possibly infected?

[Elliott]

My email was infected with spam a week or two back; the first sign of trouble was when the email was blocked by the provider.

 

On the provider's advice, i changed the email password, and installed and ran Malwarebytes Premium.

 

It didn't seem to find anything, but I had another sign a day or two later that all was not well.

 

I have just run Furbar.

 

I can't work out how to attach the files, so here they are below.

 

sorry

 

Elliott

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:16-06-2014

Ran by Johnm at 2014-06-17 16:31:35

Running from C:\Users\Johnm\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {68F968AC-2AA0-091D-848C-803E83E35902}

AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Acrobat.com (HKLM\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)

Acrobat.com (Version: 0.0.0 - Adobe Systems Incorporated) Hidden

Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)

Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden

Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.)

Adobe AIR (Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden

Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader 9.5.5 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)

Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)

Agere Systems HDA Modem (HKLM\...\Agere Systems Soft Modem) (Version:  - LSI Corporation)

AOL Toolbar 5.0 (HKLM\...\AOL Toolbar) (Version: 5.2.78.2 - AOL LLC)

ATI Catalyst Install Manager (HKLM\...\{C3BB5992-04BD-5A27-A8A5-5D976DF8E743}) (Version: 3.0.704.0 - ATI Technologies, Inc.)

Bing Bar (HKLM\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)

Business Contact Manager for Outlook 2007 SP2 (HKLM\...\Business Contact Manager) (Version: 3.0.8619.1 - Microsoft Corporation)

Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1 - Microsoft Corporation) Hidden

Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Graphics Full New (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Graphics Light (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Graphics Previews Common (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center InstallProxy (Version: 2008.1231.1149.21141 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization Chinese Standard (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Chinese Traditional (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Czech (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Danish (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Dutch (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Finnish (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization French (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization German (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Greek (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Hungarian (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Italian (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Japanese (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Korean (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Norwegian (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Polish (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Portuguese (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Russian (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Spanish (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Swedish (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Thai (Version: 2008.1231.1149.21141 - ATI) Hidden

Catalyst Control Center Localization Turkish (Version: 2008.1231.1149.21141 - ATI) Hidden

CCC Help Chinese Standard (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Chinese Traditional (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Czech (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Danish (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Dutch (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help English (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Finnish (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help French (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help German (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Greek (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Hungarian (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Italian (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Japanese (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Korean (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Norwegian (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Polish (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Portuguese (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Russian (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Spanish (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Swedish (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Thai (Version: 2008.1231.1148.21141 - ATI) Hidden

CCC Help Turkish (Version: 2008.1231.1148.21141 - ATI) Hidden

ccc-core-static (Version: 2008.1231.1149.21141 - ATI) Hidden

ccc-utility (Version: 2008.1231.1149.21141 - ATI) Hidden

Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)

CyberLink DVD Suite (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.2326 - CyberLink Corp.)

CyberLink DVD Suite (Version: 6.0.2326 - CyberLink Corp.) Hidden

EPSON L200 Series Printer Uninstall (HKLM\...\EPSON L200 Series) (Version:  - SEIKO EPSON Corporation)

ESU for Microsoft Vista (HKLM\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)

Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden

Google Updater (HKLM\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)

HP Active Support Library (HKLM\...\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}) (Version: 3.1.9.1 - Hewlett-Packard)

HP Common Access Service Library (Version: 2.00 E6 - Hewlett-Packard) Hidden

HP Customer Experience Enhancements (HKLM\...\{57A5AEC1-97FC-474D-92C4-908FCC2253D4}) (Version: 5.7.0.2664 - Hewlett-Packard)

HP Deskjet 1050 J410 series Basic Device Software (HKLM\...\{226837D8-0BF8-4CBE-BAB2-8F07E2C2B4DD}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Deskjet 1050 J410 series Help (HKLM\...\{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}) (Version: 140.0.66.66 - Hewlett Packard)

HP Deskjet 1050 J410 series Product Improvement Study (HKLM\...\{7414C891-720D-4E86-85E5-C3AA898DA9EC}) (Version: 22.50.231.0 - Hewlett-Packard Co.)

