Moved successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} => Key deleted successfully. HKCR\CLSID\{FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} => Key deleted successfully. C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll not found. C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll not found. C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll not found. C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll not found. C:\Windows\system32\Adobe\Director\np32dsw.dll not found. C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj => Moved successfully. CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06] directory not found. HKLM\SOFTWARE\Policies\Google => Key deleted successfully. C:\ProgramData\TEMP => ":373E1720" ADS removed successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A41B1331-DC0C-4FE4-9E05-E930025B0D9D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A41B1331-DC0C-4FE4-9E05-E930025B0D9D} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD910BBB-5371-40A9-BC84-21E50F862758} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD910BBB-5371-40A9-BC84-21E50F862758} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A608056-CE9E-4F89-A3BD-A30C7805F516} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A608056-CE9E-4F89-A3BD-A30C7805F516} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully. C:\Users\Art\AppData\Local\Temp\avgnt.exe => Moved successfully. C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll => Moved successfully. C:\Users\Art\AppData\Local\Temp\Quarantine.exe => Moved successfully. The system needs a manual reboot. ==== End of Fixlog ==== rebooting as requested I'll BRB

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2014 Ran by Art (administrator) on ART-PC on 20-02-2014 12:57:58 Running from C:\Users\Art\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe (McAfee, Inc.) C:\Windows\system32\mfevtps.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {1923fcd8-a791-11e0-b73e-0026187a78b8} - G:\autorun.exe HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {26d83590-ee07-11e0-a902-0026187a78b8} - F:\LaunchU3.exe -a HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {26d83598-ee07-11e0-a902-0026187a78b8} - L:\LaunchU3.exe -a HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {93758645-8cc3-11e2-9fee-db3f57872e66} - F:\LaunchU3.exe HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {f053505b-cbd5-11e2-9eab-de6be4af673f} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe HKU\S-1-5-21-3037837604-4240180166-2112078839-1000\...\MountPoints2: {f1c093e6-06a0-11e2-a8c6-806e6f6e6963} - F:\Autorun.exe GroupPolicy: Group Policy on Chrome detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3037837604-4240180166-2112078839-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU SearchScopes: HKLM - DefaultScope value is missing. BHO: SmiArtCOmpare - {398C9C18-BC8C-0898-D9E0-970DF3155E3F} - C:\ProgramData\SmiArtCOmpare\ha74UgOfpY.x64.dll No File BHO: SAVerPProo - {3BA54BE3-E60C-331A-8B9E-EDE4B47C7DA5} - C:\ProgramData\SAVerPProo\YnoWnaC.x64.dll No File BHO: HtmmlCHEcckeer - {EFF36C2F-FE0E-65F5-D760-506F3370A3DD} - C:\ProgramData\HtmmlCHEcckeer\JvuqhlI.x64.dll No File BHO: saveron - {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - C:\ProgramData\saveron\EGE.x64.dll No File BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll () FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) Chrome: ======= CHR DefaultSearchKeyword: google.com.au CHR Plugin: (Shockwave Flash) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Art\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.) CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\Art\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Extension: (HtmmlCHEcckeer) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\angijblkobfiimfjbllaaalefeapmplj [2014-02-03] CHR Extension: (Google Docs) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29] CHR Extension: (Google Drive) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29] CHR Extension: (YouTube) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29] CHR Extension: (Adblock Plus) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-20] CHR Extension: (Google Search) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29] CHR Extension: (FromDocToPDF) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhjmlmdpcpiojiffodbldlkgcnaeogp [2013-11-12] CHR Extension: (Google Wallet) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25] CHR Extension: (Gmail) - C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29] CHR Extension: (saveron) - C:\ProgramData\hkplcpjdkjhdlbpaocppfjjpfmgpcmfb [2014-01-06] CHR HKLM\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12] CHR HKCU\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12] CHR HKLM-x32\...\Chrome\Extension: [dchmpbaclbiioedakpcldenooikekokm] - C:\Users\Art\AppData\Local\foxtab_speeddial.crx [2013-11-12] CHR StartMenuInternet: Google Chrome - C:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exe CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-07-12] (SUPERAntiSpyware.com) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-26] (Avira Operations GmbH & Co. KG) S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-03-06] (Research In Motion Limited) R2 mfevtp; C:\Windows\system32\mfevtps.exe [149032 2010-07-08] (McAfee, Inc.) R2 RIM MDNS; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exe [389632 2013-06-04] (Apple Inc.) R2 RIM Tunnel Service; C:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exe [1263616 2013-06-04] (Research In Motion Limited) S2 vToolbarUpdater15.1.