goa55

November 14, 2016

can anyone help me, i have a website www.taptaptap.co.uk that i cannot open eith at work or at home on 2 laptops or myphone when connected to wifi. when the phone is just using 3 or 4 g its fine i can view my site. at home i also have a gaming pc that is only ever used for gaming and i cannot open the site via chrome on that either.

the site was hacked about 1 year ago but the web company that put it back together cannot help me with this problem

any suggestions welcome.

May 3, 2016

any help welcome on this. i have a website www.taptaptap.co.uk which was hacked earlier this year the guy that maintains the site has moved it to another hosting company and all is now well. now i cannot look at the site on my home pc or work pc (different location) only via my phone on 3g. hes says there is nothing wrong with the site. so i am not sure what is going on any constructive advice welcome.

April 24, 2015

ok thanks mr C your the best.. have done a donation

April 23, 2015

machines running very well

April 22, 2015

it is done no threats found

April 22, 2015

i have run malware threat scan.. there are some thing in quaratine from 13th april thanks

April 21, 2015

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015

Ran by adam at 2015-04-21 22:41:38 Run:1

Running from C:\Users\adam\Desktop\mal

Loaded Profiles: adam (Available profiles: adam)

Boot Mode: Normal

==============================================

Content of fixlist:

*****************

C:\Users\adam\AppData\Local\Temp\ICReinstall_Chrome Download Manager.exe

C:\Users\adam\AppData\Local\Temp\Intel_Technology_Access_Software.exe

C:\Users\adam\AppData\Local\Temp\oct2559.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct5F90.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct6FA0.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct816F.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct8797.tmp.exe

C:\Users\adam\AppData\Local\Temp\octC47F.tmp.exe

C:\Users\adam\AppData\Local\Temp\octFD17.tmp.exe

C:\Users\adam\AppData\Local\Temp\paint.net.4.0.4.install.exe

C:\Users\adam\AppData\Local\Temp\swt-gdip-win32-3452.dll

C:\Users\adam\AppData\Local\Temp\swt-win32-3452.dll

AlternateDataStreams: C:\Users\adam\OneDrive:ms-properties

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F

AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD

*****************

C:\Users\adam\AppData\Local\Temp\ICReinstall_Chrome Download Manager.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\Intel_Technology_Access_Software.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\oct2559.tmp.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\oct5F90.tmp.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\oct6FA0.tmp.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\oct816F.tmp.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\oct8797.tmp.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\octC47F.tmp.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\octFD17.tmp.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\paint.net.4.0.4.install.exe => Moved successfully.

C:\Users\adam\AppData\Local\Temp\swt-gdip-win32-3452.dll => Moved successfully.

C:\Users\adam\AppData\Local\Temp\swt-win32-3452.dll => Moved successfully.

C:\Users\adam\OneDrive => ":ms-properties" ADS removed successfully.

C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.

C:\ProgramData\Temp => ":6C5EC3CD" ADS removed successfully.

==== End of Fixlog 22:41:45 ====

April 21, 2015

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.6.0 (04.20.2015:1)

OS: Windows 8.1 Connected x64

Ran by adam on 21/04/2015 at 23:13:11.62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1054520709-2473024980-3417720710-500

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2827351779-3346599264-1074541188-1001

Successfully deleted: [Task] C:\Windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2827351779-3346599264-1074541188-500

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{37D4BD70-B427-11E4-826B-F8A96373F8A7}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}

~~~ Files

Successfully deleted: [File] C:\Users\adam\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage-journal

Successfully deleted: [File] C:\Users\adam\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage

~~~ Folders

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 21/04/2015 at 23:17:09.86

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

April 21, 2015

# AdwCleaner v4.201 - Logfile created 21/04/2015 at 22:57:35

# Updated 08/04/2015 by Xplode

# Database : 2015-04-08.1 [server]

# Operating system : Windows 8.1 Connected (x64)

# Username : adam - LOUNGE

# Running from : C:\Users\adam\Downloads\adwcleaner_4.201 (2).exe

# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\adam\AppData\Local\pokki

File Deleted : C:\Users\Public\Desktop\eBay.lnk

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

File Deleted : C:\Users\adam\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk

File Deleted : C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

File Deleted : C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage

File Deleted : C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_homepage-web.com_0.localstorage-journal

***** [ Scheduled tasks ] *****

April 21, 2015

ok thanks am backing up as i write this

April 20, 2015

can anyone help with this thanks

April 20, 2015

not sure if this is malware or just a pop up but got the pop up asking me for £100 on chrome could not remove it so had to turn the laptop off. also i have this sweet laps dialog box asking me to install skype. doesn't seem right if anyone could help please

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01

Ran by adam (administrator) on LOUNGE on 20-04-2015 07:47:24

Running from C:\Users\adam\Downloads

Loaded Profiles: adam (Available profiles: adam)

Platform: Windows 8.1 Connected (X64) OS Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe

(Intel® Corporation) C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Microsoft Corporation) C:\Windows\System32\vds.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe

() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe

(Pokki) C:\Users\adam\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe

(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Pokki) C:\Users\adam\AppData\Local\Pokki\Engine\HostAppService.exe

(Opera Software) C:\Users\adam\AppData\Local\Opera Mail\operamail.exe

(Pokki) C:\Users\adam\AppData\Local\Pokki\Engine\StartMenuIndexer.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\adam\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-21] (Realtek Semiconductor)

HKLM\...\Run: [seagull Drivers] => ssdal_nc.exe startup

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [bacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-03-18] (Acer Incorporated)

HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [90880 2015-04-16] ()

HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] ( (Qualcomm®Atheros®))

HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON

HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Run: [spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-05-21] (Spotify Ltd)

HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Run: [steam] => C:\Program Files (x86)\Steam\steam.exe [2889408 2015-04-14] (Valve Corporation)

HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\RunOnce: [Application Restart #1] => C:\Users\adam\AppData\Local\Pokki\Engine\HostAppService.exe [7851848 2015-04-14] (Pokki)

ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)

ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)

ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-03-18] (Acer Incorporated)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}

SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {122E2AC7-025B-477B-8BE7-019A1DE656D1} URL =

SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {37D4BD70-B427-11E4-826B-F8A96373F8A7} URL =

SearchScopes: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = http://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)

Chrome:

=======

CHR HomePage: Default -> https://www.google.co.uk/

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR DefaultSearchKeyword: Default -> homepage-web.com

CHR DefaultSearchURL: Default -> http://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}

CHR DefaultSuggestURL: Default ->

CHR Profile: C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-16]

CHR Extension: (Google Drive) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-16]

CHR Extension: (YouTube) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-16]

CHR Extension: (Google Search) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-16]

CHR Extension: (Bookmark Manager) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-16]

CHR Extension: (Chrome Hotword Shared Module) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]

CHR Extension: (Google Wallet) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-16]

CHR Extension: (Gmail) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows ® Win 7 DDK provider) [File not signed]

S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-29] (Microsoft Corporation)

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2749696 2015-03-18] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)

R2 Intel® TechnologyAccessService; C:\Program Files\Intel Corporation\Intel® Technology Access\IntelTechnologyAccessService.exe [93408 2015-03-17] (Intel® Corporation)