HP Help and Support (HKLM\...\{0054A0F6-00C9-4498-B821-B5C9578F433E}) (Version: 2.1.3.0 - Hewlett-Packard Company)

HP Integrated Module with Bluetooth wireless technology 6.0.1.6204 (HKLM\...\{03D1988F-469F-4843-8E6E-E5FE9D17889D}) (Version: 6.0.1.6204 - HP)

HP MediaSmart DVD (HKLM\...\InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}) (Version: 2.1.2328 - Hewlett-Packard)

HP MediaSmart DVD (Version: 2.1.2328 - Hewlett-Packard) Hidden

HP MediaSmart Live TV (HKLM\...\InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}) (Version: 3.1.2206 - Hewlett-Packard)

HP MediaSmart Live TV (Version: 3.1.2206 - Hewlett-Packard) Hidden

HP MediaSmart Music/Photo/Video (HKLM\...\InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}) (Version: 2.1.2425 - Hewlett-Packard)

HP MediaSmart Music/Photo/Video (Version: 2.1.2425 - Hewlett-Packard) Hidden

HP MediaSmart SmartMenu (HKLM\...\{A7AC8E69-01FF-494E-9A2C-423B82CEA604}) (Version: 2.1.7 - Hewlett-Packard)

HP MediaSmart Webcam (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 2.1.1124 - Hewlett-Packard)

HP MediaSmart Webcam (Version: 2.1.1124 - Hewlett-Packard) Hidden

HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.3781 - HP Photo Creations Powered by RocketLife)

HP Quick Launch Buttons 6.40 L1 (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.40 L1 - Hewlett-Packard)

HP Total Care Advisor (HKLM\...\{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}) (Version: 2.4.5991.2847 - Hewlett-Packard)

HP Total Care Setup (HKLM\...\{95A747E0-DF19-46CB-A622-20A0107201BD}) (Version: 1.1.2413.2876 - Hewlett-Packard Company)

HP Update (HKLM\...\{612F4E20-3661-4D44-AD79-823F1B613FB3}) (Version: 5.002.008.001 - Hewlett-Packard)

HP User Guides 0134 (HKLM\...\{6ABE0E28-3A8E-4ADC-A050-784064B76236}) (Version: 1.01.0000 - Hewlett-Packard)

HP Wireless Assistant (HKLM\...\{E5E29403-3D25-40C6-892B-F9FEE2A95585}) (Version: 3.50 A6 - Hewlett-Packard)

HPAsset component for HP Active Support Library (Version: 3.0.0.7 - Hewlett-Packard) Hidden

HPNetworkAssistant (Version: 1.1.70 - Hewlett-Packard.) Hidden

IDT Audio (HKLM\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6087.22 - IDT)

Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)

Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

JMicron JMB38X Flash Media Controller Driver (HKLM\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.00.20.07 - JMicron Technology Corp.)

LabelPrint (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1118 - CyberLink Corp.)

LabelPrint (Version: 2.5.1118 - CyberLink Corp.) Hidden

LightScribe System Software  1.14.17.1 (HKLM\...\{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}) (Version: 1.14.17.1 - LightScribe)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Malwarebytes Secure Backup (HKLM\...\{E8FF0AA9-9733-49D5-86B9-3FB75F9E4D60}) (Version: 5.12.2.745 - Malwarebytes Corporation)

Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)

Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Office 2003 Web Components (HKLM\...\{90A40409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Small Business Connectivity Components (HKLM\...\{A939D341-5A04-4E0A-BB55-3E65B386432D}) (Version: 2.0.7024.0 - Microsoft Corporation)

Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft SQL Server 2005 (HKLM\...\Microsoft SQL Server 2005) (Version:  - Microsoft Corporation)

Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00 - Microsoft Corporation) Hidden

Microsoft SQL Server Native Client (HKLM\...\{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server Setup Support Files (English) (HKLM\...\{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft SQL Server VSS Writer (HKLM\...\{E7084B89-69E0-46B3-A118-8F99D06988CD}) (Version: 9.00.5000.00 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mobile Broadband HL Service (HKLM\...\Mobile Broadband HL Service) (Version: 22.001.10.00.03 - Huawei Technologies Co.,Ltd)

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

muvee Reveal (HKLM\...\{E8020EC7-5DD8-80C9-7237-7B2E9BDA8CC6}) (Version: 7.0.35.7660 - muvee Technologies Pte Ltd)

My HP Games (HKLM\...\WildTangent hp Master Uninstall) (Version: 1.0.0.62 - WildTangent)

MyEpson Portal (HKLM\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)

MyEpson Portal (Version: 1.0.3.0 - SEIKO EPSON CORPORATION) Hidden

Power2Go (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.2325 - CyberLink Corp.)

Power2Go (Version: 6.0.2325 - CyberLink Corp.) Hidden

PowerDirector (HKLM\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 7.0.2317 - CyberLink Corp.)

PowerDirector (Version: 7.0.2317 - CyberLink Corp.) Hidden

ProtectSmart Hard Drive Protection (HKLM\...\{AAD72731-807A-4B79-AE05-9190B7002B7B}) (Version: 3.10 A7 - Hewlett-Packard)

QuickTime (HKLM\...\QuickTime) (Version:  - )

Realtek 8169 8168 8101E 8102E Ethernet Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0000 - Realtek)

SCRABBLE® 2005 EDITION (HKLM\...\{29031977-EF5E-446E-B3E1-E66B6FA3895D}) (Version: 1.0 - )

Skins (Version: 2008.1231.1149.21141 - ATI) Hidden

Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.9.12585 - Skype Technologies S.A.)