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [X] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [40736 2013-05-08] (AVG Technologies) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-19] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-26] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-06] (DT Soft Ltd) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121248 2010-07-08] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [529000 2010-07-08] (McAfee, Inc.) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-04-08] (Research In Motion Limited) R3 rimvndis; C:\Windows\System32\Drivers\rimvndis6_AMD64.sys [17920 2013-06-04] (Research in Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-20 12:57 - 2014-02-20 12:58 - 00014138 _____ () C:\Users\Art\Desktop\FRST.txt 2014-02-20 12:57 - 2014-02-20 12:57 - 00000000 ____D () C:\FRST 2014-02-20 12:56 - 2014-02-20 12:57 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64(2).exe 2014-02-20 12:48 - 2014-02-20 12:48 - 01241834 _____ () C:\Users\Art\Desktop\AdwCleaner(1).exe 2014-02-20 12:24 - 2014-02-20 12:25 - 02153472 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe 2014-02-20 11:49 - 2014-02-20 11:49 - 00001780 _____ () C:\Users\Art\Desktop\RKreport[0]_S_02202014_114939.txt 2014-02-20 11:47 - 2014-02-20 12:42 - 00000000 ____D () C:\Users\Art\Desktop\RK_Quarantine 2014-02-20 11:47 - 2014-02-20 11:48 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe 2014-02-20 11:14 - 2014-02-20 11:15 - 04413952 _____ () C:\Users\Art\Desktop\RogueKillerX64 (1).exe 2014-02-20 11:13 - 2014-02-20 11:13 - 04413952 _____ () C:\Users\Art\Downloads\RogueKillerX64.exe 2014-02-20 11:12 - 2014-02-20 11:13 - 03817984 _____ () C:\Users\Art\Downloads\RogueKiller.exe 2014-02-19 11:11 - 2014-02-19 09:04 - 00504352 _____ () C:\Users\Art\Downloads\Backup_of_Ryan Bywater - handyman.cdr 2014-02-19 09:04 - 2014-02-19 11:11 - 01449057 _____ () C:\Users\Art\Downloads\Ryan Bywater - handyman.cdr 2014-02-18 16:57 - 2014-02-18 16:57 - 00014217 _____ () C:\Users\Art\Downloads\GOOLOOGONG TRAIL RIDERS.DST 2014-02-17 12:19 - 2014-02-17 12:19 - 00000000 ____D () C:\Windows\pss 2014-02-17 12:02 - 2014-02-17 12:05 - 00000632 __RSH () C:\Users\Art\ntuser.pol 2014-02-17 11:31 - 2014-02-20 12:51 - 00000000 ____D () C:\AdwCleaner 2014-02-17 11:31 - 2014-02-17 11:31 - 01166132 _____ () C:\Users\Art\Downloads\AdwCleaner.exe 2014-02-17 10:30 - 2014-02-17 11:22 - 00000000 ____D () C:\JRT 2014-02-17 10:03 - 2014-02-17 10:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-17 09:54 - 2014-02-17 09:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Art\Downloads\mbar-1.07.0.1009.exe 2014-02-17 09:49 - 2014-02-20 12:27 - 00000000 ____D () C:\Users\Art\Desktop\Darren Computer Doctor 2014-02-17 09:44 - 2014-02-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 09:48 - 2014-02-17 09:37 - 00000000 ____D () C:\ProgramData\SAVerPProo 2014-02-14 09:48 - 2014-02-14 09:48 - 00000000 ____D () C:\Users\Art\AppData\Local\Packages 2014-02-13 03:01 - 2013-12-21 20:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-02-13 03:01 - 2013-12-21 19:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-02-13 03:00 - 2014-02-06 23:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-13 03:00 - 2014-02-06 22:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-13 03:00 - 2014-02-06 22:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-13 03:00 - 2014-02-06 22:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-13 03:00 - 2014-02-06 22:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-13 03:00 - 2014-02-06 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-13 03:00 - 2014-02-06 21:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-13 03:00 - 2014-02-06 21:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-13 03:00 - 2014-02-06 21:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-13 03:00 - 2014-02-06 21:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-13 03:00 - 2014-02-06 21:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-13 03:00 - 2014-02-06 21:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-13 03:00 - 2014-02-06 21:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-13 03:00 - 2014-02-06 21:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-13 03:00 - 2014-02-06 21:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-13 03:00 - 2014-02-06 21:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-13 03:00 - 2014-02-06 21:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-13 03:00 - 2014-02-06 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-13 03:00 - 2014-02-06 21:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-13 03:00 - 2014-02-06 20:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-13 03:00 - 2014-02-06 20:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-13 03:00 - 2014-02-06 20:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-13 03:00 - 2014-02-06 20:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-13 03:00 - 2014-02-06 20:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-13 03:00 - 2014-02-06 20:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-13 03:00 - 2014-02-06 20:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-13 03:00 - 2014-02-06 20:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-13 03:00 - 2014-02-06 20:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-13 03:00 - 2014-02-06 20:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-13 03:00 - 2014-02-06 20:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-13 03:00 - 2014-02-06 20:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-13 03:00 - 2014-02-06 20:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-13 03:00 - 2014-02-06 20:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-13 03:00 - 2014-02-06 20:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-13 03:00 - 2014-02-06 19:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-13 03:00 - 2014-02-06 19:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-13 03:00 - 2014-02-06 19:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-13 03:00 - 2014-02-06 19:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-13 03:00 - 2014-02-06 19:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-12 17:48 - 2014-01-01 10:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-02-12 17:48 - 2014-01-01 10:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-02-12 17:48 - 2013-12-06 13:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-02-12 17:48 - 2013-12-06 13:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-02-12 17:48 - 2013-12-06 13:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-02-12 17:48 - 2013-12-06 13:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-02-12 17:45 - 2013-12-04 13:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-02-12 17:45 - 2013-12-04 13:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-02-12 17:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-02-12 17:45 - 2013-12-04 13:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-02-12 17:45 - 2013-12-04 13:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-02-12 17:45 - 2013-12-04 13:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-02-12 17:45 - 2013-12-04 13:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-02-12 17:45 - 2013-12-04 13:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-02-12 17:45 - 2013-12-04 13:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-02-12 17:45 - 2013-12-04 13:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-02-12 17:45 - 2013-12-04 13:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-02-12 17:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-02-12 17:45 - 2013-12-04 13:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-02-12 17:45 - 2013-12-04 13:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-02-12 17:45 - 2013-12-04 12:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-02-12 17:45 - 2013-12-04 12:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-02-12 17:45 - 2013-12-04 12:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-02-12 17:45 - 2013-12-04 12:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-02-12 17:36 - 2013-12-25 10:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-02-12 17:36 - 2013-12-25 09:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-02-12 17:36 - 2013-11-26 19:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-02-12 17:36 - 2013-11-23 09:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-02-07 15:56 - 2014-02-07 15:56 - 00235187 _____ () C:\Users\Art\Downloads\balletschoollogo.zip 2014-02-06 10:35 - 2014-02-06 10:59 - 00000000 ____D () C:\Users\Art\Desktop\kristen ph 2014 2014-02-03 14:17 - 2014-02-03 14:17 - 12584780 _____ () C:\Users\Art\Desktop\SHANNON'S LOGO.cdr 2014-02-03 13:32 - 2014-02-17 09:37 - 00000000 ____D () C:\ProgramData\HtmmlCHEcckeer 2014-02-03 13:32 - 2014-02-03 13:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-02-03 13:32 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj ==================== One Month Modified Files and Folders ======= 2014-02-20 12:58 - 2014-02-20 12:57 - 00014138 _____ () C:\Users\Art\Desktop\FRST.txt 2014-02-20 12:57 - 2014-02-20 12:57 - 00000000 ____D () C:\FRST 2014-02-20 12:57 - 2014-02-20 12:56 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64(2).exe 2014-02-20 12:57 - 2011-07-06 15:31 - 01581956 _____ () C:\Windows\WindowsUpdate.log 2014-02-20 12:54 - 2013-06-13 16:01 - 00001433 _____ () C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk 2014-02-20 12:53 - 2011-07-06 18:07 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job 2014-02-20 12:52 - 2013-06-29 13:32 - 00026680 _____ () C:\Windows\setupact.log 2014-02-20 12:52 - 2011-07-06 15:59 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-02-20 12:52 - 2009-07-14 16:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-02-20 12:51 - 2014-02-17 11:31 - 00000000 ____D () C:\AdwCleaner 2014-02-20 12:51 - 2009-07-14 15:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-02-20 12:51 - 2009-07-14 15:45 - 00021888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-02-20 