S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-06-09] ()

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]

S4 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)

S3 BCMH43XX; C:\Windows\system32\DRIVERS\bcmwlhigh63a.sys [2071624 2013-03-06] (Broadcom Corporation)

S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)

S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)

S3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2013-11-11] (Intel Corporation)

R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [41688 2014-10-30] (Intel Corporation)

R3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [67800 2014-10-30] (Intel Corporation)

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [461528 2013-12-20] (Realsil Semiconductor Corporation)

R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)

R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 07:46 - 2015-04-20 07:47 - 02098176 _____ (Farbar) C:\Users\adam\Downloads\FRST64 (1).exe

2015-04-20 07:44 - 2015-04-20 07:44 - 00000000 ____D () C:\Users\adam\Desktop\mal

2015-04-20 07:40 - 2015-04-20 07:41 - 00030446 _____ () C:\Users\adam\Downloads\Addition.txt

2015-04-20 07:38 - 2015-04-20 07:47 - 00015208 _____ () C:\Users\adam\Downloads\FRST.txt

2015-04-20 07:37 - 2015-04-20 07:47 - 00000000 ____D () C:\FRST

2015-04-20 07:36 - 2015-04-20 07:36 - 02098176 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe

2015-04-19 08:50 - 2015-03-19 11:08 - 00049074 _____ () C:\Users\adam\Documents\Retail%20Price%20List%20-%2001.01.2015.xls_0_2.ods

2015-04-19 07:30 - 2015-04-19 07:34 - 538068488 _____ (GPLPS ) C:\Users\adam\Downloads\gplinstall_beta_1.04.exe

2015-04-18 15:28 - 2015-04-19 09:16 - 00000000 ____D () C:\Users\adam\Desktop\race sim

2015-04-17 22:48 - 2015-04-17 22:48 - 00001969 _____ () C:\Users\Public\Desktop\abDocs.lnk

2015-04-16 20:44 - 2015-04-16 20:44 - 00000000 ____D () C:\Users\adam\Documents\RACE07DEMO

2015-04-16 20:35 - 2015-04-16 20:35 - 00000220 _____ () C:\Users\adam\Desktop\RACE 07 Demo.url

2015-04-16 20:35 - 2015-04-16 20:35 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

2015-04-16 19:50 - 2015-04-16 19:50 - 00000000 ____D () C:\Users\adam\AppData\Local\Steam

2015-04-16 19:46 - 2015-04-20 07:30 - 00000000 ____D () C:\Program Files (x86)\Steam

2015-04-16 19:46 - 2015-04-16 19:46 - 00000983 _____ () C:\Users\Public\Desktop\Steam.lnk

2015-04-16 19:46 - 2015-04-16 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam

2015-04-16 19:43 - 2015-04-16 19:44 - 01142128 _____ () C:\Users\adam\Downloads\SteamSetup.exe

2015-04-15 21:30 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2015-04-15 21:30 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2015-04-15 21:30 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2015-04-15 21:30 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2015-04-15 21:30 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2015-04-15 21:30 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2015-04-15 21:30 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll

2015-04-15 21:30 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll

2015-04-15 21:29 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2015-04-15 17:16 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2015-04-15 17:15 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2015-04-15 17:15 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll

2015-04-15 17:15 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll

2015-04-15 17:15 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll

2015-04-15 17:15 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll

2015-04-15 17:15 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2015-04-15 17:15 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2015-04-15 17:15 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe

2015-04-15 17:15 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe

2015-04-15 17:15 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll

2015-04-15 17:15 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll

2015-04-15 17:15 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2015-04-15 17:15 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2015-04-15 17:15 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll

2015-04-15 17:14 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2015-04-15 17:14 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2015-04-15 17:14 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2015-04-15 17:14 - 2015-03-13 04:53 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2015-04-15 17:14 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2015-04-15 17:14 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2015-04-15 17:14 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2015-04-15 17:14 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2015-04-15 17:14 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2015-04-15 17:14 - 2015-03-13 04:17 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2015-04-15 17:14 - 2015-03-13 04:16 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2015-04-15 17:14 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2015-04-15 17:14 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2015-04-15 17:14 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2015-04-15 17:14 - 2015-03-13 03:50 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2015-04-15 17:14 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2015-04-15 17:14 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2015-04-15 17:14 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2015-04-15 17:14 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2015-04-15 17:14 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2015-04-15 17:14 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2015-04-15 17:14 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2015-04-15 17:14 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2015-04-15 17:14 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2015-04-15 17:13 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys

2015-04-15 17:13 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll

2015-04-15 17:13 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll

2015-04-15 17:13 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys

2015-04-15 17:12 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2015-04-15 17:12 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2015-04-15 17:12 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2015-04-15 17:12 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll

2015-04-15 17:12 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll

2015-04-15 17:12 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2015-04-15 17:12 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2015-04-15 17:12 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2015-04-15 17:12 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2015-04-15 17:12 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll

2015-04-15 17:12 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2015-04-15 17:12 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2015-04-15 17:12 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2015-04-15 17:12 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2015-04-15 17:12 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2015-04-15 17:12 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2015-04-15 17:12 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2015-04-15 17:12 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2015-04-13 23:29 - 2015-04-13 23:57 - 00019936 _____ () C:\Users\adam\Desktop\drama cv.odt

2015-04-11 10:53 - 2015-04-11 11:32 - 00000000 ____D () C:\Users\adam\Documents\mopet and snow

2015-04-11 10:17 - 2015-04-11 10:17 - 00000000 ____D () C:\Users\adam\AppData\Local\webkit

2015-04-11 10:12 - 2015-04-11 19:09 - 00000000 ____D () C:\Users\adam\Desktop\Moppet and freinds

2015-04-11 10:04 - 2015-04-11 10:53 - 00000000 ____D () C:\Users\adam\Documents\The adventures of Moppet

2015-04-11 10:03 - 2015-04-11 10:03 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Amazon

2015-04-11 09:59 - 2015-04-11 19:52 - 00000000 ____D () C:\Users\adam\.kindle

2015-04-11 09:59 - 2015-04-11 09:59 - 00001043 _____ () C:\Users\adam\Desktop\Kindle Comic Creator.lnk

2015-04-11 09:59 - 2015-04-11 09:59 - 00000000 ____D () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2015-04-11 09:58 - 2015-04-11 19:51 - 00000000 ____D () C:\Users\adam\AppData\Local\Kindle Previewer

2015-04-11 09:57 - 2015-04-11 09:58 - 00000000 ____D () C:\Users\adam\AppData\Local\KC2

2015-04-11 09:55 - 2015-04-11 09:57 - 277306048 _____ (Amazon.com) C:\Users\adam\Downloads\KindleComicCreatorInstall.exe

2015-04-07 20:47 - 2015-04-07 20:47 - 00003336 _____ () C:\Windows\System32\Tasks\InfoCollect

2015-04-07 20:47 - 2015-04-07 20:47 - 00003334 _____ () C:\Windows\System32\Tasks\AcerCloud