Skype™ 6.16 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)

SoftStylus (HKLM\...\{3E0E6066-A687-448D-BFC4-D58BE3399C3B}) (Version: 2.2.3 - Motorola)

SPORE Creature Creator Trial Edition (HKLM\...\{ECEE0279-785F-4CB3-9F28-E69813234BF8}) (Version: 1.00.0000 - Electronic Arts)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.2.1.0 - Synaptics)

ubi.com (HKLM\...\{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}) (Version:  - )

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROHYBRIDR_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)

Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROHYBRIDR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)

Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROHYBRIDR_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROHYBRIDR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROHYBRIDR_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)

Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROHYBRIDR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROHYBRIDR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)

Windows Driver Package - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0) (HKLM\...\7DE39862CC26DCE2446838AAF7CD5C163F835A57) (Version: 09/04/2008 2.6.0.0 - ENE)

 

==================== Restore Points  =========================

 

20-03-2014 01:01:35 Removed Java 6 Update 7

20-03-2014 01:05:43 Installed Java 7 Update 51

23-03-2014 03:16:39 Windows Update

23-03-2014 16:00:34 Windows Update

24-03-2014 11:38:52 Windows Update

25-03-2014 00:54:59 Windows Update

25-03-2014 03:12:36 Windows Update

28-03-2014 08:03:18 Windows Update

01-04-2014 03:23:29 Windows Update

03-04-2014 06:56:32 Windows Update

03-04-2014 08:07:17 Windows Update

03-04-2014 22:48:34 Windows Update

07-04-2014 04:16:25 Windows Update

08-04-2014 23:22:27 Windows Update

13-04-2014 03:22:12 Windows Update

16-04-2014 06:04:15 Windows Update

20-04-2014 03:25:07 Windows Update

23-04-2014 23:24:04 Windows Update

28-04-2014 05:18:34 Windows Update

01-05-2014 06:11:16 Windows Update

03-05-2014 12:26:40 Windows Update

07-05-2014 11:28:40 Windows Update

10-05-2014 11:59:17 Windows Update

16-05-2014 04:30:04 Windows Update

16-05-2014 05:27:09 Windows Update

19-05-2014 10:10:38 Windows Update

23-05-2014 07:33:05 Windows Update

27-05-2014 00:46:51 Windows Update

30-05-2014 01:29:49 Windows Update

02-06-2014 07:19:07 Windows Update

06-06-2014 03:53:20 Installed Malwarebytes Secure Backup

06-06-2014 08:25:11 Windows Update

10-06-2014 00:05:48 Windows Update

11-06-2014 01:47:11 Windows Update

14-06-2014 06:21:41 Windows Update

 

==================== Hosts content: ==========================

 

2006-11-02 20:23 - 2006-09-19 07:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

::1             localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0C3AF200-FADC-49E5-880E-DEE192C8B79A} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\Windows\system32\RAServer.exe [] (Microsoft Corporation)

Task: {11893D5E-54A0-4C6B-AB0D-D9FA527334A9} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\Windows\system32\wermgr.exe [] (Microsoft Corporation)

Task: {16C17146-4CAD-4BC5-9072-C636C422C336} - System32\Tasks\CapUninst => c:\Program Files\Hewlett-Packard\Media\Live TV\Kernel\TV\CapUninst.exe [2009-10-06] (CL)

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM

Task: {2709EB7C-F2A7-4E0F-9B73-9BCDBADE595A} - System32\Tasks\CapSvcInst => c:\Program Files\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSvcInst.exe [2009-10-06] (CL)

Task: {2B556C40-6FA3-4B77-89DE-14077979DC48} - System32\Tasks\{0EBDD784-A90A-4E67-AEC4-30EB03537788} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179/en/abandoninstall?source=lightinstaller&page=tsProblems&LastError=403&installinfo=google-toolbar:offered-installed,google-chrome:notoffered;systemlevelpresent

Task: {2FFE5721-2B27-4553-AD46-195AEC70816C} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\Windows\system32\lpremove.exe [] (Microsoft Corporation)

Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI

Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages

Task: {3E1A6ED9-D7D5-4EA2-BB5D-F90AE0FC8DC1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-31] (Google Inc.)

Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [] (Microsoft Corporation)

Task: {4B13E035-BD1D-47A8-88C3-8DE50C2E6591} - System32\Tasks\HP Health Check => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-10] (Hewlett-Packard)

Task: {4D7BC85C-5A41-4963-8CDD-6D9D55F757DB} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\Windows\system32\BthUdTask.exe [] (Microsoft Corporation)

Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [] ()

Task: {5D17BF81-D545-40E4-9612-8317B15172DB} - System32\Tasks\CapSchedInst => c:\Program Files\Hewlett-Packard\Media\Live TV\Kernel\TV\CapSchedInst.exe [2009-10-06] (CL)

Task: {64B0FCF8-75AC-460A-AF82-62A51A3691F2} - System32\Tasks\{B7A38821-DE23-4E88-9289-00A6D7C9D49A} => C:\Windows\system32\pcalua.exe [] (Microsoft Corporation)

Task: {712FB621-E178-4FBE-B93A-27279CA2BEE8} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [] (Microsoft Corporation)

Task: {78DABEC8-68B8-4590-81BD-4532D98F07C2} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\Windows\system32\DFDWiz.exe [] (Microsoft Corporation)

Task: {84E1DF39-9004-4F5C-8D45-4F3A8BFDD0D8} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-10-17] (Google)

Task: {884B0138-6D28-4483-81AB-42A58BE83CE6} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {89194558-47E7-4A9E-B507-6C91CE4E6504} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\Windows\System32\wsqmcons.exe [] (Microsoft Corporation)

Task: {8CC58C5E-C35C-4302-854E-89B3FA9F2572} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: {98B6A8CF-E8A5-4763-966C-3EFDE00C5E97} - System32\Tasks\HPCustParticipation HP Deskjet 1050 J410 series => C:\Program Files\HP\HP Deskjet 1050 J410 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.)

Task: {99B9521C-F109-4B7B-BDDF-99CF656525E0} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\Windows\system32\defrag.exe [] (Microsoft Corp.)

Task: {A4959EE8-0FA2-470B-B256-7306B30271C6} - System32\Tasks\{E7E95898-ED46-4E71-A4BB-C5F16962D7C5} => C:\Program Files\Skype\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)

Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [] (Microsoft Corporation)

Task: {A70396F1-ADE6-4B57-AE51-6E5318CC025B} - System32\Tasks\TVAgent => c:\Program Files\Hewlett-Packard\Media\Live TV\TVAgent.exe [2009-10-06] (CyberLink Corp.)

Task: {BE34E26F-01B0-485D-812B-841E82DFF645} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\system32\sdclt.exe [] (Microsoft Corporation)

Task: {D08D823B-9906-4C22-871F-ABDD6A13B3E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-31] (Google Inc.)

Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [] ()

Task: {E5602D64-86F9-43AB-9557-21AB67F25CB2} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [] (Microsoft Corporation)

Task: {F89B5B3A-456A-450F-B73D-0B114D94E6DA} - System32\Tasks\User_Feed_Synchronization-{13813252-67B0-4675-862F-977D2789BE51} => C:\Windows\system32\msfeedssync.exe [] (Microsoft Corporation)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-10-21 13:53 - 2012-10-21 13:53 - 00230240 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe

2009-01-20 18:13 - 2008-12-18 10:11 - 00365952 _____ () C:\Program Files\SMINST\BLService.exe

2009-01-20 18:13 - 2008-12-18 10:11 - 00132480 _____ () C:\Program Files\SMINST\STWmiM.dll

2009-01-20 17:07 - 2008-09-16 00:13 - 00241734 _____ () C:\Program Files\CyberLink\Shared files\RichVideo.exe

2009-01-20 17:07 - 2008-09-16 00:13 - 00028672 _____ () C:\Program Files\Cyberlink\Shared files\RichVideops.dll

2008-12-26 06:41 - 2008-12-26 06:41 - 00881960 ____N () C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll

2007-07-13 06:55 - 2007-07-13 06:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll

2007-08-15 06:59 - 2007-08-15 06:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll

2007-07-13 06:55 - 2007-07-13 06:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll

2008-06-20 06:10 - 2008-06-20 06:10 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2009-04-06 20:38 - 2009-04-06 20:38 - 00014848 _____ () C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll

2008-10-30 10:34 - 2008-10-30 10:34 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll

2008-10-23 04:32 - 2008-10-23 04:32 - 00628016 _____ () C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe

2008-10-08 13:18 - 2008-10-08 13:18 - 00091432 ____N () C:\Program Files\Hewlett-Packard\Media\Webcam\BlackCat.dll

2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2009-02-26 12:46 - 2009-02-26 12:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll

2011-06-22 10:46 - 2011-06-22 10:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll

2009-02-20 08:47 - 2009-02-20 08:47 - 00529512 _____ () C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BCMRes.resources.dll

2006-10-30 13:32 - 2006-10-30 13:32 - 00064328 _____ () C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\BusinessLayer.resources.dll

2006-10-30 13:32 - 2006-10-30 13:32 - 00012104 _____ () C:\Program Files\Microsoft Small Business\Business Contact Manager\en-US\Microsoft.Interop.Mapi.Interfaces.resources.dll

2014-04-12 13:53 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll

2014-04-12 13:53 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

2014-06-12 18:42 - 2014-06-05 23:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll

2014-06-12 18:42 - 2014-06-05 23:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll

2014-06-12 18:42 - 2014-06-05 23:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

 

==================== EXE Association (whitelisted) =============

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

 

==================== Faulty Device Manager Devices =============

 

Name: Microsoft 6to4 Adapter #15

Description: Microsoft 6to4 Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Microsoft ISATAP Adapter #6

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

Name: Microsoft ISATAP Adapter #10

Description: Microsoft ISATAP Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: tunnel

Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)

Resolution: Update the driver

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (06/16/2014 02:22:48 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application SearchProtocolHost.exe, version 7.0.6002.18005, time stamp 0x49e0244d, faulting module Microsoft.Interop.Mapi.Impl.dll, version 3.0.6912.0, time stamp 0x46e8beed, exception code 0xc0000005, fault offset 0x0005a285,

process id 0x%9, application start time 0xSearchProtocolHost.exe0.

 

Error: (06/11/2014 02:58:31 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:31 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\LANGUAGES> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:30 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\JS> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:27 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:23 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\WHITE-ON-BLACK> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

Error: (06/11/2014 02:58:21 PM) (Source: Windows Search Service) (EventID: 3013) (User: )

Description: The entry <C:\USERS\JOHNM\APPDATA\LOCAL\SKYPE\APPS\LOGIN\IMAGES\RETINA> in the hash map cannot be updated.

 

Context:  Application, SystemIndex Catalog

 

 

Details:

A device attached to the system is not functioning.   (0x8007001f)

 

 

System errors:

=============

Error: (06/17/2014 03:26:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: MBAMWebAccessControlBFE

 

Error: (06/17/2014 03:26:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: MBAMWebAccessControlBFE

 

Error: (06/16/2014 09:47:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 0.0.0.0

 

Update Source: %NT AUTHORITY51

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (06/16/2014 09:47:39 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Microsoft Network InspectionMicrosoft Network Inspection System%%1075

 

Error: (06/16/2014 09:47:39 PM) (Source: Service Control Manager) (EventID: 7003) (User: )

Description: Microsoft Network Inspection SystemBFE

 

Error: (06/16/2014 09:47:39 PM) (Source: Microsoft Antimalware) (EventID: 2003) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update the engine.

 

New Engine Version: 

 

Previous Engine Version: 

 

Engine Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Error Code: %NT AUTHORITY601

 

Error description: %NT AUTHORITY602

 

Error: (06/16/2014 09:47:39 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 

 

Update Source: %NT AUTHORITY15

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\NETWORK SERVICE

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (06/16/2014 09:46:44 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: 0x80070643Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.175.2420.0){8D31F3CE-4470-4034-8B2A-5506CDFA143E}201

 

Error: (06/16/2014 09:44:37 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 

New Signature Version: 

 

Previous Signature Version: 1.175.2420.0

 

Update Source: %NT AUTHORITY59

 

Update Stage: 4.5.0216.00

 

Source Path: 4.5.0216.01

 

Signature Type: %NT AUTHORITY602

 

Update Type: %NT AUTHORITY604

 

User: NT AUTHORITY\SYSTEM

 

Current Engine Version: %NT AUTHORITY605

 

Previous Engine Version: %NT AUTHORITY606

 

Error code: %NT AUTHORITY607

 

Error description: %NT AUTHORITY608

 

Error: (06/16/2014 09:44:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: Microsoft Network InspectionMicrosoft Network Inspection System%%1075

 

 

Microsoft Office Sessions:

=========================

Error: (12/12/2013 09:18:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1990274 seconds with 5640 seconds of active time.  This session ended with a crash.

 

Error: (12/11/2010 03:32:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1036707 seconds with 17340 seconds of active time.  This session ended with a crash.

 

Error: (07/29/2009 07:34:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9456 seconds with 1500 seconds of active time.  This session ended with a crash.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 62%

Total physical RAM: 3068.25 MB

Available physical RAM: 1138.64 MB

Total Pagefile: 6339.52 MB

Available Pagefile: 3520.39 MB

Total Virtual: 2047.88 MB

Available Virtual: 1928.79 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:286.86 GB) (Free:193.4 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (DATA) (Fixed) (Total:298.09 GB) (Free:294.29 GB) NTFS

Drive e: (RECOVERY) (Fixed) (Total:11.23 GB) (Free:1.31 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: (SCRABBLE) (CDROM) (Total:0.64 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 298 GB) (Disk ID: 6A248AAC)

Partition 1: (Active) - (Size=287 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=11 GB) - (Type=07 NTFS)

 

========================================================

Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5C89754C)

Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)

 

==================== End Of Log ============================

 