12:48 - 2014-02-20 12:48 - 01241834 _____ () C:\Users\Art\Desktop\AdwCleaner(1).exe 2014-02-20 12:42 - 2014-02-20 11:47 - 00000000 ____D () C:\Users\Art\Desktop\RK_Quarantine 2014-02-20 12:27 - 2014-02-17 09:49 - 00000000 ____D () C:\Users\Art\Desktop\Darren Computer Doctor 2014-02-20 12:25 - 2014-02-20 12:24 - 02153472 _____ (Farbar) C:\Users\Art\Desktop\FRST64.exe 2014-02-20 12:15 - 2011-07-06 18:02 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037837604-4240180166-2112078839-1000UA.job 2014-02-20 12:04 - 2012-09-11 20:09 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-02-20 11:49 - 2014-02-20 11:49 - 00001780 _____ () C:\Users\Art\Desktop\RKreport[0]_S_02202014_114939.txt 2014-02-20 11:48 - 2014-02-20 11:47 - 02153472 _____ (Farbar) C:\Users\Art\Downloads\FRST64.exe 2014-02-20 11:37 - 2013-06-29 16:11 - 00128322 _____ () C:\Windows\PFRO.log 2014-02-20 11:15 - 2014-02-20 11:14 - 04413952 _____ () C:\Users\Art\Desktop\RogueKillerX64 (1).exe 2014-02-20 11:13 - 2014-02-20 11:13 - 04413952 _____ () C:\Users\Art\Downloads\RogueKillerX64.exe 2014-02-20 11:13 - 2014-02-20 11:12 - 03817984 _____ () C:\Users\Art\Downloads\RogueKiller.exe 2014-02-20 08:15 - 2011-07-06 18:01 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3037837604-4240180166-2112078839-1000Core.job 2014-02-19 11:11 - 2014-02-19 09:04 - 01449057 _____ () C:\Users\Art\Downloads\Ryan Bywater - handyman.cdr 2014-02-19 09:04 - 2014-02-19 11:11 - 00504352 _____ () C:\Users\Art\Downloads\Backup_of_Ryan Bywater - handyman.cdr 2014-02-18 16:57 - 2014-02-18 16:57 - 00014217 _____ () C:\Users\Art\Downloads\GOOLOOGONG TRAIL RIDERS.DST 2014-02-17 12:19 - 2014-02-17 12:19 - 00000000 ____D () C:\Windows\pss 2014-02-17 12:19 - 2011-07-06 15:53 - 00000000 ___RD () C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-02-17 12:12 - 2011-07-06 18:10 - 00000000 ____D () C:\Users\Art\AppData\Roaming\Dropbox 2014-02-17 12:11 - 2011-06-11 22:02 - 00000000 ___RD () C:\Users\Art\Dropbox 2014-02-17 12:05 - 2014-02-17 12:02 - 00000632 __RSH () C:\Users\Art\ntuser.pol 2014-02-17 12:05 - 2011-07-06 15:52 - 00000000 ____D () C:\Users\Art 2014-02-17 11:31 - 2014-02-17 11:31 - 01166132 _____ () C:\Users\Art\Downloads\AdwCleaner.exe 2014-02-17 11:22 - 2014-02-17 10:30 - 00000000 ____D () C:\JRT 2014-02-17 11:21 - 2013-06-29 20:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-02-17 10:03 - 2014-02-17 10:03 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-02-17 10:00 - 2012-05-03 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-02-17 09:54 - 2014-02-17 09:54 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Art\Downloads\mbar-1.07.0.1009.exe 2014-02-17 09:52 - 2013-06-29 20:15 - 00000000 ____D () C:\Windows\ERDNT 2014-02-17 09:44 - 2014-02-17 09:44 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-17 09:37 - 2014-02-14 09:48 - 00000000 ____D () C:\ProgramData\SAVerPProo 2014-02-17 09:37 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\HtmmlCHEcckeer 2014-02-17 09:37 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\SmiArtCOmpare 2014-02-17 09:37 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\saveron 2014-02-17 09:15 - 2009-07-14 16:13 - 00783374 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-02-17 09:12 - 2013-06-29 16:24 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-02-14 09:48 - 2014-02-14 09:48 - 00000000 ____D () C:\Users\Art\AppData\Local\Packages 2014-02-14 09:48 - 2014-01-06 04:13 - 00000000 ____D () C:\ProgramData\f77b50b554af04de 2014-02-14 09:18 - 2013-12-20 00:18 - 00000127 _____ () C:\Users\Art\AppData\Roaming\WB.CFG 2014-02-13 04:22 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\rescache 2014-02-13 03:14 - 2011-07-06 18:29 - 00768842 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-07 15:56 - 2014-02-07 15:56 - 00235187 _____ () C:\Users\Art\Downloads\balletschoollogo.zip 2014-02-06 23:16 - 2014-02-13 03:00 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-02-06 22:30 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-02-06 22:30 - 2014-02-13 03:00 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-02-06 22:12 - 2014-02-13 03:00 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-02-06 22:07 - 2014-02-13 03:00 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-02-06 22:06 - 2014-02-13 03:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-02-06 21:57 - 2014-02-13 03:00 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-02-06 21:56 - 2014-02-13 03:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-02-06 21:52 - 2014-02-13 03:00 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-02-06 21:49 - 2014-02-13 03:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-02-06 21:48 - 2014-02-13 03:00 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-02-06 21:48 - 2014-02-13 03:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-02-06 21:38 - 2014-02-13 03:00 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-02-06 21:32 - 2014-02-13 03:00 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-02-06 21:20 - 2014-02-13 03:00 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-02-06 21:17 - 2014-02-13 03:00 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-02-06 21:11 - 2014-02-13 03:00 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-02-06 