2015-04-07 20:45 - 2015-04-07 20:47 - 00002028 _____ () C:\Users\Public\Desktop\Acer Portal.lnk

2015-04-05 09:11 - 2015-04-05 09:15 - 00000000 ___SD () C:\Windows\system32\GWX

2015-04-05 09:11 - 2015-04-05 09:11 - 00000000 ___SD () C:\Windows\SysWOW64\GWX

2015-04-01 15:37 - 2015-04-17 00:29 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2015-04-01 15:37 - 2015-04-01 15:37 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-04-01 15:37 - 2015-04-01 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-04-01 15:36 - 2015-04-01 15:36 - 00000000 ____D () C:\ProgramData\Malwarebytes

2015-04-01 15:36 - 2015-04-01 15:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-04-01 15:36 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2015-04-01 15:36 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2015-04-01 15:36 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2015-04-01 15:35 - 2015-04-01 15:35 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\adam\Downloads\mbam-setup-2.1.4.1018.exe

2015-03-31 14:20 - 2015-03-31 14:21 - 00000000 ____D () C:\Users\adam\Desktop\taptaptap website

2015-03-31 14:13 - 2015-03-31 14:13 - 00000103 ____H () C:\Users\adam\Desktop\.~lock.statement of Mr Popplewell 133.odt#

2015-03-22 19:57 - 2015-03-22 19:58 - 00237568 _____ (Big Fish Games) C:\Users\adam\Downloads\bigfishgames_p232119703_s1_l1.exe

2015-03-22 17:44 - 2015-03-22 17:44 - 00000000 ____D () C:\Users\adam\AppData\Local\Oberon Games

2015-03-22 17:42 - 2015-03-22 17:42 - 00002041 _____ () C:\Users\Public\Desktop\Play Dream Day First Home.lnk

2015-03-22 17:42 - 2015-03-22 17:42 - 00001270 _____ () C:\Users\Public\Desktop\More Great Games.lnk

2015-03-22 17:41 - 2015-03-22 17:42 - 00000000 ____D () C:\Program Files (x86)\Dream Day First Home

2015-03-22 17:41 - 2015-03-22 17:41 - 00000979 _____ () C:\Users\Public\Desktop\Games.lnk

2015-03-22 17:41 - 2015-03-22 17:41 - 00000231 _____ () C:\Users\Public\Desktop\More Great Games.url

2015-03-22 17:41 - 2015-03-22 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Day First Home

2015-03-22 17:40 - 2015-03-22 17:40 - 00001947 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk

2015-03-22 17:40 - 2015-03-22 17:40 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk

2015-03-22 17:39 - 2015-03-22 17:40 - 00000000 ____D () C:\Program Files (x86)\bfgclient

2015-03-22 17:39 - 2015-03-22 17:39 - 00000000 ____D () C:\ProgramData\Big Fish

2015-03-22 17:38 - 2015-03-24 15:46 - 00000000 ____D () C:\BigFishCache

2015-03-22 17:38 - 2015-03-22 17:40 - 00000000 ____D () C:\Users\adam\AppData\Local\Big Fish

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 07:40 - 2014-05-21 20:21 - 01758996 _____ () C:\Windows\WindowsUpdate.log

2015-04-20 07:36 - 2014-08-30 18:06 - 00000000 ____D () C:\Users\adam\AppData\Local\CrashDumps

2015-04-20 07:34 - 2014-08-16 12:54 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2827351779-3346599264-1074541188-1001

2015-04-20 07:31 - 2014-08-17 17:51 - 00000000 ___DO () C:\Users\adam\OneDrive

2015-04-20 07:31 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\adam\AppData\Local\Pokki

2015-04-20 07:30 - 2014-08-16 13:02 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2015-04-20 07:29 - 2014-08-17 21:18 - 01070592 ___SH () C:\Users\adam\Desktop\Thumbs.db

2015-04-20 07:28 - 2014-08-16 13:02 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2015-04-20 07:09 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache

2015-04-20 07:08 - 2014-08-16 12:54 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{122DBD41-5960-4C82-8CBB-516E02831393}

2015-04-20 07:05 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru

2015-04-19 08:50 - 2014-09-17 09:05 - 00000000 ____D () C:\Users\adam\Desktop\pallet and uk mail labels

2015-04-17 22:48 - 2014-04-21 10:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2015-04-17 22:48 - 2014-04-21 10:57 - 00000000 ____D () C:\Program Files (x86)\Acer

2015-04-17 22:44 - 2014-08-16 12:51 - 00000000 ____D () C:\Users\adam\AppData\Local\clear.fi

2015-04-17 10:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness

2015-04-17 10:18 - 2014-08-18 08:42 - 00000072 _____ () C:\Users\Public\LMDebug.log

2015-04-17 10:17 - 2015-01-28 11:13 - 00202752 ___SH () C:\Users\adam\Downloads\Thumbs.db

2015-04-17 01:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\NDF

2015-04-16 22:04 - 2014-03-18 10:47 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI

2015-04-16 22:02 - 2014-08-16 12:51 - 00002333 _____ () C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2015-04-16 22:00 - 2014-05-21 21:09 - 00000000 ____D () C:\ProgramData\OEM

2015-04-16 21:57 - 2013-08-22 15:46 - 00033034 _____ () C:\Windows\setupact.log

2015-04-16 21:57 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2015-04-16 21:56 - 2014-03-18 10:39 - 00033596 _____ () C:\Windows\PFRO.log

2015-04-16 21:56 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI

2015-04-16 21:53 - 2014-08-18 09:21 - 00000000 ____D () C:\Windows\system32\MRT

2015-04-16 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB

2015-04-16 21:53 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB

2015-04-16 21:44 - 2014-08-18 09:20 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2015-04-16 21:43 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp

2015-04-16 21:34 - 2014-12-13 20:09 - 00000000 ____D () C:\Windows\system32\appraiser

2015-04-16 21:34 - 2014-08-20 11:04 - 00000000 ___SD () C:\Windows\system32\CompatTel

2015-04-16 20:31 - 2014-08-16 13:03 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2015-04-15 10:12 - 2015-02-06 13:01 - 00000000 ____D () C:\Users\adam\Desktop\N & C quotes

2015-04-14 00:24 - 2015-03-15 18:05 - 00792056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2015-04-14 00:24 - 2015-03-15 18:05 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2015-04-11 10:52 - 2014-08-16 12:47 - 00000000 ____D () C:\Users\adam

2015-04-09 14:26 - 2015-03-19 10:50 - 00000000 ____D () C:\Users\adam\Desktop\tylers ave

2015-04-09 14:13 - 2014-09-16 15:09 - 00000000 ____D () C:\Users\adam\Documents\Turbo Lister Backup

2015-04-07 20:47 - 2014-04-21 11:35 - 00000000 ___HD () C:\OEM

2015-04-06 13:09 - 2015-03-15 18:43 - 00000000 ____D () C:\ProgramData\Package Cache

2015-04-04 08:53 - 2014-05-21 21:07 - 00000000 ____D () C:\ProgramData\Temp

2015-03-31 14:18 - 2014-08-17 21:33 - 00000000 ____D () C:\Users\adam\Desktop\sinks

