goa55

can anyone help me, i have a website www.taptaptap.co.uk that i cannot open eith at work or at home on 2 laptops or myphone when connected to wifi. when the phone is just using 3 or 4 g its fine i can view my site. at home i also have a gaming pc that is only ever used for gaming and i cannot open the site via chrome on that either. the site was hacked about 1 year ago but the web company that put it back together cannot help me with this problem any suggestions welcome.

any help welcome on this. i have a website www.taptaptap.co.uk which was hacked earlier this year the guy that maintains the site has moved it to another hosting company and all is now well. now i cannot look at the site on my home pc or work pc (different location) only via my phone on 3g. hes says there is nothing wrong with the site. so i am not sure what is going on any constructive advice welcome.

ok thanks mr C your the best.. have done a donation

machines running very well

it is done no threats found

i have run malware threat scan.. there are some thing in quaratine from 13th april thanks

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015 Ran by adam at 2015-04-21 22:41:38 Run:1 Running from C:\Users\adam\Desktop\mal Loaded Profiles: adam (Available profiles: adam) Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Users\adam\AppData\Local\Temp\ICReinstall_Chrome Download Manager.exe C:\Users\adam\AppData\Local\Temp\Intel_Technology_Access_Software.exe C:\Users\adam\AppData\Local\Temp\oct2559.tmp.exe C:\Users\adam\AppData\Local\Temp\oct5F90.tmp.exe C:\Users\adam\AppData\Local\Temp\oct6FA0.tmp.exe C:\Users\adam\AppData\Local\Temp\oct816F.tmp.exe C:\Users\adam\AppData\Local\Temp\oct8797.tmp.exe C:\Users\adam\AppData\Local\Temp\octC47F.tmp.exe C:\Users\adam\AppData\Local\Temp\octFD17.tmp.exe C:\Users\adam\AppData\Local\Temp\paint.net.4.0.4.install.exe C:\Users\adam\AppData\Local\Temp\swt-gdip-win32-3452.dll C:\Users\adam\AppData\Local\Temp\swt-win32-3452.dll AlternateDataStreams: C:\Users\adam\OneDrive:ms-properties AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD ***************** C:\Users\adam\AppData\Local\Temp\ICReinstall_Chrome Download Manager.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\Intel_Technology_Access_Software.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\oct2559.tmp.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\oct5F90.tmp.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\oct6FA0.tmp.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\oct816F.tmp.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\oct8797.tmp.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\octC47F.tmp.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\octFD17.tmp.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\paint.net.4.0.4.install.exe => Moved successfully. C:\Users\adam\AppData\Local\Temp\swt-gdip-win32-3452.dll => Moved successfully. C:\Users\adam\AppData\Local\Temp\swt-win32-3452.dll => Moved successfully. C:\Users\adam\OneDrive => ":ms-properties" ADS removed successfully. C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully. C:\ProgramData\Temp => ":6C5EC3CD" ADS removed successfully. ==== End of Fixlog 22:41:45 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.6.0 (04.20.2015:1) OS: Windows 8.1 Connected x64 Ran by adam on 21/04/2015 at 23:13:11.62 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1054520709-2473024980-3417720710-500 Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2827351779-3346599264-1074541188-1001 Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2827351779-3346599264-1074541188-500 ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{37D4BD70-B427-11E4-826B-F8A96373F8A7} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C} ~~~ Files Successfully deleted: [File] C:\Users\adam\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage-journal Successfully deleted: [File] C:\Users\adam\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21/04/2015 at 23:17:09.86 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v4.201 - Logfile created 21/04/2015 at 22:57:35 # Updated 08/04/2015 by Xplode # Database : 2015-04-08.1 [server] # Operating system : Windows 8.1 Connected (x64) # Username : adam - LOUNGE # Running from : C:\Users\adam\Downloads\adwcleaner_4.201 (2).exe # Option : Cleaning ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Users\adam\AppData\Local\pokki File Deleted : C:\Users\Public\Desktop\eBay.lnk File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk File Deleted : C:\Users\adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk File Deleted : C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk File Deleted : C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage File Deleted : C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal ***** [ Scheduled tasks ] *****