 

can result of Farbar Recovery Scan Tool (FRST) (x86) Version:16-06-2014

Ran by Johnm (administrator) on JOHNM-PC on 17-06-2014 16:30:35

Running from C:\Users\Johnm\Downloads

Platform: Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe

(Microsoft Corporation) C:\Windows\System32\SLsvc.exe

(Hewlett-Packard Corporation) C:\Windows\System32\hpservice.exe

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe

(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe

(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe

() C:\ProgramData\MobileBrServ\mbbService.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mepService.exe

() C:\Program Files\SMINST\BLService.exe

() C:\Program Files\CyberLink\Shared files\RichVideo.exe

(Malwarebytes Secure Backup) C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe

(SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mep.exe

(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(CyberLink Corp.) C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe

(CyberLink Corp.) C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe

(CyberLink) C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe

( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

(Apple Computer, Inc.) C:\Program Files\QuickTime\qttask.exe

(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray.exe

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGUP.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe

(Microsoft Corporation.) C:\Program Files\Microsoft\BingBar\7.3.132.0\SeaPort.EXE

(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe

(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [startCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-30] (Advanced Micro Devices, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1348904 2008-07-25] (Synaptics, Inc.)

HKLM\...\Run: [DVDAgent] => C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe [1148200 2008-11-29] (CyberLink Corp.)

HKLM\...\Run: [TSMAgent] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1316136 2008-12-26] (CyberLink Corp.)

HKLM\...\Run: [CLMLServer for HP TouchSmart] => C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [189736 2008-12-26] (CyberLink)

HKLM\...\Run: [uCam_Menu] => C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [218408 2008-11-15] (CyberLink Corp.)

HKLM\...\Run: [smartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [914224 2008-11-19] (Hewlett-Packard)

HKLM\...\Run: [updateLBPShortCut] => C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)

HKLM\...\Run: [updatePSTShortCut] => C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2008-11-27] (CyberLink Corp.)

HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [206128 2008-10-11] ( Hewlett-Packard Development Company, L.P.)

HKLM\...\Run: [updateP2GoShortCut] => C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [210216 2008-10-31] (CyberLink Corp.)

HKLM\...\Run: [updatePDIRShortCut] => C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [210216 2008-06-14] (CyberLink Corp.)

HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [75008 2008-10-10] (Hewlett-Packard)

HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [432432 2008-12-09] (Hewlett-Packard)

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [77824 2009-09-01] (Apple Computer, Inc.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)

HKLM\...\Run: [] => [X]

HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray.exe [450659 2008-10-27] (IDT, Inc.)

HKLM\...\Run: [sunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)

HKLM\...\Run: [sOSUAUI] => C:\Program Files\Malwarebytes Secure Backup\sosuploadagent.exe [55704 2014-03-19] (Malwarebytes Secure Backup)

HKLM\...\Run: [sMessaging] => C:\Program Files\Malwarebytes Secure Backup\SMessaging.exe [65432 2014-03-19] (Malwarebytes Secure Backup)

HKLM\...\Run: [AccountCreatorRunner] => C:\Program Files\Malwarebytes Secure Backup\AccountCreatorRunner.exe [22424 2014-03-19] (Malwarebytes Secure Backup)

HKU\.DEFAULT\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-19\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter

HKU\S-1-5-20\...\Run: [OE] => C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2008-06-10] (Hewlett-Packard Company)

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-07-31] (Google Inc.)

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\Run: [EPSON L200 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIGUP.EXE [201216 2010-01-12] (SEIKO EPSON CORPORATION)

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\Run: [skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: F - F:\autorun\UbiAutorun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {161eaf61-63fd-11e0-85b2-e987ce003a9b} - G:\AutoRun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {161eaf98-63fd-11e0-85b2-97b3e848743b} - G:\AutoRun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {467903a8-1349-11e2-849b-d5db7a93d516} - G:\AutoRun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {5708a4af-0cda-11e1-a5a1-c56669200629} - G:\AutoRun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {aa6a9f5e-7881-11df-9f1e-00247e5641c2} - G:\AutoRun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {aa6a9f6a-7881-11df-9f1e-00247e5641c2} - G:\AutoRun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {d42b2013-b532-11e1-bf91-fe2d9de007b7} - G:\AutoRun.exe

HKU\S-1-5-21-3731015441-3819411463-1339622383-1003\...\MountPoints2: {e487ad7e-7910-11de-bc00-806e6f6e6963} - F:\autorun\UbiAutorun.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abc.net.au/

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Pavilion&pf=cnnb

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Pavilion&pf=cnnb

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=91&bd=Pavilion&pf=cnnb

SearchScopes: HKLM - {FEF15D8E-EC46-4AC9-A7D0-0051A75E8A67} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au

SearchScopes: HKCU - DefaultScope {FEF15D8E-EC46-4AC9-A7D0-0051A75E8A67} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au

SearchScopes: HKCU - {FEF15D8E-EC46-4AC9-A7D0-0051A75E8A67} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 203.31.48.11 203.33.171.201