21:01 - 2014-02-13 03:00 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-02-06 21:00 - 2014-02-13 03:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-02-06 20:57 - 2014-02-13 03:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-02-06 20:57 - 2014-02-13 03:00 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-02-06 20:52 - 2014-02-13 03:00 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-02-06 20:52 - 2014-02-13 03:00 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-02-06 20:50 - 2014-02-13 03:00 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-02-06 20:49 - 2014-02-13 03:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-02-06 20:47 - 2014-02-13 03:00 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-02-06 20:46 - 2014-02-13 03:00 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-02-06 20:25 - 2014-02-13 03:00 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-02-06 20:25 - 2014-02-13 03:00 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-02-06 20:24 - 2014-02-13 03:00 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-02-06 20:22 - 2014-02-13 03:00 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-02-06 20:13 - 2014-02-13 03:00 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-02-06 20:09 - 2014-02-13 03:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-02-06 20:03 - 2014-02-13 03:00 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-02-06 19:55 - 2014-02-13 03:00 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-02-06 19:41 - 2014-02-13 03:00 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-02-06 19:40 - 2014-02-13 03:00 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-02-06 19:36 - 2014-02-13 03:00 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-02-06 19:34 - 2014-02-13 03:00 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-06 10:59 - 2014-02-06 10:35 - 00000000 ____D () C:\Users\Art\Desktop\kristen ph 2014 2014-02-05 13:04 - 2012-09-11 20:09 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-02-05 13:04 - 2012-09-11 20:09 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-02-05 13:04 - 2011-07-06 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-03 14:17 - 2014-02-03 14:17 - 12584780 _____ () C:\Users\Art\Desktop\SHANNON'S LOGO.cdr 2014-02-03 13:32 - 2014-02-03 13:32 - 00000258 __RSH () C:\ProgramData\ntuser.pol 2014-02-03 13:32 - 2014-02-03 13:32 - 00000000 ____D () C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj 2014-02-03 13:32 - 2009-07-14 14:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-02-03 13:32 - 2009-07-14 14:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-01-28 09:26 - 2013-11-28 08:26 - 00000000 ____D () C:\Users\Art\Desktop\assorted files 2014-01-28 09:26 - 2012-01-06 13:00 - 00000000 ____D () C:\Users\Art\Desktop\2012-01-06 kristens camera 2014-01-28 09:25 - 2013-08-12 15:11 - 00000000 ____D () C:\Users\Art\Desktop\wilcox fliers Some content of TEMP: ==================== C:\Users\Art\AppData\Local\Temp\avgnt.exe C:\Users\Art\AppData\Local\Temp\ntdll_dump.dll C:\Users\Art\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-18 09:21 ==================== End Of Log ============================ addition.txt attached Addition.txt

# AdwCleaner v3.019 - Report created 20/02/2014 at 12:51:38 # Updated 17/02/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Art - ART-PC # Running from : C:\Users\Art\Desktop\AdwCleaner(1).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Pro Folder Deleted : C:\Program Files (x86)\Driver Pro Folder Deleted : C:\Program Files (x86)\FoxTab Folder Deleted : C:\Users\Art\AppData\Roaming\Driver Pro Folder Deleted : C:\Users\Art\AppData\Roaming\FoxTab Folder Deleted : C:\Users\Art\AppData\Roaming\pluswinks File Deleted : C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\Extensions\speedanalysis02@SpeedAnalysis.com.xpi ***** [ Shortcuts ] ***** Shortcut Disinfected : C:\Users\Art\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mmiopbgcekanlhpjkonogoljpfmhpkhf Key Deleted : HKLM\SOFTWARE\Classes\*\shell\filescout Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askchecker_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{65F1815B-26A0-4AA8-A973-1598F6D646F6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AFB130D4-7DD2-41EB-A9AD-4C90414657F4} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DB507187-9746-458C-97DA-C458131EEDE7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC} Key Deleted : HKCU\Software\Driver Pro [x] Not Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\tuguu sl Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} [x] Not Deleted : HKLM\Software\InstallCore Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Driver Pro_is1 [x] Not Deleted : [x64] HKCU\Software\InstallCore ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Art\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [6210 octets] - [17/02/2014 11:32:00] AdwCleaner[R1].txt - [4252 octets] - [20/02/2014 12:48:55] AdwCleaner[s0].txt - [6127 octets] - [17/02/2014 11:35:06] AdwCleaner[s1].txt - [3740 octets] - [20/02/2014 12:51:38] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [3800 octets] ##########

She uses Chrome & yet to see things replicated in Firefox. Definitely