ok thanks am backing up as i write this

can anyone help with this thanks

not sure if this is malware or just a pop up but got the pop up asking me for £100 on chrome could not remove it so had to turn the laptop off. also i have this sweet laps dialog box asking me to install skype. doesn't seem right if anyone could help please Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01Ran by adam (administrator) on LOUNGE on 20-04-2015 07:47:24Running from C:\Users\adam\DownloadsLoaded Profiles: adam (Available profiles: adam)Platform: Windows 8.1 Connected (X64) OS Language: English (United Kingdom)Internet Explorer Version 11 (Default browser: Chrome)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe(Microsoft Corporation) C:\Windows\System32\vds.exe(Intel Corporation) C:\Windows\System32\igfxHK.exe(Intel Corporation) C:\Windows\System32\igfxTray.exe(Intel Corporation) C:\Windows\System32\igfxEM.exe(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe(Pokki) C:\Users\adam\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe(Pokki) C:\Users\adam\AppData\Local\Pokki\Engine\HostAppService.exe(Pokki) C:\Users\adam\AppData\Local\Pokki\Engine\HostAppService.exe(Opera Software) C:\Users\adam\AppData\Local\Opera Mail\operamail.exe(Pokki) C:\Users\adam\AppData\Local\Pokki\Engine\StartMenuIndexer.exe(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\adam\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startupHKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [bacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-03-18] (Acer Incorporated)HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-04-16] ()HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Qualcomm®Atheros®))HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGONHKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-05-21] (Spotify Ltd)HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\RunOnce: [Application Restart #1] => C:\Users\adam\AppData\Local\Pokki\Engine\HostAppService.exe [7851848 2015-04-14] (Pokki)ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJBSearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {122E2AC7-025B-477B-8BE7-019A1DE656D1} URL = SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {37D4BD70-B427-11E4-826B-F8A96373F8A7} URL = SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) Chrome: =======CHR HomePage: Default -> https://www.google.co.uk/CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"CHR DefaultSearchKeyword: Default -> homepage-web.comCHR DefaultSearchURL: Default -> http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}CHR DefaultSuggestURL: Default -> CHR Profile: C:\Users\adam\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Docs) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-16]CHR Extension: (Google Drive) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-16]CHR Extension: (YouTube) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-16]CHR Extension: (Google Search) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-16]CHR Extension: (Bookmark Manager) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]CHR Extension: (Chrome Hotword Shared Module) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]CHR Extension: (Google Wallet) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-16]CHR Extension: (Gmail) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-16] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2749696 2015-03-18] (Acer Incorporated)R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel® Corporation)S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)S3 BCMH43XX; C:\Windows\system32\DRIVERS\bcmwlhigh63a.sys [2071624 2013-03-06] (Broadcom Corporation)S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 07:46 - 2015-04-20 07:47 - 02098176 _____ (Farbar) C:\Users\adam\Downloads\FRST64 (1).exe2015-04-20 07:44 - 2015-04-20 07:44 - 00000000 ____D () C:\Users\adam\Desktop\mal2015-04-20 07:40 - 2015-04-20 07:41 - 00030446 _____ () C:\Users\adam\Downloads\Addition.txt2015-04-20 07:38 - 2015-04-20 07:47 - 00015208 _____ () C:\Users\adam\Downloads\FRST.txt2015-04-20 07:37 - 2015-04-20 07:47 - 00000000 ____D () C:\FRST2015-04-20 07:36 - 2015-04-20 07:36 - 02098176 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe2015-04-19 08:50 - 2015-03-19 11:08 - 00049074 _____ () C:\Users\adam\Documents\Retail%20Price%20List%20-%2001.01.2015.xls_0_2.ods2015-04-19 07:30 - 2015-04-19 07:34 - 538068488 _____ (GPLPS ) C:\Users\adam\Downloads\gplinstall_beta_1.04.exe2015-04-18 15:28 - 2015-04-19 09:16 - 00000000 ____D () C:\Users\adam\Desktop\race sim2015-04-17 22:48 - 2015-04-17 22:48 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk2015-04-16 20:44 - 2015-04-16 20:44 - 00000000 ____D () C:\Users\adam\Documents\RACE07DEMO2015-04-16 20:35 - 2015-04-16 20:35 - 00000220 _____ () C:\Users\adam\Desktop\RACE 07 Demo.url2015-04-16 20:35 - 2015-04-16 20:35 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam2015-04-16 19:50 - 2015-04-16 19:50 - 00000000 ____D () C:\Users\adam\AppData\Local\Steam2015-04-16 19:46 - 2015-04-20 07:30 - 00000000 ____D () C:\Program Files (x86)\Steam2015-04-16 19:46 - 2015-04-16 19:46 - 00000983 _____ () C:\Users\Public\Desktop\Steam.lnk2015-04-16 19:46 - 2015-04-16 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam2015-04-16 19:43 - 2015-04-16 19:44 - 01142128 _____ () C:\Users\adam\Downloads\SteamSetup.exe2015-04-15 21:30 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-04-15 21:30 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-04-15 21:30 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-04-15 21:30 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-04-15 21:30 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-04-15 21:30 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll2015-04-15 21:30 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2015-04-15 21:30 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll2015-04-15 21:29 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-04-15 17:16 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-04-15 17:15 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-04-15 17:15 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll2015-04-15 17:15 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-04-15 17:15 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll2015-04-15 17:15 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll2015-04-15 17:15 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-04-15 17:15 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-04-15 17:15 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe2015-04-15 17:15 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe2015-04-15 17:15 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll2015-04-15 17:15 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll2015-04-15 17:15 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll2015-04-15 17:15 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll2015-04-15 17:15 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll2015-04-15 17:14 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-04-15 17:14 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-04-15 17:14 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-04-15 17:14 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-04-15 17:14 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-04-15 17:14 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-04-15 17:14 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-04-15 17:14 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-04-15 17:14 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-04-15 17:14 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-04-15 17:14 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-04-15 17:14 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-04-15 17:14 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-04-15 17:14 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-04-15 17:14 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-04-15 17:14 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-04-15 17:14 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-04-15 17:14 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-04-15 17:14 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-04-15 17:14 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-04-15 17:14 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-04-15 17:14 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-04-15 17:14 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-04-15 17:14 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-04-15 17:13 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys2015-04-15 17:13 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll2015-04-15 17:13 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll2015-04-15 17:13 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys2015-04-15 17:12 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe2015-04-15 17:12 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll2015-04-15 17:12 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll2015-04-15 17:12 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll2015-04-15 17:12 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll2015-04-15 17:12 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll2015-04-15 17:12 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll2015-04-15 17:12 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll2015-04-15 17:12 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe2015-04-15 17:12 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll2015-04-15 17:12 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll2015-04-15 17:12 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll2015-04-15 17:12 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll2015-04-15 17:12 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll2015-04-15 17:12 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll2015-04-15 17:12 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe2015-04-15 17:12 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll2015-04-15 17:12 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll2015-04-13 23:29 - 2015-04-13 23:57 - 00019936 _____ () C:\Users\adam\Desktop\drama cv.odt2015-04-11 10:53 - 2015-04-11 11:32 - 00000000 ____D () C:\Users\adam\Documents\mopet and snow2015-04-11 10:17 - 2015-04-11 10:17 - 00000000 ____D () C:\Users\adam\AppData\Local\webkit2015-04-11 10:12 - 2015-04-11 19:09 - 00000000 ____D () C:\Users\adam\Desktop\Moppet and freinds2015-04-11 10:04 - 2015-04-11 10:53 - 00000000 ____D () C:\Users\adam\Documents\The adventures of Moppet2015-04-11 10:03 - 2015-04-11 10:03 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Amazon2015-04-11 09:59 - 2015-04-11 19:52 - 00000000 ____D () C:\Users\adam\.kindle2015-04-11 09:59 - 2015-04-11 09:59 - 00001043 _____ () C:\Users\adam\Desktop\Kindle Comic Creator.lnk2015-04-11 09:59 - 2015-04-11 09:59 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon2015-04-11 09:58 - 2015-04-11 19:51 - 00000000 ____D () C:\Users\adam\AppData\Local\Kindle Previewer2015-04-11 09:57 - 2015-04-11 09:58 - 00000000 ____D () C:\Users\adam\AppData\Local\KC22015-04-11 09:55 - 2015-04-11 09:57 - 277306048 _____ (Amazon.com) C:\Users\adam\Downloads\KindleComicCreatorInstall.exe2015-04-07 20:47 - 2015-04-07 20:47 - 00003336 _____ () C:\Windows\System32\Tasks\InfoCollect2015-04-07 20:47 - 2015-04-07 20:47 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud2015-04-07 20:45 - 2015-04-07 20:47 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk2015-04-05 09:11 - 2015-04-05 09:15 - 00000000 ___SD () C:\Windows\system32\GWX2015-04-05 09:11 - 2015-04-05 09:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX2015-04-01 15:37 - 2015-04-17 00:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-04-01 15:37 - 2015-04-01 15:37 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-04-01 15:37 - 2015-04-01 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-04-01 15:36 - 2015-04-01 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-04-01 15:36 - 2015-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-04-01 15:36 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-04-01 15:36 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-04-01 15:36 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-04-01 15:35 - 2015-04-01 15:35 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\adam\Downloads\mbam-setup-2.1.4.1018.exe2015-03-31 14:20 - 2015-03-31 14:21 - 00000000 ____D () C:\Users\adam\Desktop\taptaptap website2015-03-31 14:13 - 2015-03-31 14:13 - 00000103 ____H () C:\Users\adam\Desktop\.~lock.statement of Mr Popplewell 133.odt#2015-03-22 19:57 - 2015-03-22 19:58 - 00237568 _____ (Big Fish Games) C:\Users\adam\Downloads\bigfishgames_p232119703_s1_l1.exe2015-03-22 17:44 - 2015-03-22 17:44 - 00000000 ____D () C:\Users\adam\AppData\Local\Oberon Games2015-03-22 17:42 - 2015-03-22 17:42 - 00002041 _____ () C:\Users\Public\Desktop\Play Dream Day First Home.lnk2015-03-22 17:42 - 2015-03-22 17:42 - 00001270 _____ () C:\Users\Public\Desktop\More Great Games.lnk2015-03-22 17:41 - 2015-03-22 17:42 - 00000000 ____D () C:\Program Files (x86)\Dream Day First Home2015-03-22 17:41 - 2015-03-22 17:41 - 00000979 _____ () C:\Users\Public\Desktop\Games.lnk2015-03-22 17:41 - 2015-03-22 17:41 - 00000231 _____ () C:\Users\Public\Desktop\More Great Games.url2015-03-22 17:41 - 2015-03-22 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Day First Home2015-03-22 17:40 - 2015-03-22 17:40 - 00001947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk2015-03-22 17:40 - 2015-03-22 17:40 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk2015-03-22 17:39 - 2015-03-22 17:40 - 00000000 ____D () C:\Program Files (x86)\bfgclient2015-03-22 17:39 - 2015-03-22 17:39 - 00000000 ____D () C:\ProgramData\Big Fish2015-03-22 17:38 - 2015-03-24 15:46 - 00000000 ____D () C:\BigFishCache2015-03-22 17:38 - 2015-03-22 17:40 - 00000000 ____D () C:\Users\adam\AppData\Local\Big Fish ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-04-20 07:40 - 2014-05-21 20:21 - 01758996 _____ () C:\Windows\WindowsUpdate.log2015-04-20 07:36 - 2014-08-30 18:06 - 00000000 ____D () C:\Users\adam\AppData\Local\CrashDumps2015-04-20 07:34 - 2014-08-16 12:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2827351779-3346599264-1074541188-10012015-04-20 07:31 - 2014-08-17 17:51 - 00000000 ___DO () C:\Users\adam\OneDrive2015-04-20 07:31 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\adam\AppData\Local\Pokki2015-04-20 07:30 - 2014-08-16 13:02 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2015-04-20 07:29 - 2014-08-17 21:18 - 01070592 ___SH () C:\Users\adam\Desktop\Thumbs.db2015-04-20 07:28 - 2014-08-16 13:02 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2015-04-20 07:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache2015-04-20 07:08 - 2014-08-16 12:54 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{122DBD41-5960-4C82-8CBB-516E02831393}2015-04-20 07:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru2015-04-19 08:50 - 2014-09-17 09:05 - 00000000 ____D () C:\Users\adam\Desktop\pallet and uk mail labels2015-04-17 22:48 - 2014-04-21 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer2015-04-17 22:48 - 2014-04-21 10:57 - 00000000 ____D () C:\Program Files (x86)\Acer2015-04-17 22:44 - 2014-08-16 12:51 - 00000000 ____D () C:\Users\adam\AppData\Local\clear.fi2015-04-17 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness2015-04-17 10:18 - 2014-08-18 08:42 - 00000072 _____ () C:\Users\Public\LMDebug.log2015-04-17 10:17 - 2015-01-28 11:13 - 00202752 ___SH () C:\Users\adam\Downloads\Thumbs.db2015-04-17 01:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF2015-04-16 22:04 - 2014-03-18 10:47 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2015-04-16 22:02 - 2014-08-16 12:51 - 00002333 _____ () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk2015-04-16 22:00 - 2014-05-21 21:09 - 00000000 ____D () C:\ProgramData\OEM2015-04-16 21:57 - 2013-08-22 15:46 - 00033034 _____ () C:\Windows\setupact.log2015-04-16 21:57 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-04-16 21:56 - 2014-03-18 10:39 - 00033596 _____ () C:\Windows\PFRO.log2015-04-16 21:56 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI2015-04-16 21:53 - 2014-08-18 09:21 - 00000000 ____D () C:\Windows\system32\MRT2015-04-16 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB2015-04-16 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB2015-04-16 21:44 - 2014-08-18 09:20 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-04-16 21:43 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp2015-04-16 21:34 - 2014-12-13 20:09 - 00000000 ____D () C:\Windows\system32\appraiser2015-04-16 21:34 - 2014-08-20 11:04 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-04-16 20:31 - 2014-08-16 13:03 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2015-04-15 10:12 - 2015-02-06 13:01 - 00000000 ____D () C:\Users\adam\Desktop\N & C quotes2015-04-14 00:24 - 2015-03-15 18:05 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-04-14 00:24 - 2015-03-15 18:05 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-04-11 10:52 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\adam2015-04-09 14:26 - 2015-03-19 10:50 - 00000000 ____D () C:\Users\adam\Desktop\tylers ave2015-04-09 14:13 - 2014-09-16 15:09 - 00000000 ____D () C:\Users\adam\Documents\Turbo Lister Backup2015-04-07 20:47 - 2014-04-21 11:35 - 00000000 ___HD () C:\OEM2015-04-06 13:09 - 2015-03-15 18:43 - 00000000 ____D () C:\ProgramData\Package Cache2015-04-04 08:53 - 2014-05-21 21:07 - 00000000 ____D () C:\ProgramData\Temp2015-03-31 14:18 - 2014-08-17 21:33 - 00000000 ____D () C:\Users\adam\Desktop\sinks2015-03-31 14:16 - 2014-08-17 21:37 - 00000000 ____D () C:\Users\adam\Desktop\2013 taps2015-03-25 11:16 - 2015-01-28 12:34 - 00000000 ____D () C:\Users\adam\Desktop\customer quotes2015-03-22 17:41 - 2014-04-21 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== Files in the root of some directories ======= 2014-05-21 20:39 - 2014-05-21 20:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl Some content of TEMP:====================C:\Users\adam\AppData\Local\Temp\ICReinstall_Chrome Download Manager.exeC:\Users\adam\AppData\Local\Temp\Intel_Technology_Access_Software.exeC:\Users\adam\AppData\Local\Temp\oct2559.tmp.exeC:\Users\adam\AppData\Local\Temp\oct5F90.tmp.exeC:\Users\adam\AppData\Local\Temp\oct6FA0.tmp.exeC:\Users\adam\AppData\Local\Temp\oct816F.tmp.exeC:\Users\adam\AppData\Local\Temp\oct8797.tmp.exeC:\Users\adam\AppData\Local\Temp\octC47F.tmp.exeC:\Users\adam\AppData\Local\Temp\octFD17.tmp.exeC:\Users\adam\AppData\Local\Temp\paint.net.4.0.4.install.exeC:\Users\adam\AppData\Local\Temp\swt-gdip-win32-3452.dllC:\Users\adam\AppData\Local\Temp\swt-win32-3452.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-04-18 16:17 ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01Ran by adam at 2015-04-20 07:40:26Running from C:\Users\adam\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2001 - Acer Incorporated)abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.07.2004.0 - Acer Incorporated)abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.02.2003.0 - Acer Incorporated)Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2000 - Acer Incorporated)Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) HiddenAOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.06.2002.2 - Acer Incorporated)Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenCyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)Dream Day First Home (HKLM-x32\...\BFG-Dream Day First Home) (Version: - )eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGoogle Update Helper (x32 Version: 1.3.26.9 - Google Inc.) HiddenGovernor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) HiddenHost App Service (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Pokki) (Version: 0.269.7.611 - Pokki)Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)Intel® Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)Kindle Comic Creator (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\KC2) (Version: 1.160 - Amazon)KindlePreviewer (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\KindlePreviewer) (Version: 2.94 - Amazon)Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) HiddenMagic Academy (x32 Version: 2.2.0.98 - WildTangent) HiddenMalwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)Opera Mail 1.0 (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) HiddenPlants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) HiddenPokki Start Menu (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Pokki_Start_Menu) (Version: 0.269.7.611 - Pokki)Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)RACE 07 Demo (HKLM-x32\...\Steam App 4260) (Version: - SimBin)Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) HiddenTrinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) HiddenTurbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)Update Installer for WildTangent Games App (x32 Version: - WildTangent) HiddenWildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 27-03-2015 09:15:30 Windows Update05-04-2015 09:07:20 Windows Update06-04-2015 13:04:29 Intel® Technology Access16-04-2015 21:33:42 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {00A6CA8A-4F53-4830-95A9-BE01CD914322} - System32\Tasks\InfoCollect => C:\Program Files (x86)\Acer\Acer Portal\InfoCollect.exe [2015-03-18] ()Task: {0831349F-ABDA-45A7-9E7E-69A3FCF146D1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)Task: {3502D0EC-AC1D-4230-88A7-BFB559381014} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)Task: {37494759-B274-4FA8-8231-57B7FF32887F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)Task: {4692910B-52DD-4165-A960-880365D6B8B3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()Task: {52EB3751-66E4-4B03-95AF-A9ADB573E33E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {56C9BB88-CFE8-432D-8753-4236F534F641} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)Task: {59168F15-BC6A-4715-915B-C63B4F1F5646} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)Task: {6CD970C7-7986-4651-85F0-F4113A2383C4} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()Task: {728B3C23-39D5-49FD-9260-BFB4032690D6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)Task: {82F6C18E-4D67-40F3-9445-123F9D758766} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()Task: {C18B36F2-CF2E-4594-AA94-A5DA7DE85662} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)Task: {C22F8B5B-0797-4E3D-931C-9A0EEA594334} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {C8D1584C-7261-4068-869E-1CA6AC5BF2AB} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()Task: {CF1963AB-0F1F-4A6F-A871-2807ADF61BCA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)Task: {E2234699-F51F-450C-814D-818E2D5F5A2E} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-03-18] (Acer)Task: {E3C2E7C0-1EA5-4A7D-9EA4-6DD323BC9567} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)Task: {FB4ABD9C-A91A-4ACC-9EC8-EE09FCA9820E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============== 2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll2011-06-21 02:23 - 2011-06-21 02:23 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll2015-03-17 13:43 - 2015-03-17 13:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll2015-03-17 14:15 - 2015-03-17 14:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll2014-05-21 21:13 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe2015-04-16 16:04 - 2015-04-16 16:04 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe2014-04-21 11:37 - 2014-03-07 17:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll2015-04-16 16:04 - 2015-04-16 16:04 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe2015-04-16 19:49 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll2015-04-16 19:49 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll2015-04-16 19:49 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll2015-04-16 19:49 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll2015-04-16 19:49 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll2015-04-16 19:49 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll2015-04-16 19:49 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll2015-04-16 19:49 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll2015-04-16 19:49 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll2015-04-16 19:49 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll2015-04-16 19:49 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL2015-04-07 20:47 - 2015-04-07 20:47 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll2015-03-18 14:40 - 2015-03-18 14:40 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll2015-03-09 11:59 - 2015-03-09 11:59 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll2015-03-09 12:00 - 2015-03-09 12:00 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll2015-03-09 12:00 - 2015-03-09 12:00 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll2015-03-09 12:00 - 2015-03-09 12:00 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll2015-03-18 14:38 - 2015-03-18 14:38 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll2015-04-16 16:05 - 2015-04-16 16:05 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll2014-05-21 21:26 - 2014-01-03 14:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll2015-04-16 20:31 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll2015-04-16 20:31 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll2015-04-16 19:49 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll2015-01-04 05:06 - 2015-01-04 05:06 - 00569856 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll2015-01-04 05:06 - 2015-01-04 05:06 - 01400846 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\avcodec-54.dll2015-01-04 05:06 - 2015-01-04 05:06 - 00151054 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\avutil-51.dll2015-01-04 05:06 - 2015-01-04 05:06 - 00222734 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\avformat-54.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) AlternateDataStreams: C:\Users\adam\OneDrive:ms-propertiesAlternateDataStreams: C:\ProgramData\Temp:2CB9631FAlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" ==================== EXE Association (whitelisted) =============== (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpgDNS Servers: 192.168.1.254 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== Accounts: ============================= adam (S-1-5-21-2827351779-3346599264-1074541188-1001 - Administrator - Enabled) => C:\Users\adamAdministrator (S-1-5-21-2827351779-3346599264-1074541188-500 - Administrator - Disabled)Guest (S-1-5-21-2827351779-3346599264-1074541188-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2827351779-3346599264-1074541188-1003 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/20/2015 07:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.7, time stamp: 0x55091de0Faulting module name: MSVCR100.dll, version: 10.0.40219.1, time stamp: 0x4d5f0c22Exception code: 0xc0000005Fault offset: 0x00011891Faulting process ID: 0x4e4Faulting application start time: 0xBackgroundAgent.exe0Faulting application path: BackgroundAgent.exe1Faulting module path: BackgroundAgent.exe2Report ID: BackgroundAgent.exe3Faulting package full name: BackgroundAgent.exe4Faulting package-relative application ID: BackgroundAgent.exe5 Error: (04/17/2015 10:23:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (04/17/2015 08:28:39 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider database Error: (04/17/2015 04:46:34 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1390 Start Time: 01d078a7e198fc02 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 539d8f17-e4b4-11e4-826f-f8a96373f8a7 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (04/17/2015 00:55:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (04/16/2015 11:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.7, time stamp: 0x55091de0Faulting module name: MSVCR100.dll, version: 10.0.40219.1, time stamp: 0x4d5f0c22Exception code: 0xc0000005Fault offset: 0x00011891Faulting process ID: 0x1254Faulting application start time: 0xBackgroundAgent.exe0Faulting application path: BackgroundAgent.exe1Faulting module path: BackgroundAgent.exe2Report ID: BackgroundAgent.exe3Faulting package full name: BackgroundAgent.exe4Faulting package-relative application ID: BackgroundAgent.exe5 Error: (04/15/2015 07:18:23 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program SystemSettings.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 6408 Start Time: 01d06d53a82651ec Termination Time: 1341 Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe Report Id: 32999bbb-e337-11e4-826e-f8a96373f8a7 Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (04/14/2015 03:34:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 System errors:=============Error: (04/20/2015 07:28:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service. Error: (04/17/2015 10:06:21 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (04/17/2015 10:06:21 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552. Error: (04/17/2015 10:06:00 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (04/17/2015 10:06:00 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552. Error: (04/17/2015 10:05:46 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (04/17/2015 10:05:46 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552. Error: (04/17/2015 10:05:40 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Error: (04/17/2015 10:05:40 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552. Error: (04/17/2015 10:05:35 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate. Microsoft Office Sessions:=========================Error: (04/20/2015 07:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )Description: BackgroundAgent.exe1.0.1.755091de0MSVCR100.dll10.0.40219.14d5f0c22c0000005000118914e401d07b3370b7bf07C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll94c36ff9-e727-11e4-826f-f8a96373f8a7 Error: (04/17/2015 10:23:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (04/17/2015 08:28:39 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: -2147024883 Error: (04/17/2015 04:46:34 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: LiveComm.exe17.5.9600.20689139001d078a7e198fc024294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe539d8f17-e4b4-11e4-826f-f8a96373f8a7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (04/17/2015 00:55:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (04/16/2015 11:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: BackgroundAgent.exe1.0.1.755091de0MSVCR100.dll10.0.40219.14d5f0c22c000000500011891125401d078882d0993d0C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll433b2091-e48c-11e4-826f-f8a96373f8a7 Error: (04/15/2015 07:18:23 AM) (Source: Application Hang) (EventID: 1002) (User: )Description: SystemSettings.exe6.3.9600.17415640801d06d53a82651ec1341C:\Windows\ImmersiveControlPanel\SystemSettings.exe32999bbb-e337-11e4-826e-f8a96373f8a7windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024865 Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024865 Error: (04/14/2015 03:34:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 ==================== Memory info =========================== Processor: Intel® Celeron® CPU N2830 @ 2.16GHzPercentage of memory in use: 54%Total physical RAM: 3979.2 MBAvailable physical RAM: 1821.08 MBTotal Pagefile: 8587.2 MBAvailable Pagefile: 5605.78 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.8 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:448.62 GB) (Free:375.87 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 465.8 GB) (Disk ID: 33C8B4BA) Partition: GPT Partition Type. ==================== End Of Log ============================