 

FireFox:

========

FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

 

Chrome: 

=======

CHR HomePage: hxxp://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/"

CHR DefaultSearchKeyword: slirsredirect.search.aol.com

CHR DefaultSearchProvider: AOL Search

CHR DefaultSearchURL: http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au

CHR DefaultNewTabURL: 

CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\gcswf32.dll No File

CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

CHR Plugin: (Remoting Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()

CHR Plugin: (Skype Toolbars) - C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)

CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File

CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

CHR Plugin: (Default Plug-in) - default_plugin No File

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]

CHR Extension: (YouTube) - C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-23]

CHR Extension: (Google Search) - C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-23]

CHR Extension: (Skype Click to Call) - C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2011-11-04]

CHR Extension: (Google Wallet) - C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]

CHR Extension: (Gmail) - C:\Users\Johnm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-23]

CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

 

========================== Services (Whitelisted) =================

 

R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [77824 2008-06-28] (Andrea Electronics Corporation)

R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)

S2 gupdate1ca11b110d061c0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-07-31] (Google Inc.)

R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-10-10] (Hewlett-Packard) [File not signed]

R3 hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [223232 2008-10-24] (Hewlett-Packard Development Company, L.P.) [File not signed]

R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [73728 2008-06-10] (Hewlett-Packard Company) [File not signed]

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [230240 2012-10-21] ()

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)

S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)

R2 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703616 2012-07-26] (SEIKO EPSON CORPORATION)

S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)

R2 Recovery Service for Windows; C:\Program Files\SMINST\BLService.exe [365952 2008-12-18] ()

R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [241734 2008-09-16] () [File not signed]

R2 sagentservice; C:\Program Files\Malwarebytes Secure Backup\SAgent.Service.exe [41880 2014-03-19] (Malwarebytes Secure Backup)

R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe [237657 2008-10-27] (IDT, Inc.)

S3 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]

S2 Security Activity Dashboard Service; C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [X]

 

==================== Drivers (Whitelisted) ====================

 

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2013-09-09] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-17] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)

R0 PxHelp20; C:\Windows\System32\DRIVERS\PxHelp20.sys [20016 2004-05-19] (Sonic Solutions) [File not signed]

R2 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11973 2013-09-09] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]

R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl [87536 2008-11-29] (CyberLink Corp.)

S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]

S3 IpInIp; system32\DRIVERS\ipinip.sys [X]

S3 neokdss; system32\Drivers\neokdss.sys [X]

S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]

S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-06-17 16:30 - 2014-06-17 16:31 - 00022568 _____ () C:\Users\Johnm\Downloads\FRST.txt

2014-06-17 16:29 - 2014-06-17 16:30 - 00000000 ____D () C:\FRST

2014-06-17 16:27 - 2014-06-17 16:28 - 01072640 _____ (Farbar) C:\Users\Johnm\Downloads\FRST (1).exe

2014-06-17 16:26 - 2014-06-17 16:26 - 01072640 _____ (Farbar) C:\Users\Johnm\Downloads\FRST.exe

2014-06-11 14:57 - 2014-06-11 14:57 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-11 10:42 - 2014-04-05 13:23 - 00915392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-06-11 10:42 - 2014-04-05 11:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys

2014-06-06 13:55 - 2014-06-06 13:55 - 00001836 _____ () C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk

2014-06-06 13:55 - 2014-06-06 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2014-06-06 13:54 - 2014-06-06 13:55 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup

2014-06-06 13:41 - 2014-06-06 13:41 - 00000000 ____D () C:\Windows\Downloaded Installations

2014-05-26 16:08 - 2014-06-17 15:22 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-05-26 16:08 - 2014-06-06 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-05-26 16:08 - 2014-06-06 13:30 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-05-26 16:08 - 2014-06-06 13:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-05-26 16:08 - 2014-06-06 13:30 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-05-26 16:08 - 2014-05-12 08:19 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-05-26 16:08 - 2014-05-12 08:19 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-05-26 16:08 - 2014-05-12 08:19 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-05-26 16:04 - 2014-05-26 16:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Johnm\Downloads\mbam-setup-2.0.2.1012.exe

 

==================== One Month Modified Files and Folders =======

 

2014-06-17 16:31 - 2014-06-17 16:30 - 00022568 _____ () C:\Users\Johnm\Downloads\FRST.txt

2014-06-17 16:31 - 2009-07-25 07:19 - 00000000 ____D () C:\Users\Johnm\AppData\Local\Temp

2014-06-17 16:30 - 2014-06-17 16:29 - 00000000 ____D () C:\FRST

2014-06-17 16:28 - 2014-06-17 16:27 - 01072640 _____ (Farbar) C:\Users\Johnm\Downloads\FRST (1).exe