extensions/addons can't get rid of in Chrome e.g. Saveron, htmmlCHEcckeer RogueKiller V8.8.8 _x64_ [Feb 19 2014] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Art [Admin rights] Mode : Scan -- Date : 02/20/2014 12:29:43 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 0 ¤¤¤ ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ SCSI) Hitachi HDT721032SLA SCSI Disk Device +++++ --- User --- [MBR] ea1c020db9750956af345cdfe8ce9d40 [bSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 294833 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 603819090 | Size: 10409 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x1] Incorrect function. ) +++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) TOSHIBA MK3252GSX USB Device +++++ --- User --- [MBR] f47c40799e7b3a318fe50e4bf03f04d6 [bSP] 9e38cd1b459863a78110369a3424f516 : Windows XP MBR Code Partition table: 0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 63 | Size: 305242 Mo User = LL1 ... OK! Error reading LL2 MBR! ([0x32] The request is not supported. ) Finished : << RKreport[0]_S_02202014_122943.txt >> RKreport[0]_S_02202014_114939.txt

Using my Aunt's computer she tells me when she clicks a link from email that it redirects to an advertisement. When she closes that and clicks again it takes her to where the link should go. I have seen this replicated. I am told that this happens with some website links too but I have not seen it replicated. I have ran MBAM which finds nothing. The browsers do seem to have a few add-ons I cannot remove. I am hoping you can help with this as soon as possible. DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16518 BrowserJavaVersion: 1.6.0_26Run by Art at 11:23:31 on 2014-02-20Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4094.2406 [GMT 11:00].AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\SUPERAntiSpyware\SASCORE64.EXEC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exeC:\Windows\system32\mfevtps.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Windows\System32\svchost.exe -k HPZ12c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exeC:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\mDNSResponder.exeC:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exeC:\Program Files (x86)\Common Files\Research In Motion\Tunnel Manager\tunmgr.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exeC:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Windows\system32\wuauclt.exeC:\Windows\splwow64.exeC:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X5\Programs\CorelDRW.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Art\AppData\Local\Google\Chrome\Application\chrome.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uSearch Bar = PreservemWinlogon: Userinit = userinit.exe,BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllmRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0mPolicies-System: PromptOnSecureDesktop = dword:0IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}TCP: NameServer = 192.168.0.1TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98} : DHCPNameServer = 192.168.0.1TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98}\24967605F6E646730314733354 : DHCPNameServer = 10.0.0.138TCP: Interfaces\{52F2FB98-8872-4EF1-95C3-33EBCBF77F98}\4617033377966696F57607 : DHCPNameServer = 192.168.2.1TCP: Interfaces\{AA744B14-17C3-4908-8B0F-70FA782E1D2F} : DHCPNameServer = 192.168.0.1SSODL: WebCheck - <orphaned>x64-BHO: SmiArtCOmpare: {398C9C18-BC8C-0898-D9E0-970DF3155E3F} - x64-BHO: SAVerPProo: {3BA54BE3-E60C-331A-8B9E-EDE4B47C7DA5} - x64-BHO: HtmmlCHEcckeer: {EFF36C2F-FE0E-65F5-D760-506F3370A3DD} - x64-BHO: saveron: {FBCAE03C-9230-8ABA-AB8B-335B2FDE7C0F} - x64-SSODL: WebCheck - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllFF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Users\Art\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dllFF - ExtSQL: 2014-02-05 15:42; zvb-wqbdfp@ai-opqpr.net; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\zvb-wqbdfp@ai-opqpr.netFF - ExtSQL: 2014-02-05 15:42; yyuixx.yiea@dmfbjbqi.org; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\yyuixx.yiea@dmfbjbqi.orgFF - ExtSQL: 2014-02-05 15:42; ydzoeiue@rhdp.edu; C:\Users\Art\AppData\Roaming\Mozilla\Firefox\Profiles\fadztibp.default\extensions\ydzoeiue@rhdp.edu.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2010-7-8 529000]R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-5-8 40736]R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-6-29 28600]R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-7-6 254528]R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-23 14928]R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-12 140672]R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-6-29 440376]R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-6-29 440376]R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-6-29 108440]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2013-6-21 149032]R2 RIM MDNS;RIM MDNS;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\mDNSResponder.exe [2013-6-4 389632]R2 RIM Tunnel Service;BlackBerry Link Communication Manager;C:\Program Files (x86)\Common Files\Research in Motion\Tunnel Manager\tunmgr.exe [2013-6-4 1263616]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-7-6 2337144]R3 BlackBerry Device Manager;BlackBerry Device Manager;C:\Program Files (x86)\Common Files\Research in Motion\USB Drivers\BbDevMgr.exe [2013-3-6 585728]R3 rimvndis;BlackBerry Virtual Private Network;C:\Windows\System32\drivers\rimvndis6_AMD64.sys [2013-6-4 17920]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 vToolbarUpdater15.1.0;vToolbarUpdater15.