on my main pc "er indoors ( the wife ) clicked a link in an email that was a spam thing had a .php at the end have noticed some of the icons on machine have moved not sure if this is related. i have run malware bytes nothing showed up. thanks Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014Ran by adam (administrator) on ADAM-PC on 16-04-2014 23:55:54Running from C:\Users\adam\DownloadsWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe() C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe() C:\Windows\Samsung\PanelMgr\SSMMgr.exe() C:\Windows\Samsung\PanelMgr\caller64.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Google Inc.) C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe(Google Inc.) C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\adam\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-20] (Realtek Semiconductor)HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)HKLM\...\Run: [EPSON Stylus DX4800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [3451904 2010-08-12] (Alcatel-Lucent)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)HKU\S-1-5-21-3054302393-4056070180-3854944929-1000\...\Run: [Google Update] => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2009-11-28] (Google Inc.)HKU\S-1-5-21-3054302393-4056070180-3854944929-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe [250528 2012-03-22] (Adobe Systems, Inc.)HKU\S-1-5-21-3054302393-4056070180-3854944929-1000\...\MountPoints2: {704b0f2e-da22-11de-b2b1-806e6f6e6963} - D:\Setup.exeStartup: C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 120 series.lnkShortcutTarget: Monitor Ink Alerts - HP ENVY 120 series.lnk -> C:\Program Files\HP\HP ENVY 120 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)Startup: C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnkShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.overclockers.co.ukHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBFEB1FD5886FCA01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gbBHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox:========FF Plugin: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileFF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)FF Plugin-x32: @microsoft.com/GENUINE - disabled No FileFF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\adam\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\adam\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR DefaultSearchKeyword: google.co.ukCHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No FileCHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Extension: (YouTube) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]CHR Extension: (Google Search) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]CHR Extension: (Google Wallet) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]CHR Extension: (Gmail) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]CHR StartMenuInternet: Google Chrome - C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] ()R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-08-09] (Alcatel-Lucent)R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [49152 2004-10-18] (DeviceGuys, Inc.)R3 GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [120704 2005-02-18] (Gemplus)R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-08-12] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-08-12] (Printing Communications Assoc., Inc. (PCAUSA))R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)S3 papycpu; No ImagePathS3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]S0x01000000 papycpu2; \SystemRoot\system32\drivers\papycpu2.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-16 23:55 - 2014-04-16 23:56 - 00013459 _____ () C:\Users\adam\Downloads\FRST.txt2014-04-16 23:55 - 2014-04-16 23:55 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64 (1).exe2014-04-16 23:55 - 2014-04-16 23:55 - 00000000 ____D () C:\FRST2014-04-16 23:21 - 2014-04-16 23:21 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe2014-04-09 14:55 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-04-09 14:55 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-04-09 14:55 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-04-09 14:55 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-04-09 14:55 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll2014-04-09 14:55 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll2014-04-09 14:55 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2014-04-09 14:55 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2014-04-09 14:55 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2014-04-09 14:55 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2014-04-09 14:55 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll2014-04-09 14:55 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2014-04-09 14:55 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2014-04-09 14:55 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2014-04-09 14:55 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2014-04-09 14:55 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys2014-04-09 14:55 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys2014-04-09 14:55 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys2014-04-09 14:55 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll2014-04-09 14:55 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll2014-04-09 14:55 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys2014-03-26 09:10 - 2014-03-26 09:10 - 00114176 _____ () C:\Users\adam\Desktop\no discount in the bathroom.xls2014-03-26 09:09 - 2014-03-26 09:09 - 00035012 _____ () C:\Users\adam\Documents\no discount.xlsx ==================== One Month Modified Files and Folders ======= 2014-04-16 23:56 - 2014-04-16 23:55 - 00013459 _____ () C:\Users\adam\Downloads\FRST.txt2014-04-16 23:55 - 2014-04-16 23:55 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64 (1).exe2014-04-16 23:55 - 2014-04-16 23:55 - 00000000 ____D () C:\FRST2014-04-16 23:21 - 2014-04-16 23:21 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe2014-04-16 23:18 - 2011-05-22 10:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-04-16 23:17 - 2009-11-28 16:07 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA.job2014-04-16 23:17 - 2009-11-26 01:32 - 02046742 _____ () C:\Windows\WindowsUpdate.log2014-04-16 17:23 - 2009-11-28 16:07 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core.job2014-04-16 17:20 - 2011-05-22 10:40 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-04-16 09:52 - 2011-12-01 16:07 - 00000000 ____D () C:\Users\adam\Desktop\Ebay sales Thomas & Holland Dec'11-Nov'122014-04-16 09:16 - 2012-12-19 11:33 - 00029184 _____ () C:\Users\adam\Desktop\CASH SALES.xls2014-04-13 07:21 - 2009-11-26 01:32 - 00000365 _____ () C:\service.log2014-04-13 06:40 - 2009-07-14 05:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-04-13 06:40 - 2009-07-14 05:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-04-13 06:34 - 2009-12-02 08:30 - 00000366 _____ () C:\Windows\Tasks\Driver Robot.job2014-04-10 23:52 - 2009-11-28 16:08 - 00002362 _____ () C:\Users\adam\Desktop\Google Chrome.lnk2014-04-10 12:03 - 2012-11-20 09:26 - 00026587 _____ () C:\Users\adam\Desktop\DEBIT CARD SALES.xlsx2014-04-10 07:10 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI2014-04-10 04:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache2014-04-10 03:22 - 2009-11-28 02:18 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys2014-04-10 03:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-04-10 03:21 - 2009-07-14 05:51 - 00043130 _____ () C:\Windows\setupact.log2014-04-10 03:05 - 2009-11-27 20:53 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-04-10 03:04 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT2014-04-10 03:02 - 2009-11-27 20:27 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-04-04 03:01 - 2012-05-02 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client2014-04-04 03:01 - 2011-02-27 22:27 - 00001945 _____ () C:\Windows\epplauncher.mif2014-04-04 03:01 - 2011-02-27 22:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client2014-04-03 18:32 - 2014-01-08 08:52 - 00000000 ____D () C:\Users\adam\AppData\Roaming\HpUpdate2014-03-31 02:16 - 2014-04-09 14:55 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-03-31 02:13 - 2014-04-09 14:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-03-31 01:13 - 2014-04-09 14:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-03-31 00:57 - 2014-04-09 14:55 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-03-30 16:08 - 2009-11-28 16:07 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA2014-03-30 16:08 - 2009-11-28 16:07 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core2014-03-27 15:13 - 2011-05-22 10:40 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-03-27 15:13 - 2011-05-22 10:40 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-03-26 09:10 - 2014-03-26 09:10 - 00114176 _____ () C:\Users\adam\Desktop\no discount in the bathroom.xls2014-03-26 09:09 - 2014-03-26 09:09 - 00035012 _____ () C:\Users\adam\Documents\no discount.xlsx Some content of TEMP:====================C:\Users\adam\AppData\Local\Temp\Arabic.dllC:\Users\adam\AppData\Local\Temp\Brazilian.dllC:\Users\adam\AppData\Local\Temp\Chinese_PRC.dllC:\Users\adam\AppData\Local\Temp\Chinese_Taiwan.dllC:\Users\adam\AppData\Local\Temp\Czech.dllC:\Users\adam\AppData\Local\Temp\Danish.dllC:\Users\adam\AppData\Local\Temp\Dutch.dllC:\Users\adam\AppData\Local\Temp\English.dllC:\Users\adam\AppData\Local\Temp\Finnish.dllC:\Users\adam\AppData\Local\Temp\French.dllC:\Users\adam\AppData\Local\Temp\German.dllC:\Users\adam\AppData\Local\Temp\Greek.dllC:\Users\adam\AppData\Local\Temp\Hebrew.dllC:\Users\adam\AppData\Local\Temp\Hungarian.dllC:\Users\adam\AppData\Local\Temp\install_flash_player.exeC:\Users\adam\AppData\Local\Temp\Italian.dllC:\Users\adam\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exeC:\Users\adam\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exeC:\Users\adam\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\adam\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\adam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exeC:\Users\adam\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exeC:\Users\adam\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\adam\AppData\Local\Temp\Korean.dllC:\Users\adam\AppData\Local\Temp\Norwegian.dllC:\Users\adam\AppData\Local\Temp\ose00000.exeC:\Users\adam\AppData\Local\Temp\Polish.dllC:\Users\adam\AppData\Local\Temp\Portuguese.dllC:\Users\adam\AppData\Local\Temp\Russian.dllC:\Users\adam\AppData\Local\Temp\setup.exeC:\Users\adam\AppData\Local\Temp\Spanish.dllC:\Users\adam\AppData\Local\Temp\SP_Connector.exeC:\Users\adam\AppData\Local\Temp\Swedish.dllC:\Users\adam\AppData\Local\Temp\Turkish.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-10 03:52 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014Ran by adam at 2014-04-16 23:56:36Running from C:\Users\adam\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) HiddenAdobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)Browser Configuration Utility (HKLM-x32\...\{E8AEA11B-E60A-455E-B008-E4E763604612}) (Version: 1.0.4.9 - DeviceVM Inc.)BT Broadband Desktop Help (HKLM-x32\...\BT Broadband Desktop Help) (Version: - )BTHomeHub (HKLM-x32\...\BTHomeHub) (Version: - British Telecommunications Plc.)DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)EasySaver B9.0316.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenGoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)GoToAssist Corporate (x32 Version: 9.0.570 - Citrix) HiddenHP ENVY 120 series Basic Device Software (HKLM\...\{0E96CEFA-F256-4E54-BB46-34FA4A8847D7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP ENVY 120 series Help (HKLM-x32\...\{B45F1BFE-C8D5-4F09-BD54-90CB32BEDE12}) (Version: 28.0.0 - Hewlett Packard)HP ENVY 120 series Product Improvement Study (HKLM\...\{E0C8943E-2DA5-4F82-A54E-76157E95AA30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) HiddenJava 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenMaintenance Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version: - Samsung Electronics Co., Ltd.)Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) HiddenMicrosoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) HiddenMicrosoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) HiddenMicrosoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) HiddenMicrosoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) HiddenMicrosoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) HiddenMicrosoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Mozilla Thunderbird (2.0.0.24) (HKLM-x32\...\Mozilla Thunderbird (2.0.0.24)) (Version: 2.0.0.24 (en-GB) - Mozilla)MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) HiddenMSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Nokia Connectivity Cable Driver (HKLM-x32\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)Nokia Software Updater (HKLM-x32\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation)OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)PC Connectivity Solution (HKLM-x32\...\{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}) (Version: 10.42.0.0 - Nokia)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)Sage Invoicing and Start-up (HKLM-x32\...\InstallShield_{6E9B1EA1-B4C3-44F7-A873-DC1211E73420}) (Version: 2.0.0.11 - Sage)Sage Invoicing and Start-up (x32 Version: 2.0.0.11 - Sage) HiddenSAMSUNG Dr.Printer (HKLM-x32\...\{0DB87EAC-F695-4D59-9609-C93119AE6B35}) (Version: 1.00.0000 - Samsung)Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) HiddenWindows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) HiddenWindows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) HiddenWindows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) HiddenWindows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) HiddenWinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )WinVROC (HKLM-x32\...\WinVROC) (Version: - ) ==================== Restore Points ========================= 30-03-2014 00:22:24 Windows Update30-03-2014 18:08:04 Windows Backup02-04-2014 16:49:16 Windows Update04-04-2014 02:00:26 Windows Update06-04-2014 18:00:20 Windows Backup07-04-2014 06:51:22 Windows Update10-04-2014 02:00:42 Windows Update13-04-2014 06:12:50 Windows Update13-04-2014 18:00:13 Windows Backup16-04-2014 16:25:51 Windows Update ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {074B5425-72DD-44AF-B4B8-9D77B22D3131} - System32\Tasks\{CC504401-CD39-4972-B71A-2EA73532B6FB} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {1E394DB5-2D2F-40D3-A84D-4F230E7EAEB3} - System32\Tasks\{9A91D0B0-46E8-4A4E-9785-79F17D609B52} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {22A33A2A-4DC0-433C-B2A6-E5F1CD1D20AA} - System32\Tasks\{258FFC3E-840F-4911-8655-15CCA656807E} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {327798F1-925C-4948-A0F7-FDD4E2E3310D} - System32\Tasks\{70213967-0C7B-4747-A0D3-BF87C7AC2CD2} => C:\Program Files (x86)\mackoy\BVE4\Bve.exeTask: {3B877111-069C-457C-899C-3893BBDBA414} - System32\Tasks\HPCustParticipation HP ENVY 120 series => C:\Program Files\HP\HP ENVY 120 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)Task: {4482CF6A-5BB7-4285-9063-301577E49788} - System32\Tasks\{8B9A686C-FD8B-460F-A4D1-C99445431B40} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {454385E1-0219-4107-B968-5C3BC65A98AB} - System32\Tasks\{8299EF3E-AFD5-49D8-9D47-BADCE9E15BFA} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {45E5F7DA-30E4-44AF-890B-9BF3F18B5D24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)Task: {6A33B5E2-213E-4D95-8AD2-E5E8EA057C51} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-28] (Google Inc.)Task: {6A82ABAC-A597-40F3-82DF-75956B77F6A3} - System32\Tasks\{950DEA5D-50EA-4883-BF9B-29761DB343FC} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {710CBFB3-3D3B-4F9A-A310-75586E77D0FE} - System32\Tasks\{8402AE9C-5565-47D4-8CE7-1CC3C87BFF7D} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {83D189B1-F4E5-4A32-BFCB-1B87DEF443C7} - System32\Tasks\{D17E5D63-4DCA-4518-AE49-C19D71D3904D} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {8E017A29-C71A-4B6D-B1AB-90FDA40EE994} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-28] (Google Inc.)Task: {8F6708C0-2D0E-4B74-9F7F-FD9FFD85F69F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackupTask: {9D2DAF16-ED33-477D-BD56-4656959E80FB} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exeTask: {A1661244-8F83-41AA-961F-224FF1E73DDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)Task: {C9306CDE-C22D-47ED-A9E2-0D4573B9AF99} - System32\Tasks\{D1502ACA-5E2A-47AE-82BA-95EB64DA1DA8} => C:\Program Files (x86)\mackoy\BVE4\Bve.exeTask: {CA34AB44-5E5D-43FB-A3FD-280E029FBCB0} - System32\Tasks\{C173C7F9-6156-4C32-A3C8-8F507254AB2C} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {D642514B-0A1D-420F-B65A-8F8273C2469F} - System32\Tasks\{1D867513-CCE7-4412-BE40-EC59C5BC5FA0} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)Task: {D756C3BA-2CFE-472E-BD05-F71923A51F6E} - System32\Tasks\{BA3CF3EF-63A0-490F-82E6-70655F7C1A6B} => C:\Program Files (x86)\mackoy\BVE4\Bve.exeTask: C:\Windows\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core.job => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA.job => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2008-06-04 06:53 - 2008-06-04 06:53 - 00027648 _____ () C:\Windows\System32\sst3cl6.dll2010-03-10 06:15 - 2010-03-10 06:15 - 00757760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll2009-11-26 01:32 - 2009-03-02 23:06 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE2011-06-04 11:22 - 2010-06-07 11:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe2011-06-04 11:22 - 2009-09-30 05:51 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe2009-11-26 01:32 - 2009-03-13 20:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL2011-01-17 16:19 - 2011-05-31 22:36 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll2014-04-10 23:52 - 2014-04-02 02:57 - 00065352 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll2014-04-10 23:52 - 2014-04-02 02:57 - 00674632 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll2014-04-10 23:52 - 2014-04-02 02:57 - 00093000 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll2014-04-10 23:52 - 2014-04-02 02:57 - 04081480 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll2014-04-10 23:52 - 2014-04-02 02:58 - 00390472 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll2014-04-10 23:52 - 2014-04-02 02:57 - 01647432 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll2014-04-10 23:52 - 2014-04-02 02:58 - 13691720 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\adam\Desktop\Fw_ Account Forms for Agents.eml:OECustomProperty ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/16/2014 10:14:29 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (04/14/2014 07:03:06 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (04/13/2014 07:04:22 PM) (Source: Windows Backup) (User: )Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005). Error: (04/12/2014 08:52:47 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (04/12/2014 08:28:20 AM) (Source: Application Error) (User: )Description: Faulting application name: BTHelpNotifier.exe, version: 6.6.1.18, time stamp: 0x4a944480Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24Exception code: 0xc0000374Fault offset: 0x00000000000c4102Faulting process id: 0xb84Faulting application start time: 0xBTHelpNotifier.exe0Faulting application path: BTHelpNotifier.exe1Faulting module path: BTHelpNotifier.exe2Report Id: BTHelpNotifier.exe3 Error: (04/11/2014 06:27:01 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (04/10/2014 03:05:45 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (04/08/2014 07:47:23 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. Error: (04/06/2014 07:04:38 PM) (Source: Windows Backup) (User: )Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005). Error: (04/06/2014 06:42:43 AM) (Source: SideBySide) (User: )Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.Component identity found in manifest does not match the identity of the component requested.Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".Please use sxstrace.exe for detailed diagnosis. System errors:=============Error: (04/16/2014 11:16:36 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 11:16:34 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 11:16:33 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 11:16:32 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 11:16:31 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 05:14:55 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 05:14:54 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 05:14:52 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 05:14:51 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Error: (04/16/2014 05:14:50 PM) (Source: Service Control Manager) (User: )Description: The SSPORT service failed to start due to the following error: %%2 Microsoft Office Sessions:=========================Error: (12/18/2013 09:45:55 AM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 10335 seconds with 60 seconds of active time. This session ended with a crash. Error: (03/19/2013 11:01:14 PM) (Source: Microsoft Office 12 Sessions)(User: )Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 398579 seconds with 4080 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 54%Total physical RAM: 4060.49 MBAvailable physical RAM: 1842.18 MBTotal Pagefile: 8119.16 MBAvailable Pagefile: 5593.2 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:372.86 GB) NTFSDrive d: (HP LS120) (CDROM) (Total:0.41 GB) (Free:0 GB) CDFSDrive e: () (Fixed) (Total:186.3 GB) (Free:0 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 186 GB) (Disk ID: 027C027C)Partition 1: (Active) - (Size=186 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CA9ACC54)Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================