2015-03-31 14:16 - 2014-08-17 21:37 - 00000000 ____D () C:\Users\adam\Desktop\2013 taps

2015-03-25 11:16 - 2015-01-28 12:34 - 00000000 ____D () C:\Users\adam\Desktop\customer quotes

2015-03-22 17:41 - 2014-04-21 10:57 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

==================== Files in the root of some directories =======

2014-05-21 20:39 - 2014-05-21 20:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:

====================

C:\Users\adam\AppData\Local\Temp\ICReinstall_Chrome Download Manager.exe

C:\Users\adam\AppData\Local\Temp\Intel_Technology_Access_Software.exe

C:\Users\adam\AppData\Local\Temp\oct2559.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct5F90.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct6FA0.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct816F.tmp.exe

C:\Users\adam\AppData\Local\Temp\oct8797.tmp.exe

C:\Users\adam\AppData\Local\Temp\octC47F.tmp.exe

C:\Users\adam\AppData\Local\Temp\octFD17.tmp.exe

C:\Users\adam\AppData\Local\Temp\paint.net.4.0.4.install.exe

C:\Users\adam\AppData\Local\Temp\swt-gdip-win32-3452.dll

C:\Users\adam\AppData\Local\Temp\swt-win32-3452.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-18 16:17

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-04-2015 01

Ran by adam at 2015-04-20 07:40:26

Running from C:\Users\adam\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2001 - Acer Incorporated)

abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.01.2006 - Acer Incorporated)

abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.07.2004.0 - Acer Incorporated)

abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.02.2003.0 - Acer Incorporated)

Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)

Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8105 - Acer Incorporated)

Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2000 - Acer Incorporated)

Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8104 - Acer Incorporated)

Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3012 - Acer Incorporated)

Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8106 - Acer Incorporated)

Acer Remote Files (HKLM\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 1.02.2003 - Acer Incorporated)

Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2001.4 - Acer Incorporated)

Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)

Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden

AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.06.2002.2 - Acer Incorporated)

Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)

CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.3721 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3914.57 - CyberLink Corp.)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

Dream Day First Home (HKLM-x32\...\BFG-Dream Day First Home) (Version: - )

eBay Worldwide (HKLM-x32\...\{91589413-6675-4C27-8AFC-EFB9103B90A5}) (Version: 2.4.0105 - OEM)

Game Channels (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 9.2.0.11 - WildTangent, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Host App Service (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Pokki) (Version: 0.269.7.611 - Pokki)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8101 - Acer Incorporated)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)

Intel® Technology Access (HKLM-x32\...\{efc54997-dfa9-44b1-afac-3a7ac4f45730}) (Version: 1.3.6.1042 - Intel Corporation)

Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)

Intel® Update Manager (HKLM-x32\...\{43FA4AC8-46F8-423F-96FD-9A7D67048F1C}) (Version: 2.5.1634 - Intel Corporation)

Kindle Comic Creator (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\KC2) (Version: 1.160 - Amazon)

KindlePreviewer (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\KindlePreviewer) (Version: 2.94 - Amazon)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)

OpenOffice 4.1.0 (HKLM-x32\...\{28B88897-774A-4005-BBFF-663B1F8EAA5A}) (Version: 4.10.9764 - Apache Software Foundation)

Opera Mail 1.0 (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)

paint.net (HKLM\...\{19BD2C33-16A8-4ED1-B9EA-D9E35B21EC42}) (Version: 4.0.5 - dotPDN LLC)

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Pokki Start Menu (HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\...\Pokki_Start_Menu) (Version: 0.269.7.611 - Pokki)

Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)

Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.29 - Qualcomm Atheros)

RACE 07 Demo (HKLM-x32\...\Steam App 4260) (Version: - SimBin)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21245 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7209 - Realtek Semiconductor Corp.)

Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)

Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)

The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.32 - WildTangent) Hidden

Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden

Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2827351779-3346599264-1074541188-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

27-03-2015 09:15:30 Windows Update

05-04-2015 09:07:20 Windows Update

06-04-2015 13:04:29 Intel® Technology Access

16-04-2015 21:33:42 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00A6CA8A-4F53-4830-95A9-BE01CD914322} - System32\Tasks\InfoCollect => C:\Program Files (x86)\Acer\Acer Portal\InfoCollect.exe [2015-03-18] ()

Task: {0831349F-ABDA-45A7-9E7E-69A3FCF146D1} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-03-17] (Acer Incorporate)

Task: {3502D0EC-AC1D-4230-88A7-BFB559381014} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)

Task: {37494759-B274-4FA8-8231-57B7FF32887F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-16] (Microsoft Corporation)

Task: {4692910B-52DD-4165-A960-880365D6B8B3} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()

Task: {52EB3751-66E4-4B03-95AF-A9ADB573E33E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {56C9BB88-CFE8-432D-8753-4236F534F641} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)

Task: {59168F15-BC6A-4715-915B-C63B4F1F5646} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-16] (Google Inc.)

Task: {6CD970C7-7986-4651-85F0-F4113A2383C4} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-08] ()

Task: {728B3C23-39D5-49FD-9260-BFB4032690D6} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-03-21] (Acer Incorporated)

Task: {82F6C18E-4D67-40F3-9445-123F9D758766} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-06-09] ()

Task: {C18B36F2-CF2E-4594-AA94-A5DA7DE85662} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2014-03-21] (Acer Incorporate)

Task: {C22F8B5B-0797-4E3D-931C-9A0EEA594334} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {C8D1584C-7261-4068-869E-1CA6AC5BF2AB} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {CF1963AB-0F1F-4A6F-A871-2807ADF61BCA} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-24] (Microsoft Corporation)

Task: {E2234699-F51F-450C-814D-818E2D5F5A2E} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2015-03-18] (Acer)

Task: {E3C2E7C0-1EA5-4A7D-9EA4-6DD323BC9567} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-24] (Microsoft Corporation)

Task: {FB4ABD9C-A91A-4ACC-9EC8-EE09FCA9820E} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-03-18] (Acer Incorporated)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2011-06-21 07:42 - 2011-06-21 07:42 - 00034304 _____ () C:\Windows\System32\sst3cl6.dll

2011-06-21 02:23 - 2011-06-21 02:23 - 00826880 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll

2015-03-17 13:43 - 2015-03-17 13:43 - 00087552 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\libglog.dll

2015-02-08 12:20 - 2015-02-08 12:20 - 01793248 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\cpprest120_1_4.dll

2015-03-17 14:15 - 2015-03-17 14:15 - 00355040 _____ () C:\Program Files\Intel Corporation\Intel® Technology Access\JsonCpp.dll

2014-05-21 21:13 - 2012-04-24 11:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

2014-02-25 22:14 - 2014-02-25 22:14 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll

2014-02-25 22:11 - 2014-02-25 22:11 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll

2014-02-25 22:17 - 2014-02-25 22:17 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

2015-04-16 16:04 - 2015-04-16 16:04 - 00090880 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

2014-04-21 11:37 - 2014-03-07 17:21 - 00080312 _____ () C:\Windows\system32\igfxexps.dll

2015-04-16 16:04 - 2015-04-16 16:04 - 00089344 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