2014-06-17 16:28 - 2010-03-30 19:19 - 00000000 ____D () C:\Users\Johnm\AppData\Roaming\Skype

2014-06-17 16:26 - 2014-06-17 16:26 - 01072640 _____ (Farbar) C:\Users\Johnm\Downloads\FRST.exe

2014-06-17 15:47 - 2012-08-12 14:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-06-17 15:46 - 2009-07-31 17:36 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-06-17 15:22 - 2014-05-26 16:08 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-06-17 15:17 - 2009-04-06 20:32 - 01566039 _____ () C:\Windows\WindowsUpdate.log

2014-06-17 14:28 - 2009-07-31 17:30 - 00000868 _____ () C:\Windows\Tasks\Google Software Updater.job

2014-06-17 13:24 - 2011-02-14 15:35 - 00000000 ____D () C:\Users\Johnm\Documents\verse

2014-06-17 08:46 - 2009-07-31 17:36 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-06-16 19:27 - 2009-07-28 19:56 - 00000000 ____D () C:\Users\Johnm\Documents\PERSONAL

2014-06-16 18:56 - 2011-04-03 17:07 - 00000000 ____D () C:\Users\Johnm\AppData\Roaming\HpUpdate

2014-06-11 14:57 - 2014-06-11 14:57 - 00000000 ____D () C:\Program Files\Common Files\Skype

2014-06-11 14:57 - 2010-03-30 19:18 - 00000000 ___RD () C:\Program Files\Skype

2014-06-11 14:57 - 2010-03-30 19:18 - 00000000 ____D () C:\ProgramData\Skype

2014-06-11 14:53 - 2006-11-02 23:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-06-11 11:56 - 2009-04-06 20:32 - 00000012 _____ () C:\Windows\bthservsdp.dat

2014-06-11 11:56 - 2006-11-02 23:01 - 00032598 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

2014-06-11 11:55 - 2009-01-20 16:21 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-06-11 11:45 - 2009-08-01 09:33 - 00000000 ____D () C:\Users\Johnm\Documents\tarian

2014-06-06 13:55 - 2014-06-06 13:55 - 00001836 _____ () C:\Users\Public\Desktop\Malwarebytes Secure Backup.lnk

2014-06-06 13:55 - 2014-06-06 13:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2014-06-06 13:55 - 2014-06-06 13:54 - 00000000 ____D () C:\Program Files\Malwarebytes Secure Backup

2014-06-06 13:54 - 2014-05-26 16:08 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-06-06 13:41 - 2014-06-06 13:41 - 00000000 ____D () C:\Windows\Downloaded Installations

2014-06-06 13:30 - 2014-05-26 16:08 - 00000861 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-06-06 13:30 - 2014-05-26 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-06-06 13:30 - 2014-05-26 16:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware

2014-06-04 14:05 - 2011-09-08 21:03 - 00000000 ____D () C:\Users\Johnm\Documents\financial-tax

2014-05-26 16:06 - 2014-05-26 16:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Johnm\Downloads\mbam-setup-2.0.2.1012.exe

2014-05-23 15:25 - 2006-11-02 22:52 - 00173064 _____ () C:\Windows\setupact.log

 

Some content of TEMP:

====================

C:\Users\Johnm\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Johnm\AppData\Local\Temp\SkypeSetup.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-06-11 14:59

 

==================== End Of Log ============================

 

[AdvancedSetup]

Hello and

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 

If you're using

Peer 2 Peer

software such as

uTorrent, BitTorrent

or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have

illegal/cracked software, cracks, keygens etc

. on the system, please remove or uninstall them now and read the policy on

Piracy

.

 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

• Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
• If the log is too large then you can use attachments by clicking on the More Reply Options button.
• Please enable your system to show hidden files: How to see hidden files in Windows
• Make sure you're subscribed to this topic:
  
  • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
    

  [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)
  

 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 

Link 1

Link 2

• On Windows XP double-click on the Rkill desktop icon to run the tool.
• On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• If the tool does not run from any of the links provided, please let me know.
• Do not reboot the computer, you will need to run the application again.
  

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

• Please download ERUNT from one of the following links: Link1 | Link2 | Link3
• ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
• Double click on erunt-setup.exe to Install ERUNT by following the prompts.
• NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
• Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
• Choose a location for the backup.
  
  • Note: the default location is C:\Windows\ERDNT which is acceptable.
    

  [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
  

STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

• RogueKiller 32-bit | RogueKiller 64-bit
• Quit all running programs.
• For Windows XP, double-click to start.
• For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
• Read and accept the EULA (End User Licene Agreement)
• Click Scan to scan the system.
• When the scan completes Close the program > Don't Fix anything!
• Don't run any other options, they're not all bad!!
• Post back the report which should be located on your desktop.
  

Thank you
 

[AdvancedSetup]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!