ok thanks machine running well now

Results of screen317's Security Check version 0.99.81 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 12.0.0.77 Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Windows Defender MSMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log``````````````````````

good mse scan complete nothing highlighted. the java does not seem to work on my system not sure why not.

just running a scan with mse was there any nasties on my system?

i have tried to run fix mse but it says it is unable to mse on the system.

ix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Adam at 2014-04-07 19:08:19 Run:1 Running from C:\Users\Adam\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:4B7317F4 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:5A99DEB7 AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD AlternateDataStreams: C:\ProgramData\Temp:798A3728 AlternateDataStreams: C:\ProgramData\Temp:8075370B AlternateDataStreams: C:\ProgramData\Temp:9195103F AlternateDataStreams: C:\ProgramData\Temp:93DE1838 AlternateDataStreams: C:\ProgramData\Temp:93EB7685 AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ***************** C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully. C:\ProgramData\Temp => ":4B7317F4" ADS removed successfully. C:\ProgramData\Temp => ":4D066AD2" ADS removed successfully. C:\ProgramData\Temp => ":5A99DEB7" ADS removed successfully. C:\ProgramData\Temp => ":5D7E5A8F" ADS removed successfully. C:\ProgramData\Temp => ":6C5EC3CD" ADS removed successfully. C:\ProgramData\Temp => ":798A3728" ADS removed successfully. C:\ProgramData\Temp => ":8075370B" ADS removed successfully. C:\ProgramData\Temp => ":9195103F" ADS removed successfully. C:\ProgramData\Temp => ":93DE1838" ADS removed successfully. C:\ProgramData\Temp => ":93EB7685" ADS removed successfully. C:\ProgramData\Temp => ":AB689DEA" ADS removed successfully. C:\ProgramData\Temp => ":ABE89FFE" ADS removed successfully. C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully. ==== End of Fixlog ====