2015-04-16 19:49 - 2015-03-10 07:37 - 00775680 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2015-04-16 19:49 - 2014-12-02 01:29 - 05002752 _____ () C:\Program Files (x86)\Steam\v8.dll

2015-04-16 19:49 - 2015-04-14 00:44 - 02371776 _____ () C:\Program Files (x86)\Steam\video.dll

2015-04-16 19:49 - 2014-12-02 01:29 - 01612800 _____ () C:\Program Files (x86)\Steam\icui18n.dll

2015-04-16 19:49 - 2014-12-02 01:29 - 01210368 _____ () C:\Program Files (x86)\Steam\icuuc.dll

2015-04-16 19:49 - 2014-12-01 22:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll

2015-04-16 19:49 - 2014-12-01 22:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll

2015-04-16 19:49 - 2014-12-01 22:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll

2015-04-16 19:49 - 2014-12-01 22:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll

2015-04-16 19:49 - 2014-12-01 22:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll

2015-04-16 19:49 - 2015-04-14 00:44 - 00702656 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2015-04-07 20:47 - 2015-04-07 20:47 - 00015616 _____ () C:\Windows\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll

2015-03-18 14:40 - 2015-03-18 14:40 - 00013568 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll

2015-03-09 11:59 - 2015-03-09 11:59 - 00203008 _____ () C:\Program Files (x86)\Acer\abPhoto\curllib.dll

2015-03-09 12:00 - 2015-03-09 12:00 - 00654552 _____ () C:\Program Files (x86)\Acer\abPhoto\sqlite3.dll

2015-03-09 12:00 - 2015-03-09 12:00 - 00630528 _____ () C:\Program Files (x86)\Acer\abPhoto\tag.dll

2015-03-09 12:00 - 2015-03-09 12:00 - 00119552 _____ () C:\Program Files (x86)\Acer\abPhoto\OpenLDAP.dll

2015-03-18 14:38 - 2015-03-18 14:38 - 00277096 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll

2015-04-16 16:05 - 2015-04-16 16:05 - 00279296 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll

2014-05-21 21:26 - 2014-01-03 14:13 - 00090368 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll

2015-04-16 20:31 - 2015-04-13 22:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll

2015-04-16 20:31 - 2015-04-13 22:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll

2015-04-16 19:49 - 2015-02-25 02:58 - 34641288 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2015-01-04 05:06 - 2015-01-04 05:06 - 00569856 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll

2015-01-04 05:06 - 2015-01-04 05:06 - 01400846 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\avcodec-54.dll

2015-01-04 05:06 - 2015-01-04 05:06 - 00151054 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\avutil-51.dll

2015-01-04 05:06 - 2015-01-04 05:06 - 00222734 _____ () C:\Users\adam\AppData\Local\Pokki\Engine\avformat-54.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\adam\OneDrive:ms-properties

AlternateDataStreams: C:\ProgramData\Temp:2CB9631F

AlternateDataStreams: C:\ProgramData\Temp:6C5EC3CD

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2827351779-3346599264-1074541188-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\acer01.jpg

DNS Servers: 192.168.1.254

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== Accounts: =============================

adam (S-1-5-21-2827351779-3346599264-1074541188-1001 - Administrator - Enabled) => C:\Users\adam

Administrator (S-1-5-21-2827351779-3346599264-1074541188-500 - Administrator - Disabled)

Guest (S-1-5-21-2827351779-3346599264-1074541188-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2827351779-3346599264-1074541188-1003 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/20/2015 07:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.7, time stamp: 0x55091de0

Faulting module name: MSVCR100.dll, version: 10.0.40219.1, time stamp: 0x4d5f0c22

Exception code: 0xc0000005

Fault offset: 0x00011891

Faulting process ID: 0x4e4

Faulting application start time: 0xBackgroundAgent.exe0

Faulting application path: BackgroundAgent.exe1

Faulting module path: BackgroundAgent.exe2

Report ID: BackgroundAgent.exe3

Faulting package full name: BackgroundAgent.exe4

Faulting package-relative application ID: BackgroundAgent.exe5

Error: (04/17/2015 10:23:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

Error: (04/17/2015 08:28:39 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: There was an error with the Windows Location Provider database

Error: (04/17/2015 04:46:34 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20689 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1390

Start Time: 01d078a7e198fc02

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe

Report Id: 539d8f17-e4b4-11e4-826f-f8a96373f8a7

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

Error: (04/17/2015 00:55:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

Error: (04/16/2015 11:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: BackgroundAgent.exe, version: 1.0.1.7, time stamp: 0x55091de0

Faulting module name: MSVCR100.dll, version: 10.0.40219.1, time stamp: 0x4d5f0c22

Exception code: 0xc0000005

Fault offset: 0x00011891

Faulting process ID: 0x1254

Faulting application start time: 0xBackgroundAgent.exe0

Faulting application path: BackgroundAgent.exe1

Faulting module path: BackgroundAgent.exe2

Report ID: BackgroundAgent.exe3

Faulting package full name: BackgroundAgent.exe4

Faulting package-relative application ID: BackgroundAgent.exe5

Error: (04/15/2015 07:18:23 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program SystemSettings.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 6408

Start Time: 01d06d53a82651ec

Termination Time: 1341

Application Path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Report Id: 32999bbb-e337-11e4-826e-f8a96373f8a7

Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel

Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)

Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)

Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/14/2015 03:34:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

System errors:

=============

Error: (04/20/2015 07:28:38 AM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.

Error: (04/17/2015 10:06:21 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)

Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (04/17/2015 10:06:21 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (04/17/2015 10:06:00 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)

Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (04/17/2015 10:06:00 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (04/17/2015 10:05:46 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)

Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (04/17/2015 10:05:46 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (04/17/2015 10:05:40 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)

Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Error: (04/17/2015 10:05:40 AM) (Source: Schannel) (EventID: 4120) (User: LOUNGE)

Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 43. The Windows SChannel error state is 552.

Error: (04/17/2015 10:05:35 AM) (Source: Schannel) (EventID: 4116) (User: LOUNGE)

Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is client.wns.windows.com. The SSL connection request has failed. The attached data contains the server certificate.

Microsoft Office Sessions:

=========================

Error: (04/20/2015 07:36:32 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: BackgroundAgent.exe1.0.1.755091de0MSVCR100.dll10.0.40219.14d5f0c22c0000005000118914e401d07b3370b7bf07C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll94c36ff9-e727-11e4-826f-f8a96373f8a7

Error: (04/17/2015 10:23:40 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

Error: (04/17/2015 08:28:39 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)

Description: -2147024883

Error: (04/17/2015 04:46:34 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: LiveComm.exe17.5.9600.20689139001d078a7e198fc024294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\LiveComm.exe539d8f17-e4b4-11e4-826f-f8a96373f8a7microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

Error: (04/17/2015 00:55:39 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

Error: (04/16/2015 11:59:41 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: BackgroundAgent.exe1.0.1.755091de0MSVCR100.dll10.0.40219.14d5f0c22c000000500011891125401d078882d0993d0C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exeC:\Windows\SYSTEM32\MSVCR100.dll433b2091-e48c-11e4-826f-f8a96373f8a7

Error: (04/15/2015 07:18:23 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: SystemSettings.exe6.3.9600.17415640801d06d53a82651ec1341C:\Windows\ImmersiveControlPanel\SystemSettings.exe32999bbb-e337-11e4-826e-f8a96373f8a7windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewymicrosoft.windows.immersivecontrolpanel

Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147024865

Error: (04/15/2015 00:05:51 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LOUNGE)

Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2147024865

Error: (04/14/2015 03:34:53 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2830 @ 2.16GHz

Percentage of memory in use: 54%

Total physical RAM: 3979.2 MB

Available physical RAM: 1821.08 MB

Total Pagefile: 8587.2 MB

Available Pagefile: 5605.78 MB

Total Virtual: 131072 MB

Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:448.62 GB) (Free:375.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 33C8B4BA)

Partition: GPT Partition Type.