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.1.0\ToolbarUpdater.exe [?]S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-10-28 107288]S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-7 1038088]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]S3 usbrndis6;USB RNDIS6 Adapter;C:\Windows\System32\drivers\usb80236.sys [2013-3-26 19968]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-6 1255736].=============== Created Last 30 ================.2014-02-17 01:19:14 -------- d-----w- C:\Windows\pss2014-02-17 00:31:58 -------- d-----w- C:\AdwCleaner2014-02-16 23:30:41 -------- d-----w- C:\JRT2014-02-16 23:03:29 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-02-13 22:48:33 -------- d-----w- C:\Users\Art\AppData\Local\Packages2014-02-13 22:48:26 -------- d-----w- C:\ProgramData\SAVerPProo2014-02-12 16:01:49 548864 ----a-w- C:\Windows\System32\vbscript.dll2014-02-12 16:01:49 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll2014-02-12 06:48:16 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll2014-02-12 06:48:16 2048 ----a-w- C:\Windows\System32\msxml3r.dll2014-02-12 06:48:16 1882112 ----a-w- C:\Windows\System32\msxml3.dll2014-02-12 06:48:16 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll2014-02-12 06:36:28 3928064 ----a-w- C:\Windows\System32\d2d1.dll2014-02-12 06:36:28 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll2014-02-12 06:36:28 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll2014-02-12 06:36:28 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll2014-02-03 02:32:43 -------- d-----w- C:\ProgramData\HtmmlCHEcckeer2014-02-03 02:32:41 -------- d-----w- C:\ProgramData\angijblkobfiimfjbllaaalefeapmplj.==================== Find3M ====================.2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2014-02-05 02:04:15 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 02:04:15 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-12-18 22:11:05 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys2013-12-18 22:11:05 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys2013-11-26 00:14:17 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll.============= FINISH: 11:24:02.64 =============== Attach DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 6/07/2011 2:52:40 PMSystem Uptime: 19/02/2014 2:24:10 PM (21 hours ago).Motherboard: PEGATRON CORPORATION | | NARRA5Processor: AMD Athlon 7550 Dual-Core Processor | Socket AM2 | 2500/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 288 GiB total, 95.56 GiB free.D: is FIXED (NTFS) - 10 GiB total, 1.434 GiB free.E: is CDROM ()G: is CDROM ()H: is FIXED (FAT32) - 298 GiB total, 179.774 GiB free.I: is Removable.==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP250: 15/11/2013 3:00:43 AM - Windows UpdateRP251: 26/11/2013 11:55:36 AM - Scheduled CheckpointRP252: 29/11/2013 7:34:12 AM - Installed Samsung KiesRP253: 4/12/2013 3:00:23 AM - Windows UpdateRP254: 12/12/2013 12:00:16 AM - Scheduled CheckpointRP255: 12/12/2013 3:00:28 AM - Windows UpdateRP256: 20/12/2013 12:00:11 AM - Scheduled CheckpointRP257: 22/12/2013 6:26:02 PM - Windows UpdateRP258: 4/01/2014 12:48:48 PM - Scheduled CheckpointRP259: 12/01/2014 12:00:03 AM - Scheduled CheckpointRP260: 16/01/2014 3:00:49 AM - Windows UpdateRP261: 24/01/2014 10:37:03 AM - Scheduled CheckpointRP262: 3/02/2014 10:43:03 AM - Scheduled CheckpointRP263: 11/02/2014 12:00:13 AM - Scheduled CheckpointRP264: 13/02/2014 3:00:15 AM - Windows UpdateRP265: 17/02/2014 9:32:08 AM - 170214RP266: 17/02/2014 2:24:48 PM - 170214almostcleanRP267: 17/02/2014 2:30:55 PM - 170214cleanqnmark.==== Installed Programs ======================. Update for Microsoft Office 2007 (KB2508958)64 Bit HP CIO Components Installer7-Zip 9.20 (x64 edition)Adobe AIRAdobe Anchor Service CS4Adobe Anchor Service x64 CS4Adobe Bridge CS4Adobe CMaps CS4Adobe CMaps x64 CS4Adobe Color - Photoshop Specific CS4Adobe Color EU Recommended Settings CS4Adobe Color JA Extra Settings CS4Adobe Color NA Extra Settings CS4Adobe Color Video Profiles CS CS4Adobe CSI CS4Adobe CSI CS4 x64Adobe Default Language CS4Adobe Device Central CS4Adobe Drive CS4Adobe Drive CS4 x64Adobe ExtendScript Toolkit CS4Adobe Extension Manager CS4Adobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Fonts AllAdobe Fonts All x64Adobe Linguistics CS4Adobe Linguistics CS4 x64Adobe Media PlayerAdobe Output ModuleAdobe PDF Library Files CS4Adobe PDF Library Files x64 CS4Adobe Photoshop CS4Adobe Photoshop CS4 (64 Bit)Adobe Photoshop CS4 SupportAdobe Reader X (10.1.8)Adobe Search for HelpAdobe Service Manager ExtensionAdobe SetupAdobe Shockwave Player 11.6Adobe Type Support CS4Adobe Type Support x64 CS4Adobe Update Manager CS4Adobe WinSoft Linguistics PluginAdobe WinSoft Linguistics Plugin x64Adobe XMP Panels CS4AdobeColorCommonSetCMYKAdobeColorCommonSetRGBalbumworksApple Application SupportApple Mobile Device