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Adam at 2014-04-07 17:03:12 Running from C:\Users\Adam\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft) 1912 Titanic Mystery (HKLM-x32\...\1912 Titanic Mystery) (Version: - Spintop Media, Inc) 3MobileWiFi (HKLM-x32\...\3MobileWiFi) (Version: 1.11.00.156 - Huawei Technologies Co.,Ltd) Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems) Acer Crystal Eye webcam Ver:1.1.167.331 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.167.331 - Chicony Electronics Co.,Ltd.) Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3003 - Acer Incorporated) Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3011 - Acer Incorporated) Acer GameZone Console (HKLM-x32\...\{ABEE079E-648E-488B-8301-0C3DB48C1BCE}_is1) (Version: 6.1.0.2 - Oberon Media, Inc.) Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3002 - Acer Incorporated) Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0412.2010 - Acer Incorporated) Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated) Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.) Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media) ArcSoft Print Creations - Album Page (HKLM-x32\...\{E6B4117F-AC59-4B13-9274-EB136E8897EE}) (Version: - ArcSoft) ArcSoft Print Creations - Photo Book (HKLM-x32\...\{56589DFE-0C29-4DFE-8E42-887B771ECD23}) (Version: - ArcSoft) ArcSoft Print Creations (HKLM-x32\...\{85F1B81D-72C5-4357-81F9-B0A1D71DF59B}) (Version: 3.0.255.407 - ArcSoft) ArcSoft TotalMedia HDCam (HKLM-x32\...\{7A1DE746-F5D0-4A21-943B-39A3F243C32A}) (Version: 2.0.2.62 - ArcSoft) Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.1.8321 - ) Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - ) Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation) BlackBerry Desktop Software 6.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.1.0.36 - Research In Motion Ltd.) BlackBerry Desktop Software 6.1 (x32 Version: 6.1.0.36 - Research In Motion Ltd.) Hidden Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.04 - Broadcom Corporation) Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Chicken Invaders 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}) (Version: - Oberon Media) CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.1.47.1220 - Foxit Corporation) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Cookienator (HKLM-x32\...\{BF307EDA-A176-4D83-9775-D337810CF7A7}) (Version: 2.6.41 - CodeFromThe70s.org) CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2719.50 - CyberLink Corp.) CyberLink PowerDVD 9 (x32 Version: 9.0.2719.50 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dairy Dash (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}) (Version: - Oberon Media) DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation) Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.) eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.) eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation) Freemake Video Converter version 3.2.1 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 3.2.1 - Ellora Assets Corporation) Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media) Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Drive (HKLM-x32\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 9.0.0.599 - Citrix Online, a division of Citrix Systems, Inc.) Granny In Paradise (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}) (Version: - Oberon Media) Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media) Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2086 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.) Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 11.0.3.0 - Lightworks) Maintenance Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version: - Samsung Electronics Co., Ltd.) Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation) Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Works (HKLM-x32\...\{67E03279-F703-408F-B4BF-46B5FC8D70CD}) (Version: 9.7.0621 - Microsoft Corporation) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyTomTom 3.1.0.530 (HKLM-x32\...\MyTomTom) (Version: 3.1.0.530 - TomTom) MyWinLocker (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.210.0 - Egis Technology Inc.) MyWinLocker Suite (x32 Version: 3.1.210.0 - Egis Technology Inc.) Hidden Norton Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec) NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems) NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems) NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org) Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6015 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.) Samsung Universal Print Driver 2 (HKLM-x32\...\Samsung Universal Print Driver 2) (Version: 2.50.02.00 - Samsung Electronics Co., Ltd.) Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 14.0.19.0 - Synaptics Incorporated) Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.) Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation) Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation) Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.14 - ZTE Corporation) ==================== Restore Points ========================= 28-03-2014 06:02:47 Windows Update 29-03-2014 05:21:45 Windows Update 29-03-2014 06:01:28 Installed Microsoft Fix it 50123 29-03-2014 06:04:29 Windows Update 01-04-2014 09:25:10 Windows Update 04-04-2014 06:23:52 Windows Update 05-04-2014 06:10:42 Windows Update 07-04-2014 06:38:04 Windows Update 07-04-2014 06:44:54 restore april 2014 ==================== Hosts content: ========================== 2009-07-14 03:34 - 2014-04-07 08:32 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {13C92F29-9E42-41FC-AF69-1664CBE6D6B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.) Task: {186E6D7A-A81A-4DB5-B394-55278F31FEF1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {21B3C017-0CFA-4978-899F-65AE3D37C08D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated) Task: {477E1FF5-7E79-47A5-9463-FF8EFC17DD59} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.) Task: {5BB9703C-173E-4C73-B12C-0429663B1235} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.) Task: {AD0E9238-29D7-4F80-A911-E48DDF256BB0} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: {EF2F294F-1740-490F-817A-EFE64FCCA558} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-18 12:13 - 2011-04-11 06:26 - 00034304 _____ () C:\Windows\System32\spe__l.dll 2008-06-04 06:53 - 2008-06-04 06:53 - 00027648 _____ () C:\Windows\System32\sst3cl6.dll 2010-03-10 06:15 - 2010-03-10 06:15 - 00757760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll 2011-03-14 16:27 - 2011-03-14 16:27 - 00346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe 2010-07-05 21:34 - 2010-07-05 21:34 - 00206208 _____ () C:\Windows\PLFSetI.exe 2011-06-04 19:49 - 2010-06-07 11:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe 2011-06-04 19:49 - 2009-09-30 05:51 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe 2010-03-09 01:18 - 2010-03-09 01:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll 2010-03-09 01:13 - 2010-03-09 01:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll 2010-04-21 11:34 - 2009-12-24 01:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2011-11-14 12:02 - 2011-11-14 12:02 - 00063960 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll 2011-11-14 12:01 - 2011-11-14 12:01 - 07964160 _____ () C:\Program Files (x86)\MyTomTom 3\QtGui4.dll 2011-11-14 12:01 - 2011-11-14 12:01 - 02302464 _____ () C:\Program Files (x86)\MyTomTom 3\QtCore4.dll 2011-11-14 12:02 - 2011-11-14 12:02 - 00202712 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll 2011-11-14 12:01 - 2011-11-14 12:01 - 00980480 _____ () C:\Program Files (x86)\MyTomTom 3\QtNetwork4.dll 2011-11-14 12:01 - 2011-11-14 12:01 - 00357888 _____ () C:\Program Files (x86)\MyTomTom 3\QtXml4.dll 2011-11-14 12:01 - 2011-11-14 12:01 - 02648064 _____ () C:\Program Files (x86)\MyTomTom 3\QtXmlPatterns4.dll 2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Adam\AppData\Roaming\Dropbox\bin\libcef.dll 2011-01-17 16:19 - 2011-04-18 16:35 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll 2010-11-19 18:45 - 2011-04-18 16:35 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll 2010-04-21 12:17 - 2009-05-20 07:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll 2014-04-07 14:39 - 2014-04-07 14:39 - 00098816 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32api.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00110080 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pywintypes27.dll 2014-04-07 14:39 - 2014-04-07 14:39 - 00364544 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pythoncom27.dll 2014-04-07 14:39 - 2014-04-07 14:39 - 00044032 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_socket.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 01157120 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_ssl.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00320512 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32com.shell.shell.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00712192 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_hashlib.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 01175040 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._core_.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00805888 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._gdi_.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00811008 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._windows_.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 01062400 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._controls_.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00735232 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._misc_.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00128512 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_elementtree.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00127488 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pyexpat.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00557056 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\pysqlite2._sqlite.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00087040 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_ctypes.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00119808 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32file.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00108544 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32security.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00018432 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32event.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00038912 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32inet.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00122368 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._wizard.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00070656 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\wx._html2.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00026624 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\_multiprocessing.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00010240 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\select.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00024064 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32pipe.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00686080 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\unicodedata.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00025600 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32pdh.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00525640 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\windows._lib_cacheinvalidation.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00011264 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32crypt.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00035840 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32process.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00017408 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32profile.pyd 2014-04-07 14:39 - 2014-04-07 14:39 - 00022528 _____ () C:\Users\Adam\AppData\Local\Temp\_MEI33882\win32ts.pyd 2014-03-15 13:21 - 2014-03-15 01:50 - 00051016 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 13:21 - 2014-03-15 01:50 - 00716616 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 13:21 - 2014-03-15 01:50 - 00100168 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 13:21 - 2014-03-15 01:50 - 04061000 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 13:21 - 2014-03-15 01:50 - 00394568 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 13:21 - 2014-03-15 01:50 - 01647432 _____ () C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:0B9176C0 AlternateDataStreams: C:\ProgramData\Temp:4B7317F4 AlternateDataStreams: C:\ProgramData\Temp:4D066AD2 AlternateDataStreams: C:\ProgramData\Temp:5A99DEB7 AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD AlternateDataStreams: C:\ProgramData\Temp:798A3728 AlternateDataStreams: C:\ProgramData\Temp:8075370B AlternateDataStreams: C:\ProgramData\Temp:9195103F AlternateDataStreams: C:\ProgramData\Temp:93DE1838 AlternateDataStreams: C:\ProgramData\Temp:93EB7685 AlternateDataStreams: C:\ProgramData\Temp:AB689DEA AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE AlternateDataStreams: C:\ProgramData\Temp:E36F5B57 ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service" ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/07/2014 02:22:01 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/07/2014 01:28:48 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 Error: (04/07/2014 11:39:37 AM) (Source: Application Error) (User: ) Description: Faulting application name: Foxit Reader Updater.exe, version: 6.1.2.1226, time stamp: 0x52ca6719 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00000060 Faulting process id: 0xe9c Faulting application start time: 0xFoxit Reader Updater.exe0 Faulting application path: Foxit Reader Updater.exe1 Faulting module path: Foxit Reader Updater.exe2 Report Id: Foxit Reader Updater.exe3 Error: (04/07/2014 10:55:55 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (04/07/2014 10:55:43 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. Error: (04/07/2014 07:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code. Error: (04/07/2014 07:58:00 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY) Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section. Error: (04/07/2014 07:39:37 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY) Description: HRESULT:0x80070643 Description:Cannot complete the Security Essentials Upgrade. An error has prevented the Security Essentials Upgrade Wizard from continuing. The previous version of Security Essentials was restored. Error code:0x80070643. Fatal error during installation. Error: (04/07/2014 07:39:36 AM) (Source: MsiInstaller) (User: NT AUTHORITY) Description: Product: Microsoft Security Client -- All customizable parameters must be specified on install: AMPRODUCT, PRODUCTICON, PRODUCTLOCALIZEDNAME, REMEDIATIONEXE, SIGNATURECATEGORYID and PRODUCT_SKU Error: (04/06/2014 08:02:00 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80004005 System errors: ============= Error: (04/07/2014 05:00:22 PM) (Source: cdrom) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Error: (04/07/2014 05:00:21 PM) (Source: cdrom) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Error: (04/07/2014 04:54:11 PM) (Source: NetBT) (User: ) Description: The name "ADAM-PC :20" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/07/2014 04:54:11 PM) (Source: NetBT) (User: ) Description: The name "ADAM-PC :0" could not be registered on the interface with IP address 192.168.1.100. The computer with the IP address 192.168.1.66 did not allow the name to be claimed by this computer. Error: (04/07/2014 04:54:10 PM) (Source: Server) (User: ) Description: The server could not bind to the transport \Device\NetBT_Tcpip_{3DD1DAFB-D437-4CDB-B57A-58D7C526D5DA} because another computer on the network has the same name. The server could not start. Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Error: (04/07/2014 02:43:49 PM) (Source: cdrom) (User: ) Description: The driver detected a controller error on \Device\CdRom0. Microsoft Office Sessions: ========================= Error: (01/27/2014 10:45:45 AM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 250081 seconds with 0 seconds of active time. This session ended with a crash. Error: (01/24/2014 01:17:04 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 127296 seconds with 60 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-04-07 08:24:17.809 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-04-07 08:24:17.569 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-22 21:56:58.878 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-22 21:56:58.628 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-22 21:56:58.363 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-01-22 21:56:58.114 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-30 22:08:06.482 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-30 22:08:06.357 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 61% Total physical RAM: 2806.71 MB Available physical RAM: 1087.68 MB Total Pagefile: 5611.61 MB Available Pagefile: 3572.19 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Acer) (Fixed) (Total:283.99 GB) (Free:162.72 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 97FAD661) Partition 1: (Not Active) - (Size=14 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=284 GB) - (Type=07 NTFS) ==================== End Of Log ============================