==================== End Of Log ============================

April 16, 2014

on my main pc "er indoors ( the wife ) clicked a link in an email that was a spam thing had a .php at the end have noticed some of the icons on machine have moved not sure if this is related.

i have run malware bytes nothing showed up. thanks

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014

Ran by adam (administrator) on ADAM-PC on 16-04-2014 23:55:54

Running from C:\Users\adam\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe

() C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\MSPUB.EXE

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

() C:\Windows\Samsung\PanelMgr\SSMMgr.exe

() C:\Windows\Samsung\PanelMgr\caller64.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Google Inc.) C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

(Google Inc.) C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\adam\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-20] (Realtek Semiconductor)

HKLM\...\Run: [skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-20] (Realtek Semiconductor Corp.)

HKLM\...\Run: [EPSON Stylus DX4800 Series] => C:\Windows\system32\spool\DRIVERS\x64\3\E_FATIADE.EXE [98304 2005-02-02] (SEIKO EPSON CORPORATION)

HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [3451904 2010-08-12] (Alcatel-Lucent)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2009-12-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [248552 2010-05-14] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\SSMMgr.exe [618496 2010-06-07] ()

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKU\.DEFAULT\...\RunOnce: [sPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-03-21] (Microsoft Corporation)

HKU\S-1-5-21-3054302393-4056070180-3854944929-1000\...\Run: [Google Update] => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2009-11-28] (Google Inc.)

HKU\S-1-5-21-3054302393-4056070180-3854944929-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_ActiveX.exe [250528 2012-03-22] (Adobe Systems, Inc.)

HKU\S-1-5-21-3054302393-4056070180-3854944929-1000\...\MountPoints2: {704b0f2e-da22-11de-b2b1-806e6f6e6963} - D:\Setup.exe

Startup: C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP ENVY 120 series.lnk

ShortcutTarget: Monitor Ink Alerts - HP ENVY 120 series.lnk -> C:\Program Files\HP\HP ENVY 120 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.overclockers.co.uk

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xBFEB1FD5886FCA01

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\adam\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\adam\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

Chrome:

=======

CHR DefaultSearchKeyword: google.co.uk

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Shockwave Flash) - C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File

CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)

CHR Plugin: (Java Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Motive, Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Extension: (YouTube) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]

CHR Extension: (Google Search) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]

CHR Extension: (Google Wallet) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR Extension: (Gmail) - C:\Users\adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]

CHR StartMenuInternet: Google Chrome - C:\Users\adam\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

R2 ES lite Service; C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-03-02] ()

R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-08-09] (Alcatel-Lucent)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S2 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [49152 2004-10-18] (DeviceGuys, Inc.)

R3 GKUPRO2D; C:\Windows\System32\Drivers\GKUPRO2D.sys [120704 2005-02-18] (Gemplus)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-08-12] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-08-12] (Printing Communications Assoc., Inc. (PCAUSA))

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia)

S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia)

S3 papycpu; No ImagePath

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-09-10] (Samsung Electronics)

S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia)

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

S0x01000000 papycpu2; \SystemRoot\system32\drivers\papycpu2.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-16 23:55 - 2014-04-16 23:56 - 00013459 _____ () C:\Users\adam\Downloads\FRST.txt

2014-04-16 23:55 - 2014-04-16 23:55 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64 (1).exe

2014-04-16 23:55 - 2014-04-16 23:55 - 00000000 ____D () C:\FRST

2014-04-16 23:21 - 2014-04-16 23:21 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe

2014-04-09 14:55 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-04-09 14:55 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-04-09 14:55 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-04-09 14:55 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-04-09 14:55 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll

2014-04-09 14:55 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll

2014-04-09 14:55 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll

2014-04-09 14:55 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll

2014-04-09 14:55 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll

2014-04-09 14:55 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll

2014-04-09 14:55 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll

2014-04-09 14:55 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe

2014-04-09 14:55 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll

2014-04-09 14:55 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe

2014-04-09 14:55 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe

2014-04-09 14:55 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys

2014-04-09 14:55 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys

2014-04-09 14:55 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys

2014-04-09 14:55 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll

2014-04-09 14:55 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll

2014-04-09 14:55 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

2014-03-26 09:10 - 2014-03-26 09:10 - 00114176 _____ () C:\Users\adam\Desktop\no discount in the bathroom.xls

2014-03-26 09:09 - 2014-03-26 09:09 - 00035012 _____ () C:\Users\adam\Documents\no discount.xlsx

==================== One Month Modified Files and Folders =======

2014-04-16 23:56 - 2014-04-16 23:55 - 00013459 _____ () C:\Users\adam\Downloads\FRST.txt

2014-04-16 23:55 - 2014-04-16 23:55 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64 (1).exe

2014-04-16 23:55 - 2014-04-16 23:55 - 00000000 ____D () C:\FRST

2014-04-16 23:21 - 2014-04-16 23:21 - 02158592 _____ (Farbar) C:\Users\adam\Downloads\FRST64.exe

2014-04-16 23:18 - 2011-05-22 10:40 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-04-16 23:17 - 2009-11-28 16:07 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA.job

2014-04-16 23:17 - 2009-11-26 01:32 - 02046742 _____ () C:\Windows\WindowsUpdate.log

2014-04-16 17:23 - 2009-11-28 16:07 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core.job

2014-04-16 17:20 - 2011-05-22 10:40 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-04-16 09:52 - 2011-12-01 16:07 - 00000000 ____D () C:\Users\adam\Desktop\Ebay sales Thomas & Holland Dec'11-Nov'12

2014-04-16 09:16 - 2012-12-19 11:33 - 00029184 _____ () C:\Users\adam\Desktop\CASH SALES.xls

2014-04-13 07:21 - 2009-11-26 01:32 - 00000365 _____ () C:\service.log

2014-04-13 06:40 - 2009-07-14 05:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-04-13 06:40 - 2009-07-14 05:45 - 00014816 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-04-13 06:34 - 2009-12-02 08:30 - 00000366 _____ () C:\Windows\Tasks\Driver Robot.job

2014-04-10 23:52 - 2009-11-28 16:08 - 00002362 _____ () C:\Users\adam\Desktop\Google Chrome.lnk