SupportApple Software UpdateAuslogics Disk DefragAvira Free AntivirusBlackBerry LinkBonjourCCleanerCompatibility Pack for the 2007 Office systemConnectCorel Graphics - Windows Shell ExtensionCorel Graphics - Windows Shell Extension 64 BitCorelDRAW Graphics Suite X5CorelDRAW Graphics Suite X5 - BRCorelDRAW Graphics Suite X5 - CaptureCorelDRAW Graphics Suite X5 - CommonCorelDRAW Graphics Suite X5 - ConnectCorelDRAW Graphics Suite X5 - Custom DataCorelDRAW Graphics Suite X5 - DrawCorelDRAW Graphics Suite X5 - ENCorelDRAW Graphics Suite X5 - ESCorelDRAW Graphics Suite X5 - Extra ContentCorelDRAW Graphics Suite X5 - FiltersCorelDRAW Graphics Suite X5 - FontNavCorelDRAW Graphics Suite X5 - FRCorelDRAW Graphics Suite X5 - IPMCorelDRAW Graphics Suite X5 - PHOTO-PAINTCorelDRAW Graphics Suite X5 - Photozoom PluginCorelDRAW Graphics Suite X5 - RedistCorelDRAW Graphics Suite X5 - Setup FilesCorelDRAW Graphics Suite X5 - VBACorelDRAW Graphics Suite X5 - VideoBrowserCorelDRAW Graphics Suite X5 - VSTACorelDRAW Graphics Suite X5 - WTCorelDRAW® Graphics Suite X5CutePDF Writer 2.8DAEMON Tools LiteDriver Pro v3.0DropboxERUNT 1.1jFileZilla Client 3.5.0FoxTabGhostscript GPL 8.64 (Msi Setup)GIMP 2.6.11Glary Utilities 2.35.0.1216Google ChromeHotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)ImgBurnInkscape 0.48.1 iTunesJava Auto UpdaterJava 6 Update 26K-Lite Codec Pack 7.2.0 (Full)kulerLibreOffice 3.3Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Access MUI (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2007Microsoft Office Excel MUI (English) 2007Microsoft Office File Validation Add-InMicrosoft Office Office 64-bit Components 2007Microsoft Office Outlook MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Professional 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Publisher MUI (English) 2007Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft Security EssentialsMicrosoft SilverlightMicrosoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual Studio Tools for Applications 2.0 - ENUMicrosoft Visual Studio Tools for Applications 2.0 RuntimeMozilla Firefox 27.0.1 (x86 en-US)Mozilla Maintenance ServiceMyCalendarNVIDIA 3D Vision Driver 311.06NVIDIA Control Panel 311.06NVIDIA DriversNVIDIA Graphics Driver 311.06NVIDIA Install ApplicationNVIDIA Stereoscopic 3D DriverNVIDIA Update 1.11.3NVIDIA Update ComponentsPaint.NET v3.5.8PDF Settings CS4Photoshop Camera RawPhotoshop Camera Raw_x64Picasa 3QuickTimeRealtek High Definition Audio DriverRevo Uninstaller 1.92Samsung KiesSAMSUNG USB Driver for Mobile PhonesSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2898855v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2901110v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2901110v2)Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2837615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office Outlook 2007 (KB2825644) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2837617) 32-Bit Edition Snap.DoSpeccySuite Shared Configuration CS4SUPERAntiSpywareTeamViewer 6TP-LINK TL-WN851ND DriverTP-LINK Wireless Configuration UtilityUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767849) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Access 2007 Help (KB963663)Update for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit EditionUpdate for Microsoft Office Outlook 2007 Help (KB963677)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit EditionUpdate for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Publisher 2007 Help (KB963667)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Visual Basic for Applications ® CoreVisual Basic for Applications ® Core - EnglishVisual Studio 2010 x64 RedistributablesVLC media player 1.1.10.==== Event Viewer Messages From Past Week ========.19/02/2014 2:27:09 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).19/02/2014 2:27:09 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.19/02/2014 2:24:39 PM, Error: Service Control Manager [7000] - The vToolbarUpdater15.1.0 service failed to start due to the following error: The system cannot find the file specified.18/02/2014 4:29:21 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.18/02/2014 4:29:21 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion..==== End Of File ===========================

It is now attached. Thanks once again for all your help. mbar-log-2013-11-06 (14-49-37).txt

Thanks Advanced Setup Curious do you want the log from the original MBAR scan for research purposes or anything?

Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` SUPERAntiSpyware Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Adobe Flash Player 11.9.900.117 Mozilla Firefox (25.0) Google Chrome 30.0.1599.101 Google Chrome 30.0.1599.69 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe Symantec Norton Online Backup NOBuAgent.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

And nothing detected with MBAM Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2013.11.06.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16686 CLEAN-LAPTOP :: CLEAN-LAPTOP-HP [administrator] 6/11/2013 8:29:35 PM mbam-log-2013-11-06 (20-29-35).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206957 Time elapsed: 15 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0