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Adam (administrator) on ADAM-PC on 07-04-2014 17:01:44 Running from C:\Users\Adam\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (SafeNet Inc.) C:\Windows\system32\hasplms.exe () C:\ProgramData\DatacardService\HWDeviceService64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Windows\system32\igfxsrvc.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe () C:\Windows\PLFSetI.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Dropbox, Inc.) C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Intel Corporation) C:\Windows\system32\igfxext.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe (NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe () C:\Windows\Samsung\PanelMgr\SSMMgr.exe (Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe () C:\Windows\Samsung\PanelMgr\caller64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe (Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe (Google Inc.) C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor) HKLM\...\Run: [mwlDaemon] - C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated) HKLM\...\Run: [PLFSetI] - C:\Windows\PLFSetI.exe [206208 2010-07-05] () HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated) HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation) HKLM\...\Run: [seagull Drivers] - ssdal_nc.exe startup HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation) HKLM-x32\...\Run: [suiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.) HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-25] (Symantec Corporation) HKLM-x32\...\Run: [backupManagerTray] - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.) HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.) HKLM-x32\...\Run: [samsung PanelMgr] - C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] () HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-09-01] (Research In Motion Limited) HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\599\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-04-21] (Google Inc.) HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [435672 2011-11-14] (TomTom) HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google) HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.) HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [Mobile Partner] - C:\Program Files (x86)\3MobileWiFi\3MobileWiFi HKU\S-1-5-21-2517162095-573492459-740728455-1001\...\Run: [Cookienator] - C:\Program Files (x86)\Cookienator\cookienator.exe [1333472 2009-10-19] (CodeFromThe70s.org) Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5741z&r=27360411l505l0454z145t4662q292 HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB428 SearchScopes: HKCU - {BF707BAC-59CC-4AC6-84E0-BB5FEA9E3F71} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=en_UK&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^GB&apn_uid=9F189D84-95FA-4D34-B993-96F5C3ECA23E&apn_sauid=5B6D90A1-4617-44A2-9773-B3BC389564CE BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Chrome: ======= CHR HomePage: https://www.google.co.uk/?gws_rd=cr&ei=4s37UuIEgorIA_6GgKgN CHR DefaultSearchKeyword: google.co.uk CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Users\Adam\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File CHR Plugin: (Java Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media ) CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-05-09] CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-16] CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-16] CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-01-23] CHR Extension: (Freemake Video Converter) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2013-01-13] CHR Extension: (Google Wallet) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-16] CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-16] CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Adam\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-07] CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-05-07] CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-01-13] CHR StartMenuInternet: Google Chrome - C:\Users\Adam\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [100864 2013-01-11] (Freemake) R2 hasplms; C:\Windows\system32\hasplms.exe [4941768 2012-06-28] (SafeNet Inc.) R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] () S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation) S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.) S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation) S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited) R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics) S3 catchme; \??\C:\ComboFix\catchme.sys [X] S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-07 17:01 - 2014-04-07 17:02 - 00017856 _____ () C:\Users\Adam\Downloads\FRST.txt 2014-04-07 16:57 - 2014-04-07 17:01 - 00000000 ____D () C:\FRST 2014-04-07 16:57 - 2014-04-07 16:57 - 02157056 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe 2014-04-07 14:21 - 2014-04-07 14:21 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (3).exe 2014-04-07 14:19 - 2014-04-07 14:19 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (2).exe 2014-04-07 13:19 - 2014-04-07 13:20 - 99173681 _____ () C:\Users\Adam\Downloads\Roomsets.zip 2014-04-07 09:57 - 2014-04-07 09:59 - 00000000 ____D () C:\Users\Adam\Desktop\amanda ward thomas 2014-04-07 09:45 - 2014-04-07 09:45 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9A6EE725-126F-4974-BD36-FDBE9B6FF8E8} 2014-04-07 08:46 - 2014-04-07 08:46 - 00030031 _____ () C:\ComboFix.txt 2014-04-07 08:04 - 2014-04-07 08:46 - 00000000 ____D () C:\Qoobox 2014-04-07 08:04 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-04-07 08:04 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-04-07 08:04 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-04-07 08:04 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-04-07 08:04 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-04-07 08:04 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2014-04-07 08:04 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2014-04-07 08:04 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2014-04-07 08:01 - 2014-04-07 08:02 - 05195663 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe 2014-04-07 07:46 - 2014-04-07 07:46 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Adam\Downloads\tdsskiller.exe 2014-04-05 16:07 - 2014-04-05 16:07 - 00262144 ____N () C:\Windows\Minidump\040514-25100-01.dmp 2014-04-05 07:24 - 2014-04-05 07:24 - 00002068 _____ () C:\Users\Adam\Desktop\RKreport[0]_S_04052014_072450.txt 2014-04-05 07:17 - 2014-04-05 07:17 - 00012232 _____ () C:\Users\Adam\Desktop\steven complain letter.odt 2014-04-05 07:11 - 2014-04-05 07:24 - 00000000 ____D () C:\Users\Adam\Desktop\RK_Quarantine 2014-04-05 07:11 - 2014-04-05 07:11 - 04527616 _____ () C:\Users\Adam\Downloads\RogueKillerX64 (2).exe 2014-04-04 19:03 - 2014-04-04 19:03 - 00262144 ____N () C:\Windows\Minidump\040414-26301-01.dmp 2014-04-04 08:30 - 2014-04-04 08:30 - 00025055 _____ () C:\Users\Adam\Desktop\dds.txt 2014-04-04 08:30 - 2014-04-04 08:30 - 00011058 _____ () C:\Users\Adam\Desktop\attach.txt 2014-04-04 08:28 - 2014-04-04 08:28 - 00688992 _____ (Swearware) C:\Users\Adam\Downloads\dds.com 2014-04-04 08:26 - 2014-04-04 08:27 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds.scr 2014-04-03 22:48 - 2014-04-03 22:49 - 00000000 ____D () C:\Users\Adam\AppData\Local\{028343D6-85B4-4FAA-9879-C6555C19D89C} 2014-04-03 10:46 - 2014-04-03 10:47 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5D13CE0-8239-4FEC-ABF0-0DCDDBA5FB40} 2014-04-02 21:58 - 2014-04-02 21:58 - 00000000 ____D () C:\Users\Adam\Desktop\New folder (2) 2014-04-02 20:56 - 2014-04-02 20:56 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12 (2).tif 2014-04-02 20:23 - 2014-04-02 20:23 - 01105152 _____ () C:\Users\Adam\Downloads\MODE Kit 6.tif 2014-04-02 20:22 - 2014-04-02 20:22 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12.TIF 2014-04-02 20:19 - 2014-04-02 20:19 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F76335AD-9C4E-4A5C-BBAF-F51686525EF1} 2014-04-02 09:18 - 2014-04-02 22:20 - 00019252 _____ () C:\Users\Adam\Desktop\website core products.ods 2014-04-02 08:56 - 2014-04-02 08:56 - 01295592 _____ () C:\Users\Adam\Downloads\BWFLSBSM - FALL Free Standing BSM.tiff 2014-04-02 08:55 - 2014-04-02 20:24 - 00000000 ____D () C:\Users\Adam\Desktop\the missing photos 2014-04-02 08:18 - 2014-04-02 08:19 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3C136F17-7097-47C0-A5AC-33B31754D5DC} 2014-04-02 08:15 - 2014-04-02 08:15 - 02146740 _____ () C:\Users\Adam\Downloads\BWFL3HBM FALL 3H BM.tif 2014-04-01 20:35 - 2014-04-01 20:35 - 00019262 _____ () C:\Users\Adam\Desktop\web site descriptions in the bathroom.ods 2014-04-01 20:18 - 2014-04-01 20:18 - 00000000 ____D () C:\Users\Adam\AppData\Local\{83519622-FBD5-4A94-86C5-295E718E5CBE} 2014-04-01 19:16 - 2014-04-01 19:18 - 233333200 _____ () C:\Users\Adam\Downloads\Inaqua Brassware.zip 2014-04-01 14:11 - 2014-04-01 14:14 - 510053886 _____ () C:\Users\Adam\Downloads\Inaqua Shower Kits.zip 2014-03-31 23:40 - 2014-03-31 23:40 - 00018748 _____ () C:\Users\Adam\Desktop\web site descriptions in teh bathroom.ods 2014-03-31 20:06 - 2014-03-31 20:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{BABBCC2F-473A-4663-AC31-647327A4BDE9} 2014-03-31 19:52 - 2014-03-31 19:52 - 00000000 ____D () C:\Users\Adam\Desktop\New folder 2014-03-31 08:29 - 2014-03-31 19:58 - 00000000 ____D () C:\Users\Adam\Desktop\photos for ebay 2014-03-31 08:06 - 2014-03-31 08:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{D8833EE2-EE75-483F-B539-BC506008AD31} 2014-03-30 18:36 - 2014-03-30 18:36 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5A9BE8D-49CD-40DB-B5DB-98140D703F91} 2014-03-30 17:11 - 2014-03-30 17:11 - 00262144 ____N () C:\Windows\Minidump\033014-25256-01.dmp 2014-03-30 06:15 - 2014-03-30 06:15 - 00000000 ____D () C:\Users\Adam\AppData\Local\{AA63A39A-044F-4761-B7A9-758903434CAF} 2014-03-29 18:00 - 2014-03-29 18:01 - 00000000 ____D () C:\Users\Adam\AppData\Local\{687008CC-EE43-4D84-9B21-EF70B69AF5CA} 2014-03-29 06:56 - 2014-03-29 06:56 - 00000359 _____ () C:\Users\Adam\Desktop\Recycle Bin - Shortcut.lnk 2014-03-29 06:44 - 2014-03-29 06:44 - 00985600 _____ () C:\Users\Adam\Downloads\MicrosoftFixit50123.msi 2014-03-28 19:50 - 2014-03-28 19:50 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7C1886E0-7D2C-4287-9D8E-7B08602B8103} 2014-03-28 07:28 - 2014-03-28 07:29 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3314F94B-900D-41BB-8605-611CA27727E9} 2014-03-28 07:04 - 2014-03-28 07:04 - 00000000 ____D () C:\Windows\Temp6C4F1ED9-F7AC-6904-A079-795ECCB44824-Signatures 2014-03-27 19:28 - 2014-03-27 19:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{CA110284-A9EC-48E3-8F24-6BDEABEE3996} 2014-03-27 14:06 - 2014-03-27 14:06 - 00010977 _____ () C:\Users\Adam\Desktop\website links.odt 2014-03-27 07:28 - 2014-03-27 07:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A0EC3CB1-92E4-4404-A84D-EF11CEB92B15} 2014-03-26 19:01 - 2014-03-26 19:01 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6148E818-AFC7-44C1-9C6E-2B5194B3C48D} 2014-03-26 09:12 - 2014-03-26 09:13 - 00114176 _____ () C:\Users\Adam\Desktop\no discount in the bathroom.xls 2014-03-26 06:58 - 2014-03-26 06:58 - 00000000 ____D () C:\Users\Adam\AppData\Local\{227A5C99-4AD1-4420-BCE7-EEA0A87543F5} 2014-03-25 13:29 - 2014-03-25 13:29 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C8B663A5-A6C7-473E-9B07-672D563FB44D} 2014-03-24 22:47 - 2014-03-24 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{4FEE1CCE-23B7-483E-9C87-34EE08D60946} 2014-03-24 11:21 - 2014-03-24 11:21 - 00000000 ____D () C:\Users\Adam\AppData\Local\{04DAC2C2-FCB1-44FA-B05B-806635B10269} 2014-03-23 22:48 - 2014-03-23 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{020EA083-AA8C-4136-8C55-98A4B203A46E} 2014-03-23 10:47 - 2014-03-23 10:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{8BB9C313-945F-41A3-942A-F165764E5A27} 2014-03-22 21:13 - 2014-03-22 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{FF1AB0B0-23F8-4861-B4FD-A47DF4918BBE} 2014-03-22 09:12 - 2014-03-22 09:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{769B5502-F5FA-44E6-9308-569ABCFF6F31} 2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5F7EB489-70F2-431B-86EC-ADA0B0787F08} 2014-03-21 16:18 - 2014-03-21 16:18 - 00262144 ____N () C:\Windows\Minidump\032114-23056-01.dmp 2014-03-21 08:16 - 2014-03-21 08:16 - 00000000 ____D () C:\Users\Adam\AppData\Local\{499462BF-4E29-4A80-9BCF-99A6DC8327D7} 2014-03-20 15:38 - 2014-03-20 15:38 - 00000000 ____D () C:\Users\Adam\AppData\Local\{51641B17-3F28-4CAF-A4C2-ED3CE1BA09E8} 2014-03-20 00:42 - 2014-03-20 00:42 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9C4926CD-AA68-415B-9DAB-E0FCBBFA55E7} 2014-03-20 00:11 - 2014-03-20 00:11 - 00090129 _____ () C:\Users\Adam\Desktop\2nd.csv 2014-03-20 00:08 - 2014-03-20 00:09 - 00128141 _____ () C:\Users\Adam\Desktop\first atte.csv 2014-03-19 12:41 - 2014-03-19 12:42 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F68CE423-0868-4877-A185-34C26B992734} 2014-03-19 00:41 - 2014-03-19 00:41 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5BD95F33-A926-4F76-BE5C-5F0506A149CD} 2014-03-18 12:32 - 2014-03-18 12:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{16F8E324-BC66-4A25-8C37-DC9E161B4987} 2014-03-18 00:32 - 2014-03-18 00:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2AB2579A-F85A-4CF9-AFE0-5E372FFEC502} 2014-03-17 12:31 - 2014-03-17 12:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2EE820F6-C6C3-4653-82A5-CC7ACD64DB53} 2014-03-17 00:03 - 2014-03-17 00:03 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C552C9CC-D7A3-472A-AE1A-D10AE81D2C88} 2014-03-16 16:57 - 2014-03-16 16:57 - 00262144 ____N () C:\Windows\Minidump\031614-44460-01.dmp 2014-03-16 12:02 - 2014-03-16 12:02 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7A859F32-1706-4236-A197-963CD381001C} 2014-03-15 22:48 - 2014-03-15 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2F2A5F00-D6C4-46AB-8D89-79D5DA24C086} 2014-03-15 21:03 - 2014-03-15 21:03 - 00012993 _____ () C:\Users\Adam\Desktop\Untitled 3.odt 2014-03-15 18:40 - 2014-03-15 18:40 - 00262144 ____N () C:\Windows\Minidump\031514-37487-01.dmp 2014-03-15 08:11 - 2014-03-15 08:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E2E5445-F0CA-4288-81BA-95AF96B954F4} 2014-03-14 21:13 - 2014-03-29 06:57 - 00000000 ____D () C:\Users\Adam\Desktop\siamp 2014-03-14 18:51 - 2014-03-14 18:52 - 00000000 ____D () C:\Users\Adam\AppData\Local\{1595BB50-06B1-4524-B4F7-6B76006CA688} 2014-03-14 06:51 - 2014-03-14 06:51 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79B9E50D-A347-4F33-895B-775801828B38} 2014-03-13 18:50 - 2014-03-13 18:50 - 00262144 ____N () C:\Windows\Minidump\031314-36005-01.dmp 2014-03-13 18:47 - 2014-03-13 18:47 - 00262144 ____N () C:\Windows\Minidump\031314-36722-01.dmp 2014-03-13 13:35 - 2014-03-13 13:36 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79C0CC25-AD58-4C58-A293-73A04F69D9F6} 2014-03-13 09:09 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 09:09 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 09:09 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 09:09 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 09:09 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 09:09 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 09:09 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 09:09 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 09:09 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 09:09 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 09:09 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 09:09 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 09:09 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 09:09 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 09:09 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 09:09 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 09:09 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 09:09 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 09:09 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 09:09 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 09:09 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 09:09 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 09:09 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 09:09 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 09:09 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 09:09 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 09:09 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 09:09 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 09:09 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 09:09 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 09:09 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 09:09 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 09:09 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 09:09 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 09:09 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 09:09 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 09:09 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 09:09 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 09:09 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 09:09 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 09:09 