2014-04-10 12:03 - 2012-11-20 09:26 - 00026587 _____ () C:\Users\adam\Desktop\DEBIT CARD SALES.xlsx

2014-04-10 07:10 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-04-10 04:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache

2014-04-10 03:22 - 2009-11-28 02:18 - 00025640 _____ (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys

2014-04-10 03:22 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-04-10 03:21 - 2009-07-14 05:51 - 00043130 _____ () C:\Windows\setupact.log

2014-04-10 03:05 - 2009-11-27 20:53 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-04-10 03:04 - 2013-08-15 03:02 - 00000000 ____D () C:\Windows\system32\MRT

2014-04-10 03:02 - 2009-11-27 20:27 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-04-04 03:01 - 2012-05-02 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client

2014-04-04 03:01 - 2011-02-27 22:27 - 00001945 _____ () C:\Windows\epplauncher.mif

2014-04-04 03:01 - 2011-02-27 22:27 - 00000000 ____D () C:\Program Files\Microsoft Security Client

2014-04-03 18:32 - 2014-01-08 08:52 - 00000000 ____D () C:\Users\adam\AppData\Roaming\HpUpdate

2014-03-31 02:16 - 2014-04-09 14:55 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-03-31 02:13 - 2014-04-09 14:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-03-31 01:13 - 2014-04-09 14:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-03-31 00:57 - 2014-04-09 14:55 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-03-30 16:08 - 2009-11-28 16:07 - 00003876 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA

2014-03-30 16:08 - 2009-11-28 16:07 - 00003480 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core

2014-03-27 15:13 - 2011-05-22 10:40 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-03-27 15:13 - 2011-05-22 10:40 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-03-26 09:10 - 2014-03-26 09:10 - 00114176 _____ () C:\Users\adam\Desktop\no discount in the bathroom.xls

2014-03-26 09:09 - 2014-03-26 09:09 - 00035012 _____ () C:\Users\adam\Documents\no discount.xlsx

Some content of TEMP:

====================

C:\Users\adam\AppData\Local\Temp\Arabic.dll

C:\Users\adam\AppData\Local\Temp\Brazilian.dll

C:\Users\adam\AppData\Local\Temp\Chinese_PRC.dll

C:\Users\adam\AppData\Local\Temp\Chinese_Taiwan.dll

C:\Users\adam\AppData\Local\Temp\Czech.dll

C:\Users\adam\AppData\Local\Temp\Danish.dll

C:\Users\adam\AppData\Local\Temp\Dutch.dll

C:\Users\adam\AppData\Local\Temp\English.dll

C:\Users\adam\AppData\Local\Temp\Finnish.dll

C:\Users\adam\AppData\Local\Temp\French.dll

C:\Users\adam\AppData\Local\Temp\German.dll

C:\Users\adam\AppData\Local\Temp\Greek.dll

C:\Users\adam\AppData\Local\Temp\Hebrew.dll

C:\Users\adam\AppData\Local\Temp\Hungarian.dll

C:\Users\adam\AppData\Local\Temp\install_flash_player.exe

C:\Users\adam\AppData\Local\Temp\Italian.dll

C:\Users\adam\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe

C:\Users\adam\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\adam\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\adam\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\adam\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\adam\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\adam\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe

C:\Users\adam\AppData\Local\Temp\Korean.dll

C:\Users\adam\AppData\Local\Temp\Norwegian.dll

C:\Users\adam\AppData\Local\Temp\ose00000.exe

C:\Users\adam\AppData\Local\Temp\Polish.dll

C:\Users\adam\AppData\Local\Temp\Portuguese.dll

C:\Users\adam\AppData\Local\Temp\Russian.dll

C:\Users\adam\AppData\Local\Temp\setup.exe

C:\Users\adam\AppData\Local\Temp\Spanish.dll

C:\Users\adam\AppData\Local\Temp\SP_Connector.exe

C:\Users\adam\AppData\Local\Temp\Swedish.dll

C:\Users\adam\AppData\Local\Temp\Turkish.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-10 03:52

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014

Ran by adam at 2014-04-16 23:56:36

Running from C:\Users\adam\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.32.18 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX 64-bit (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.63 - Adobe Systems Incorporated)

Adobe Reader 9.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A93000000001}) (Version: 9.3.0 - Adobe Systems Incorporated)

Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)

Browser Configuration Utility (HKLM-x32\...\{E8AEA11B-E60A-455E-B008-E4E763604612}) (Version: 1.0.4.9 - DeviceVM Inc.)

BT Broadband Desktop Help (HKLM-x32\...\BT Broadband Desktop Help) (Version: - )

BTHomeHub (HKLM-x32\...\BTHomeHub) (Version: - British Telecommunications Plc.)

DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)

EasySaver B9.0316.1 (HKLM-x32\...\{07300F01-89CA-4CF8-92BD-2A605EB83C95}) (Version: 1.00.0000 - Gigabyte)

EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )

Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)

GoToAssist Corporate (x32 Version: 9.0.570 - Citrix) Hidden

HP ENVY 120 series Basic Device Software (HKLM\...\{0E96CEFA-F256-4E54-BB46-34FA4A8847D7}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP ENVY 120 series Help (HKLM-x32\...\{B45F1BFE-C8D5-4F09-BD54-90CB32BEDE12}) (Version: 28.0.0 - Hewlett Packard)

HP ENVY 120 series Product Improvement Study (HKLM\...\{E0C8943E-2DA5-4F82-A54E-76157E95AA30}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)

Java Auto Updater (x32 Version: 2.0.2.4 - Sun Microsystems, Inc.) Hidden

Java 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)

Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Maintenance Samsung CLP-320 Series (HKLM-x32\...\Samsung CLP-320 Series) (Version: - Samsung Electronics Co., Ltd.)

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Thunderbird (2.0.0.24) (HKLM-x32\...\Mozilla Thunderbird (2.0.0.24)) (Version: 2.0.0.24 (en-GB) - Mozilla)

MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nokia Connectivity Cable Driver (HKLM-x32\...\{F1FDAA01-988C-423F-AC12-0D8F333943FD}) (Version: 7.1.31.0 - Nokia)

Nokia Software Updater (HKLM-x32\...\{4D568C38-0552-4CDD-A643-01FAFA2957EF}) (Version: 02.06.006.44298 - Nokia Corporation)

OpenOffice.org 3.3 (HKLM-x32\...\{82AF3E91-57E1-4754-84D0-40A46E2479AB}) (Version: 3.3.9567 - OpenOffice.org)

Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)

PC Connectivity Solution (HKLM-x32\...\{A5A70E61-FEAB-4CEC-977C-BE0EF8DC05AB}) (Version: 10.42.0.0 - Nokia)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5780 - Realtek Semiconductor Corp.)