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 09:09 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 09:09 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 09:09 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 09:08 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 09:08 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 09:08 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 09:08 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 00:26 - 2014-03-13 00:26 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E0D68A73-8CAD-4DBB-B854-362A6F463173} 2014-03-12 12:27 - 2014-03-12 12:27 - 00000000 ____D () C:\Users\Adam\AppData\Local\{31D55E0A-622A-472A-976A-FCBB365DF65D} 2014-03-11 22:22 - 2014-03-11 22:22 - 00017366 _____ () C:\Users\Adam\Desktop\mx customers.odt 2014-03-11 21:14 - 2014-03-11 21:14 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E785D8CE-9E9C-4AE3-9CCD-E0C7CC4B77AE} 2014-03-11 09:13 - 2014-03-11 09:14 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E612855-F020-460F-AA1A-6EC5E062AC0D} 2014-03-10 21:13 - 2014-03-10 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{B64B95ED-4240-4839-B7ED-E302515AC811} 2014-03-10 09:12 - 2014-03-10 09:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6D015249-73C2-4230-AF10-4F7160FB7B32} 2014-03-09 16:57 - 2014-03-09 16:57 - 00262144 ____N () C:\Windows\Minidump\030914-21980-01.dmp 2014-03-08 13:54 - 2014-03-08 13:54 - 10318304 _____ () C:\Users\Adam\Downloads\uMark.zip ==================== One Month Modified Files and Folders ======= 2014-04-07 17:02 - 2014-04-07 17:01 - 00017856 _____ () C:\Users\Adam\Downloads\FRST.txt 2014-04-07 17:01 - 2014-04-07 16:57 - 00000000 ____D () C:\FRST 2014-04-07 16:57 - 2014-04-07 16:57 - 02157056 _____ (Farbar) C:\Users\Adam\Downloads\FRST64.exe 2014-04-07 16:54 - 2013-02-28 16:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-07 16:54 - 2011-04-18 16:24 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job 2014-04-07 16:54 - 2011-04-18 16:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-07 16:54 - 2010-07-05 21:26 - 01240159 _____ () C:\Windows\WindowsUpdate.log 2014-04-07 14:48 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-07 14:48 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-07 14:42 - 2012-08-22 09:50 - 00000000 ___RD () C:\Users\Adam\Dropbox 2014-04-07 14:42 - 2012-08-22 09:46 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Dropbox 2014-04-07 14:40 - 2012-11-17 12:55 - 00000000 ___RD () C:\Users\Adam\Google Drive 2014-04-07 14:39 - 2014-02-18 08:02 - 00001972 _____ () C:\Windows\setupact.log 2014-04-07 14:39 - 2011-04-18 16:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-07 14:39 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-07 14:37 - 2014-01-22 23:40 - 00000000 ____D () C:\AdwCleaner 2014-04-07 14:21 - 2014-04-07 14:21 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (3).exe 2014-04-07 14:19 - 2014-04-07 14:19 - 01426178 _____ () C:\Users\Adam\Downloads\AdwCleaner (2).exe 2014-04-07 13:20 - 2014-04-07 13:19 - 99173681 _____ () C:\Users\Adam\Downloads\Roomsets.zip 2014-04-07 11:39 - 2014-01-24 19:04 - 00000000 ____D () C:\Users\Adam\AppData\Local\CrashDumps 2014-04-07 10:36 - 2011-06-04 17:27 - 00000099 _____ () C:\Users\Public\LMDebug.log 2014-04-07 09:59 - 2014-04-07 09:57 - 00000000 ____D () C:\Users\Adam\Desktop\amanda ward thomas 2014-04-07 09:45 - 2014-04-07 09:45 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9A6EE725-126F-4974-BD36-FDBE9B6FF8E8} 2014-04-07 09:33 - 2014-01-29 12:50 - 00020992 _____ () C:\Users\Adam\Desktop\elements trade.xls 2014-04-07 08:46 - 2014-04-07 08:46 - 00030031 _____ () C:\ComboFix.txt 2014-04-07 08:46 - 2014-04-07 08:04 - 00000000 ____D () C:\Qoobox 2014-04-07 08:32 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2014-04-07 08:31 - 2014-02-27 09:07 - 00133236 _____ () C:\Windows\PFRO.log 2014-04-07 08:30 - 2012-12-30 22:31 - 00000000 ____D () C:\Windows\erdnt 2014-04-07 08:02 - 2014-04-07 08:01 - 05195663 ____R (Swearware) C:\Users\Adam\Downloads\ComboFix.exe 2014-04-07 07:58 - 2009-07-14 06:13 - 00006222 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-07 07:46 - 2014-04-07 07:46 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Adam\Downloads\tdsskiller.exe 2014-04-07 07:39 - 2011-04-18 15:57 - 00002148 _____ () C:\Windows\epplauncher.mif 2014-04-06 23:27 - 2013-02-03 21:10 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\Skype 2014-04-06 21:49 - 2011-04-18 16:24 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job 2014-04-05 16:07 - 2014-04-05 16:07 - 00262144 ____N () C:\Windows\Minidump\040514-25100-01.dmp 2014-04-05 16:07 - 2011-08-01 20:03 - 00000000 ____D () C:\Windows\Minidump 2014-04-05 08:00 - 2012-12-15 00:23 - 00000000 ____D () C:\Users\Adam\Documents\HDCam Data 2014-04-05 07:24 - 2014-04-05 07:24 - 00002068 _____ () C:\Users\Adam\Desktop\RKreport[0]_S_04052014_072450.txt 2014-04-05 07:24 - 2014-04-05 07:11 - 00000000 ____D () C:\Users\Adam\Desktop\RK_Quarantine 2014-04-05 07:19 - 2011-05-03 18:52 - 00000000 ____D () C:\Users\Adam\AppData\Local\Paint.NET 2014-04-05 07:17 - 2014-04-05 07:17 - 00012232 _____ () C:\Users\Adam\Desktop\steven complain letter.odt 2014-04-05 07:17 - 2012-11-07 20:28 - 00000000 ____D () C:\Users\Adam\Desktop\taptaptap website 2014-04-05 07:16 - 2014-02-24 11:54 - 00015333 _____ () C:\Users\Adam\Desktop\spencer brassware.ods 2014-04-05 07:16 - 2014-02-22 10:46 - 00016967 _____ () C:\Users\Adam\Desktop\spencer the spinney 2.ods 2014-04-05 07:11 - 2014-04-05 07:11 - 04527616 _____ () C:\Users\Adam\Downloads\RogueKillerX64 (2).exe 2014-04-04 19:08 - 2013-01-06 13:25 - 00000000 ____D () C:\Users\Adam\AppData\Roaming\avidemux 2014-04-04 19:05 - 2013-07-03 00:33 - 00000000 ____D () C:\Users\Adam\Desktop\other 2014-04-04 19:05 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-04-04 19:03 - 2014-04-04 19:03 - 00262144 ____N () C:\Windows\Minidump\040414-26301-01.dmp 2014-04-04 09:39 - 2011-08-11 14:14 - 00000000 ____D () C:\Users\Adam\Desktop\sinks 2014-04-04 08:46 - 2012-09-17 07:10 - 00000000 ____D () C:\Users\Adam\Desktop\customers 2014-04-04 08:30 - 2014-04-04 08:30 - 00025055 _____ () C:\Users\Adam\Desktop\dds.txt 2014-04-04 08:30 - 2014-04-04 08:30 - 00011058 _____ () C:\Users\Adam\Desktop\attach.txt 2014-04-04 08:28 - 2014-04-04 08:28 - 00688992 _____ (Swearware) C:\Users\Adam\Downloads\dds.com 2014-04-04 08:27 - 2014-04-04 08:26 - 00688992 ____R (Swearware) C:\Users\Adam\Downloads\dds.scr 2014-04-03 22:49 - 2014-04-03 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{028343D6-85B4-4FAA-9879-C6555C19D89C} 2014-04-03 10:47 - 2014-04-03 10:46 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5D13CE0-8239-4FEC-ABF0-0DCDDBA5FB40} 2014-04-02 22:58 - 2011-04-21 07:00 - 00000000 ____D () C:\Users\Adam\AppData\Local\Windows Live 2014-04-02 22:25 - 2011-04-29 12:05 - 00000000 ____D () C:\Users\Adam\Documents\durab T&H 2014-04-02 22:20 - 2014-04-02 09:18 - 00019252 _____ () C:\Users\Adam\Desktop\website core products.ods 2014-04-02 21:58 - 2014-04-02 21:58 - 00000000 ____D () C:\Users\Adam\Desktop\New folder (2) 2014-04-02 20:56 - 2014-04-02 20:56 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12 (2).tif 2014-04-02 20:24 - 2014-04-02 08:55 - 00000000 ____D () C:\Users\Adam\Desktop\the missing photos 2014-04-02 20:23 - 2014-04-02 20:23 - 01105152 _____ () C:\Users\Adam\Downloads\MODE Kit 6.tif 2014-04-02 20:22 - 2014-04-02 20:22 - 01445624 _____ () C:\Users\Adam\Downloads\LEVI Kit 12.TIF 2014-04-02 20:19 - 2014-04-02 20:19 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F76335AD-9C4E-4A5C-BBAF-F51686525EF1} 2014-04-02 08:56 - 2014-04-02 08:56 - 01295592 _____ () C:\Users\Adam\Downloads\BWFLSBSM - FALL Free Standing BSM.tiff 2014-04-02 08:19 - 2014-04-02 08:18 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3C136F17-7097-47C0-A5AC-33B31754D5DC} 2014-04-02 08:15 - 2014-04-02 08:15 - 02146740 _____ () C:\Users\Adam\Downloads\BWFL3HBM FALL 3H BM.tif 2014-04-01 20:35 - 2014-04-01 20:35 - 00019262 _____ () C:\Users\Adam\Desktop\web site descriptions in the bathroom.ods 2014-04-01 20:18 - 2014-04-01 20:18 - 00000000 ____D () C:\Users\Adam\AppData\Local\{83519622-FBD5-4A94-86C5-295E718E5CBE} 2014-04-01 19:18 - 2014-04-01 19:16 - 233333200 _____ () C:\Users\Adam\Downloads\Inaqua Brassware.zip 2014-04-01 14:14 - 2014-04-01 14:11 - 510053886 _____ () C:\Users\Adam\Downloads\Inaqua Shower Kits.zip 2014-04-01 09:33 - 2011-04-18 15:54 - 00000000 ____D () C:\Users\Adam\AppData\Local\Google 2014-03-31 23:40 - 2014-03-31 23:40 - 00018748 _____ () C:\Users\Adam\Desktop\web site descriptions in teh bathroom.ods 2014-03-31 20:06 - 2014-03-31 20:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{BABBCC2F-473A-4663-AC31-647327A4BDE9} 2014-03-31 19:58 - 2014-03-31 08:29 - 00000000 ____D () C:\Users\Adam\Desktop\photos for ebay 2014-03-31 19:52 - 2014-03-31 19:52 - 00000000 ____D () C:\Users\Adam\Desktop\New folder 2014-03-31 19:51 - 2013-01-15 20:07 - 00000000 ____D () C:\Users\Adam\Desktop\2013 taps 2014-03-31 08:06 - 2014-03-31 08:06 - 00000000 ____D () C:\Users\Adam\AppData\Local\{D8833EE2-EE75-483F-B539-BC506008AD31} 2014-03-30 18:36 - 2014-03-30 18:36 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A5A9BE8D-49CD-40DB-B5DB-98140D703F91} 2014-03-30 17:11 - 2014-03-30 17:11 - 00262144 ____N () C:\Windows\Minidump\033014-25256-01.dmp 2014-03-30 06:15 - 2014-03-30 06:15 - 00000000 ____D () C:\Users\Adam\AppData\Local\{AA63A39A-044F-4761-B7A9-758903434CAF} 2014-03-29 18:01 - 2014-03-29 18:00 - 00000000 ____D () C:\Users\Adam\AppData\Local\{687008CC-EE43-4D84-9B21-EF70B69AF5CA} 2014-03-29 06:57 - 2014-03-14 21:13 - 00000000 ____D () C:\Users\Adam\Desktop\siamp 2014-03-29 06:56 - 2014-03-29 06:56 - 00000359 _____ () C:\Users\Adam\Desktop\Recycle Bin - Shortcut.lnk 2014-03-29 06:44 - 2014-03-29 06:44 - 00985600 _____ () C:\Users\Adam\Downloads\MicrosoftFixit50123.msi 2014-03-28 19:50 - 2014-03-28 19:50 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7C1886E0-7D2C-4287-9D8E-7B08602B8103} 2014-03-28 07:29 - 2014-03-28 07:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3314F94B-900D-41BB-8605-611CA27727E9} 2014-03-28 07:06 - 2012-05-02 07:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-03-28 07:06 - 2011-04-18 15:57 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-03-28 07:04 - 2014-03-28 07:04 - 00000000 ____D () C:\Windows\Temp6C4F1ED9-F7AC-6904-A079-795ECCB44824-Signatures 2014-03-27 19:28 - 2014-03-27 19:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{CA110284-A9EC-48E3-8F24-6BDEABEE3996} 2014-03-27 14:06 - 2014-03-27 14:06 - 00010977 _____ () C:\Users\Adam\Desktop\website links.odt 2014-03-27 07:28 - 2014-03-27 07:28 - 00000000 ____D () C:\Users\Adam\AppData\Local\{A0EC3CB1-92E4-4404-A84D-EF11CEB92B15} 2014-03-26 22:44 - 2011-04-18 16:24 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA 2014-03-26 22:44 - 2011-04-18 16:24 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core 2014-03-26 19:01 - 2014-03-26 19:01 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6148E818-AFC7-44C1-9C6E-2B5194B3C48D} 2014-03-26 09:13 - 2014-03-26 09:12 - 00114176 _____ () C:\Users\Adam\Desktop\no discount in the bathroom.xls 2014-03-26 06:58 - 2014-03-26 06:58 - 00000000 ____D () C:\Users\Adam\AppData\Local\{227A5C99-4AD1-4420-BCE7-EEA0A87543F5} 2014-03-25 13:29 - 2014-03-25 13:29 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C8B663A5-A6C7-473E-9B07-672D563FB44D} 2014-03-24 22:48 - 2014-03-24 22:47 - 00000000 ____D () C:\Users\Adam\AppData\Local\{4FEE1CCE-23B7-483E-9C87-34EE08D60946} 2014-03-24 11:21 - 2014-03-24 11:21 - 00000000 ____D () C:\Users\Adam\AppData\Local\{04DAC2C2-FCB1-44FA-B05B-806635B10269} 2014-03-23 22:48 - 2014-03-23 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{020EA083-AA8C-4136-8C55-98A4B203A46E} 2014-03-23 17:14 - 2013-03-21 11:33 - 00000000 ____D () C:\Users\Adam\Desktop\storage horders 2014-03-23 17:14 - 2011-10-31 22:50 - 00000000 ____D () C:\Users\Adam\Desktop\store items 2014-03-23 10:48 - 2014-03-23 10:47 - 00000000 ____D () C:\Users\Adam\AppData\Local\{8BB9C313-945F-41A3-942A-F165764E5A27} 2014-03-22 21:13 - 2014-03-22 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{FF1AB0B0-23F8-4861-B4FD-A47DF4918BBE} 2014-03-22 09:13 - 2014-03-22 09:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{769B5502-F5FA-44E6-9308-569ABCFF6F31} 2014-03-21 21:12 - 2014-03-21 21:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5F7EB489-70F2-431B-86EC-ADA0B0787F08} 2014-03-21 16:18 - 2014-03-21 16:18 - 00262144 ____N () C:\Windows\Minidump\032114-23056-01.dmp 2014-03-21 10:55 - 2011-04-18 17:40 - 00000000 ____D () C:\Users\Adam\Documents\Turbo Lister Backup 2014-03-21 08:16 - 2014-03-21 08:16 - 00000000 ____D () C:\Users\Adam\AppData\Local\{499462BF-4E29-4A80-9BCF-99A6DC8327D7} 2014-03-20 15:38 - 2014-03-20 15:38 - 00000000 ____D () C:\Users\Adam\AppData\Local\{51641B17-3F28-4CAF-A4C2-ED3CE1BA09E8} 2014-03-20 07:21 - 2013-08-02 11:47 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-20 07:17 - 2011-04-18 16:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-03-20 07:17 - 2011-04-18 16:15 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-20 07:15 - 2011-04-30 15:39 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-20 00:42 - 2014-03-20 00:42 - 00000000 ____D () C:\Users\Adam\AppData\Local\{9C4926CD-AA68-415B-9DAB-E0FCBBFA55E7} 2014-03-20 00:11 - 2014-03-20 00:11 - 00090129 _____ () C:\Users\Adam\Desktop\2nd.csv 2014-03-20 00:09 - 2014-03-20 00:08 - 00128141 _____ () C:\Users\Adam\Desktop\first atte.csv 2014-03-19 12:42 - 2014-03-19 12:41 - 00000000 ____D () C:\Users\Adam\AppData\Local\{F68CE423-0868-4877-A185-34C26B992734} 2014-03-19 00:41 - 2014-03-19 00:41 - 00000000 ____D () C:\Users\Adam\AppData\Local\{5BD95F33-A926-4F76-BE5C-5F0506A149CD} 2014-03-18 12:32 - 2014-03-18 12:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{16F8E324-BC66-4A25-8C37-DC9E161B4987} 2014-03-18 00:32 - 2014-03-18 00:32 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2AB2579A-F85A-4CF9-AFE0-5E372FFEC502} 2014-03-17 12:32 - 2014-03-17 12:31 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2EE820F6-C6C3-4653-82A5-CC7ACD64DB53} 2014-03-17 00:03 - 2014-03-17 00:03 - 00000000 ____D () C:\Users\Adam\AppData\Local\{C552C9CC-D7A3-472A-AE1A-D10AE81D2C88} 2014-03-16 16:57 - 2014-03-16 16:57 - 00262144 ____N () C:\Windows\Minidump\031614-44460-01.dmp 2014-03-16 12:02 - 2014-03-16 12:02 - 00000000 ____D () C:\Users\Adam\AppData\Local\{7A859F32-1706-4236-A197-963CD381001C} 2014-03-15 22:48 - 2014-03-15 22:48 - 00000000 ____D () C:\Users\Adam\AppData\Local\{2F2A5F00-D6C4-46AB-8D89-79D5DA24C086} 2014-03-15 21:03 - 2014-03-15 21:03 - 00012993 _____ () C:\Users\Adam\Desktop\Untitled 3.odt 2014-03-15 18:40 - 2014-03-15 18:40 - 00262144 ____N () C:\Windows\Minidump\031514-37487-01.dmp 2014-03-15 13:21 - 2011-04-18 16:24 - 00002362 _____ () C:\Users\Adam\Desktop\Google Chrome.lnk 2014-03-15 08:12 - 2014-03-15 08:11 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E2E5445-F0CA-4288-81BA-95AF96B954F4} 2014-03-14 18:52 - 2014-03-14 18:51 - 00000000 ____D () C:\Users\Adam\AppData\Local\{1595BB50-06B1-4524-B4F7-6B76006CA688} 2014-03-14 07:18 - 2009-07-14 05:45 - 00370408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 07:16 - 2012-05-16 07:44 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 07:16 - 2012-05-16 07:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 06:51 - 2014-03-14 06:51 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79B9E50D-A347-4F33-895B-775801828B38} 2014-03-13 18:50 - 2014-03-13 18:50 - 00262144 ____N () C:\Windows\Minidump\031314-36005-01.dmp 2014-03-13 18:47 - 2014-03-13 18:47 - 00262144 ____N () C:\Windows\Minidump\031314-36722-01.dmp 2014-03-13 13:36 - 2014-03-13 13:35 - 00000000 ____D () C:\Users\Adam\AppData\Local\{79C0CC25-AD58-4C58-A293-73A04F69D9F6} 2014-03-13 00:26 - 2014-03-13 00:26 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E0D68A73-8CAD-4DBB-B854-362A6F463173} 2014-03-12 12:27 - 2014-03-12 12:27 - 00000000 ____D () C:\Users\Adam\AppData\Local\{31D55E0A-622A-472A-976A-FCBB365DF65D} 2014-03-11 22:22 - 2014-03-11 22:22 - 00017366 _____ () C:\Users\Adam\Desktop\mx customers.odt 2014-03-11 21:14 - 2014-03-11 21:14 - 00000000 ____D () C:\Users\Adam\AppData\Local\{E785D8CE-9E9C-4AE3-9CCD-E0C7CC4B77AE} 2014-03-11 19:41 - 2013-02-28 16:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 19:41 - 2013-02-28 16:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 19:41 - 2013-02-28 16:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 09:14 - 2014-03-11 09:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{3E612855-F020-460F-AA1A-6EC5E062AC0D} 2014-03-10 21:13 - 2014-03-10 21:13 - 00000000 ____D () C:\Users\Adam\AppData\Local\{B64B95ED-4240-4839-B7ED-E302515AC811} 2014-03-10 09:13 - 2014-03-10 09:12 - 00000000 ____D () C:\Users\Adam\AppData\Local\{6D015249-73C2-4230-AF10-4F7160FB7B32} 2014-03-09 16:57 - 2014-03-09 16:57 - 00262144 ____N () C:\Windows\Minidump\030914-21980-01.dmp 2014-03-08 13:54 - 2014-03-08 13:54 - 10318304 _____ () C:\Users\Adam\Downloads\uMark.zip Some content of TEMP: ==================== C:\Users\Adam\AppData\Local\Temp\Checkupdate.exe C:\Users\Adam\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\Adam\AppData\Local\Temp\gcapi_dll.dll C:\Users\Adam\AppData\Local\Temp\gtapi_signed.dll C:\Users\Adam\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-30 22:21 ==================== End Of Log ============================

Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2014.04.07.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Adam :: ADAM-PC [administrator] 07/04/2014 14:49:25 mbam-log-2014-04-07 (14-49-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 239558 Time elapsed: 2 hour(s), 6 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

# AdwCleaner v3.023 - Report created 07/04/2014 at 14:35:14 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Adam - ADAM-PC # Running from : C:\Users\Adam\Downloads\AdwCleaner (3).exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v [ File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2666 octets] - [22/01/2014 23:42:57] AdwCleaner[R1].txt - [870 octets] - [07/04/2014 14:22:54] AdwCleaner[s0].txt - [2690 octets] - [22/01/2014 23:46:35] AdwCleaner[s1].txt - [792 octets] - [07/04/2014 14:35:14] ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [851 octets] ##########

AdwCleaner v3.023 - Report created 07/04/2014 at 14:22:54 # Updated 01/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) # Username : Adam - ADAM-PC # Running from : C:\Users\Adam\Downloads\AdwCleaner (3).exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v [ File : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2666 octets] - [22/01/2014 23:42:57] AdwCleaner[R1].txt - [672 octets] - [07/04/2014 14:22:54] AdwCleaner[s0].txt - [2690 octets] - [22/01/2014 23:46:35] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [791 octets] ##########

omboFix 14-04-06.01 - Adam 07/04/2014 8:07.3.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2807.1543 [GMT 1:00] Running from: c:\users\Adam\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Adam\AppData\Local\Temp\_MEI34522\_ctypes.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\_elementtree.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\_hashlib.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\_multiprocessing.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\_socket.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\_ssl.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\pyexpat.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\pysqlite2._sqlite.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\python27.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\pythoncom27.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\PyWinTypes27.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\select.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\unicodedata.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32api.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32com.shell.shell.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32crypt.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32event.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32file.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32inet.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32pdh.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32pipe.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32process.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32profile.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32security.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\win32ts.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\windows._lib_cacheinvalidation.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._controls_.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._core_.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._gdi_.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._html2.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._misc_.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._windows_.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wx._wizard.pyd c:\users\Adam\AppData\Local\Temp\_MEI34522\wxbase294u_net_vc90.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\wxbase294u_vc90.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_adv_vc90.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_core_vc90.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_html_vc90.dll c:\users\Adam\AppData\Local\Temp\_MEI34522\wxmsw294u_webview_vc90.dll . . ((((((((((((((((((((((((( Files Created from 2014-03-07 to 2014-04-07 ))))))))))))))))))))))))))))))) . . 2014-04-07 07:29 . 2014-04-07 07:29 -------- d-----w- c:\users\Public\AppData\Local\temp 2014-04-07 07:29 . 2014-04-07 07:29 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-04 06:35 . 2014-03-17 10:16 10521840 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{94E20C07-1B6E-467E-ADE1-B631A931EFC6}\mpengine.dll 2014-03-28 06:04 . 2014-03-28 06:04 -------- d-----w- c:\windows\Temp6C4F1ED9-F7AC-6904-A079-795ECCB44824-Signatures 2014-03-27 05:27 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F36F74DF-C354-420A-8AA8-31E3C5AC54D2}\mpengine.dll 2014-03-26 10:12 . 2014-03-07 04:43 10521840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-03-25 09:18 . 2014-02-20 07:52 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{32ED745E-C478-496D-B905-47E92C389217}\gapaengine.dll 2014-03-13 08:08 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-03-13 08:08 . 2014-02-04 02:32 624128 ----a-w- c:\windows\system32\qedit.dll 2014-03-13 08:08 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2014-03-13 08:08 . 2014-02-04 02:04 509440 ----a-w- c:\windows\SysWow64\qedit.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-20 06:15 . 2011-04-30 14:39 90015360 ----a-w- c:\windows\system32\MRT.exe 2014-03-11 18:41 . 2013-02-28 15:39 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-03-11 18:41 . 2013-02-28 15:39 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-20 07:52 . 2011-05-20 18:07 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2014-01-18 17:09 . 2014-01-18 17:09 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2014-01-18 17:09 . 2014-01-18 17:09 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2014-01-18 17:09 . 2014-01-18 17:09 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2014-01-18 17:09 . 2014-01-18 17:09 235008 ----a-w- c:\windows\system32\elshyph.dll 2014-01-18 17:09 . 2014-01-18 17:09 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2014-01-18 17:09 . 2014-01-18 17:09 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2014-01-18 17:09 . 2014-01-18 17:09 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2014-01-18 17:09 . 2014-01-18 17:09 337408 ----a-w- c:\windows\SysWow64\html.iec 2014-01-18 17:09 . 2014-01-18 17:09 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2014-01-18 17:09 . 2014-01-18 17:09 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2014-01-18 17:09 . 2014-01-18 17:09 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2014-01-18 17:09 . 2014-01-18 17:09 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2014-01-18 17:09 . 2014-01-18 17:09 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2014-01-18 17:09 . 2014-01-18 17:09 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2014-01-18 17:09 . 2014-01-18 17:09 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2014-01-18 17:09 . 2014-01-18 17:09 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2014-01-18 17:09 . 2014-01-18 17:09 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2014-01-18 17:09 . 2014-01-18 17:09 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2014-01-18 17:09 . 2014-01-18 17:09 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2014-01-18 17:09 . 2014-01-18 17:09 942592 ----a-w- c:\windows\system32\jsIntl.dll 2014-01-18 17:09 . 2014-01-18 17:09 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2014-01-18 17:09 . 2014-01-18 17:09 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2014-01-18 17:09 . 2014-01-18 17:09 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2014-01-18 17:09 . 2014-01-18 17:09 48640 ----a-w- c:\windows\system32\mshtmler.dll 2014-01-18 17:09 . 2014-01-18 17:09 247808 ----a-w- c:\windows\system32\msls31.dll 2014-01-18 17:09 . 2014-01-18 17:09 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2014-01-18 17:09 . 2014-01-18 17:09 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2014-01-18 17:09 . 2014-01-18 17:09 105984 ----a-w- c:\windows\system32\iesysprep.dll 2014-01-18 17:09 . 2014-01-18 17:09 81408 ----a-w- c:\windows\system32\icardie.dll 2014-01-18 17:09 . 2014-01-18 17:09 77312 ----a-w- c:\windows\system32\tdc.ocx 2014-01-18 17:09 . 2014-01-18 17:09 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2014-01-18 17:09 . 2014-01-18 17:09 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2014-01-18 17:09 . 2014-01-18 17:09 413696 ----a-w- c:\windows\system32\html.iec 2014-01-18 17:09 . 2014-01-18 17:09 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2014-01-18 17:09 . 2014-01-18 17:09 30208 ----a-w- c:\windows\system32\licmgr10.dll 2014-01-18 17:09 . 2014-01-18 17:09 296960 ----a-w- c:\windows\system32\dxtrans.dll 2014-01-18 17:09 . 2014-01-18 17:09 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2014-01-18 17:09 . 2014-01-18 17:09 243200 ----a-w- c:\windows\system32\webcheck.dll 2014-01-18 17:09 . 2014-01-18 17:09 235520 ----a-w- c:\windows\system32\url.dll 2014-01-18 17:09 . 2014-01-18 17:09 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2014-01-18 17:09 . 2014-01-18 17:09 101376 ----a-w- c:\windows\system32\inseng.dll 2014-01-18 17:09 . 2014-01-18 17:09 84992 ----a-w- c:\windows\system32\mshtmled.dll 2014-01-18 17:09 . 2014-01-18 17:09 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2014-01-18 17:09 . 2014-01-18 17:09 774144 ----a-w- c:\windows\system32\jscript.dll 2014-01-18 17:09 . 2014-01-18 17:09 62464 ----a-w- c:\windows\system32\pngfilt.dll 2014-01-18 17:09 . 2014-01-18 17:09 48128 ----a-w- c:\windows\system32\imgutil.dll 2014-01-18 17:09 . 2014-01-18 17:09 167424 ----a-w- c:\windows\system32\iexpress.exe 2014-01-18 17:09 . 2014-01-18 17:09 147968 ----a-w- c:\windows\system32\occache.dll 2014-01-18 17:09 . 2014-01-18 17:09 143872 ----a-w- c:\windows\system32\wextract.exe 2014-01-18 17:09 . 2014-01-18 17:09 13824 ----a-w- c:\windows\system32\mshta.exe 2014-01-18 17:09 . 2014-01-18 17:09 135680 ----a-w- c:\windows\system32\iepeers.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 131248 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Mobile Partner"="c:\program files (x86)\3MobileWiFi\3MobileWiFi" [X] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-21 39408] "MyTomTomSA.exe"="c:\program files (x86)\MyTomTom 3\MyTomTomSA.exe" [2011-11-14 435672] "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-01-30 21822128] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608] "Cookienator"="c:\program files (x86)\Cookienator\cookienator.exe" [2009-10-19 1333472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2010-06-07 618496] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Adam\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328] OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] R2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x] R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x] R3 huawei_cdcecm;huawei_cdcecm;c:\windows\system32\DRIVERS\ew_jucdcecm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcecm.sys [x] R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys;c:\windows\SYSNATIVE\DRIVERS\ew_juextctrl.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x] R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\DRIVERS\ZTEusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ZTEusbnet.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.exe [x] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x] S2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x] S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe -run;c:\windows\SYSNATIVE\hasplms.exe -run [x] S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2014-04-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-28 18:41] . 2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . 2014-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . 2014-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001Core.job - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . 2014-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2517162095-573492459-740728455-1001UA.job - c:\users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-18 15:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-10 23:54 164016 ----a-w- c:\users\Adam\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2014-01-30 15:05 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Seagull Drivers"="ssdal_nc.exe startup" [X] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-07-05 206208] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.254 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) SafeBoot-87099613.sys HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\windows\system32\hasplms.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2014-04-07 08:45:58 - machine was rebooted ComboFix-quarantined-files.txt 2014-04-07 07:45 . Pre-Run: 174,227,701,760 bytes free Post-Run: 175,328,190,464 bytes free . - - End Of File - - 6BEE3198B4FABA9DBA7DC71A41BB90B8