Sage Invoicing and Start-up (HKLM-x32\...\InstallShield_{6E9B1EA1-B4C3-44F7-A873-DC1211E73420}) (Version: 2.0.0.11 - Sage)

Sage Invoicing and Start-up (x32 Version: 2.0.0.11 - Sage) Hidden

SAMSUNG Dr.Printer (HKLM-x32\...\{0DB87EAC-F695-4D59-9609-C93119AE6B35}) (Version: 1.00.0000 - Samsung)

Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)

Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version: - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)

Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0) (HKLM\...\FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D) (Version: 08/22/2008 7.0.0.0 - Nokia)

Windows Live Communications Platform (x32 Version: 14.0.8098.930 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden

Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden

WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )

WinVROC (HKLM-x32\...\WinVROC) (Version: - )

==================== Restore Points =========================

30-03-2014 00:22:24 Windows Update

30-03-2014 18:08:04 Windows Backup

02-04-2014 16:49:16 Windows Update

04-04-2014 02:00:26 Windows Update

06-04-2014 18:00:20 Windows Backup

07-04-2014 06:51:22 Windows Update

10-04-2014 02:00:42 Windows Update

13-04-2014 06:12:50 Windows Update

13-04-2014 18:00:13 Windows Backup

16-04-2014 16:25:51 Windows Update

==================== Hosts content: ==========================

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {074B5425-72DD-44AF-B4B8-9D77B22D3131} - System32\Tasks\{CC504401-CD39-4972-B71A-2EA73532B6FB} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {1E394DB5-2D2F-40D3-A84D-4F230E7EAEB3} - System32\Tasks\{9A91D0B0-46E8-4A4E-9785-79F17D609B52} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {22A33A2A-4DC0-433C-B2A6-E5F1CD1D20AA} - System32\Tasks\{258FFC3E-840F-4911-8655-15CCA656807E} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {327798F1-925C-4948-A0F7-FDD4E2E3310D} - System32\Tasks\{70213967-0C7B-4747-A0D3-BF87C7AC2CD2} => C:\Program Files (x86)\mackoy\BVE4\Bve.exe

Task: {3B877111-069C-457C-899C-3893BBDBA414} - System32\Tasks\HPCustParticipation HP ENVY 120 series => C:\Program Files\HP\HP ENVY 120 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {4482CF6A-5BB7-4285-9063-301577E49788} - System32\Tasks\{8B9A686C-FD8B-460F-A4D1-C99445431B40} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {454385E1-0219-4107-B968-5C3BC65A98AB} - System32\Tasks\{8299EF3E-AFD5-49D8-9D47-BADCE9E15BFA} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {45E5F7DA-30E4-44AF-890B-9BF3F18B5D24} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)

Task: {6A33B5E2-213E-4D95-8AD2-E5E8EA057C51} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-28] (Google Inc.)

Task: {6A82ABAC-A597-40F3-82DF-75956B77F6A3} - System32\Tasks\{950DEA5D-50EA-4883-BF9B-29761DB343FC} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {710CBFB3-3D3B-4F9A-A310-75586E77D0FE} - System32\Tasks\{8402AE9C-5565-47D4-8CE7-1CC3C87BFF7D} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {83D189B1-F4E5-4A32-BFCB-1B87DEF443C7} - System32\Tasks\{D17E5D63-4DCA-4518-AE49-C19D71D3904D} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {8E017A29-C71A-4B6D-B1AB-90FDA40EE994} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe [2009-11-28] (Google Inc.)

Task: {8F6708C0-2D0E-4B74-9F7F-FD9FFD85F69F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {9D2DAF16-ED33-477D-BD56-4656959E80FB} - System32\Tasks\Driver Robot => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe

Task: {A1661244-8F83-41AA-961F-224FF1E73DDC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-22] (Google Inc.)

Task: {C9306CDE-C22D-47ED-A9E2-0D4573B9AF99} - System32\Tasks\{D1502ACA-5E2A-47AE-82BA-95EB64DA1DA8} => C:\Program Files (x86)\mackoy\BVE4\Bve.exe

Task: {CA34AB44-5E5D-43FB-A3FD-280E029FBCB0} - System32\Tasks\{C173C7F9-6156-4C32-A3C8-8F507254AB2C} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {D642514B-0A1D-420F-B65A-8F8273C2469F} - System32\Tasks\{1D867513-CCE7-4412-BE40-EC59C5BC5FA0} => C:\Program Files (x86)\eBay\Turbo Lister2\Tl.exe [2012-02-03] (eBay Inc.)

Task: {D756C3BA-2CFE-472E-BD05-F71923A51F6E} - System32\Tasks\{BA3CF3EF-63A0-490F-82E6-70655F7C1A6B} => C:\Program Files (x86)\mackoy\BVE4\Bve.exe

Task: C:\Windows\Tasks\Driver Robot.job => C:\Program Files (x86)\Driver Robot\1.2.0.5\DriverRobot.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000Core.job => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3054302393-4056070180-3854944929-1000UA.job => C:\Users\adam\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2008-06-04 06:53 - 2008-06-04 06:53 - 00027648 _____ () C:\Windows\System32\sst3cl6.dll

2010-03-10 06:15 - 2010-03-10 06:15 - 00757760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sst3cdu.dll

2009-11-26 01:32 - 2009-03-02 23:06 - 00068136 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

2011-06-04 11:22 - 2010-06-07 11:15 - 00618496 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe

2011-06-04 11:22 - 2009-09-30 05:51 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe

2009-11-26 01:32 - 2009-03-13 20:30 - 00109096 _____ () C:\Program Files (x86)\Gigabyte\EasySaver\YCC.DLL

2011-01-17 16:19 - 2011-05-31 22:36 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2014-04-10 23:52 - 2014-04-02 02:57 - 00065352 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll

2014-04-10 23:52 - 2014-04-02 02:57 - 00674632 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\libglesv2.dll

2014-04-10 23:52 - 2014-04-02 02:57 - 00093000 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\libegl.dll

2014-04-10 23:52 - 2014-04-02 02:57 - 04081480 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll

2014-04-10 23:52 - 2014-04-02 02:58 - 00390472 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll

2014-04-10 23:52 - 2014-04-02 02:57 - 01647432 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

2014-04-10 23:52 - 2014-04-02 02:58 - 13691720 _____ () C:\Users\adam\AppData\Local\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\adam\Desktop\Fw_ Account Forms for Agents.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (04/16/2014 10:14:29 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/14/2014 07:03:06 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/13/2014 07:04:22 PM) (Source: Windows Backup) (User: )

Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (04/12/2014 08:52:47 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/12/2014 08:28:20 AM) (Source: Application Error) (User: )

Description: Faulting application name: BTHelpNotifier.exe, version: 6.6.1.18, time stamp: 0x4a944480

Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24

Exception code: 0xc0000374

Fault offset: 0x00000000000c4102

Faulting process id: 0xb84

Faulting application start time: 0xBTHelpNotifier.exe0

Faulting application path: BTHelpNotifier.exe1

Faulting module path: BTHelpNotifier.exe2

Report Id: BTHelpNotifier.exe3

Error: (04/11/2014 06:27:01 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/10/2014 03:05:45 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/08/2014 07:47:23 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

Error: (04/06/2014 07:04:38 PM) (Source: Windows Backup) (User: )

Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).

Error: (04/06/2014 06:42:43 AM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.

Component identity found in manifest does not match the identity of the component requested.

Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".

Please use sxstrace.exe for detailed diagnosis.

System errors:

=============

Error: (04/16/2014 11:16:36 PM) (Source: Service Control Manager) (User: )