Malwarebytes Won't Run Please Help

gjwsfg · October 22, 2014

I cannot get malwarebytes to load or run. I have tried running it via chameleon and it does not run. Please find attached to this post the farbar scan logs. Thanks in advance for your help.

Addition.txt

FRST.txt

AdvancedSetup · October 25, 2014

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
If the log is too large then you can use attachments by clicking on the More Reply Options button.
Please enable your system to show hidden files: How to see hidden files in Windows
Make sure you're subscribed to this topic:
- Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
You can check here if you're not sure if your computer is 32-bit or 64-bit
Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
When we are done, I'll give you instructions on how to cleanup all the tools and logs
Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
Your topic will be closed if you haven't replied within 3 days
(If I have not responded within 24 hours, please send me a Private Message as a reminder)

STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

On Windows XP double-click on the Rkill desktop icon to run the tool.
On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
Do not reboot the computer, you will need to run the application again.

STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please download ERUNT from one of the following links: Link1 | Link2 | Link3
ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
Double click on erunt-setup.exe to Install ERUNT by following the prompts.
NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
Choose a location for the backup.
- Note: the default location is C:\Windows\ERDNT which is acceptable.
Make sure that at least the first two check boxes are selected.
Click on OK
Then click on YES to create the folder.
Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

RogueKiller 32-bit | RogueKiller 64-bit
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.

Thank you

gjwsfg · October 25, 2014

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/25/2014

Scan Time: 3:06:48 PM

Logfile:

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.10.25.05

Rootkit Database: v2014.10.22.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Graham

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 393628

Time Elapsed: 51 min, 3 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

gjwsfg · October 25, 2014

Roguekiller Log:

RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Graham [Administrator]

Mode : Scan -- Date : 10/25/2014 16:22:44

¤¤¤ Processes : 3 ¤¤¤

[suspicious.Path] Dashlane.exe -- C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe[7] -> Killed [TermProc]

[suspicious.Path] agent.exe -- C:\ProgramData\FLEXnet\Connect\11\agent.exe[7] -> Killed [TermProc]

[suspicious.Path] DashlanePlugin.exe -- C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 22 ¤¤¤

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartAnalyzer for SmartOffice : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-ms -> Found

[suspicious.Path] (X64) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartOffice Desktop Integrations : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | Dashlane : "C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartAnalyzer for SmartOffice : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-ms -> Found

[suspicious.Path] (X86) HKEY_USERS\S-1-5-21-356050647-1739812504-2184696174-1001\Software\Microsoft\Windows\CurrentVersion\Run | SmartOffice Desktop Integrations : C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatShieldService (C:\Program Files (x86)\Expat Shield\bin\openvpnas.exe) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatSrv (C:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatTrayService (C:\Program Files (x86)\Expat Shield\bin\ExpatTrayService.EXE) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\ExpatWd (C:\Program Files (x86)\Expat Shield\bin\hsswd.exe -product Expat) -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

¤¤¤ Tasks : 1 ¤¤¤

[suspicious.Path] \\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK6476GSX SATA Disk Device +++++

--- User ---

[MBR] dcddd2988da2953f970b7cf3aad93e31

[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 595424 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1219837952 | Size: 14752 MB

3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1250050048 | Size: 103 MB

User = LL1 ... OK

User != LL2 ... KO!

--- LL2 ---

[MBR] c6a45de37da3e0338231e05937094ca6

[bSP] df2c1c2e7bbff6bdec1ef9d26964e6b2 : Windows Vista/7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB

1 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 159793152 | Size: 400 MB

gjwsfg · October 25, 2014

RKill Log:

Rkill 2.6.8 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/25/2014 02:54:32 PM in x64 mode.

Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 2084) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 10/25/2014 03:00:02 PM

Execution time: 0 hours(s), 5 minute(s), and 30 seconds(s)

topmoxie · October 26, 2014

Just curious I recently reload my PC installed MB but malicious will not come on even though its set to when computer starts can,t turn it on manually either

AdvancedSetup · October 28, 2014

Sorry for the delay. If it won't run then ignore it for now an run the other scans and post back the logs.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04
Please download Junkware Removal Tool to your desktop.

Shutdown your antivirus to avoid any conflicts.
Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next reply message
When completed make sure to re-enable your antivirus

STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
When it's done you'll see: Pending: Please uncheck elements you don't want removed.
Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
Look over the log especially under Files/Folders for any program you want to save.
If there's a program you may want to save, just uncheck it from AdwCleaner.
If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
If you're ready to clean it all up.....click the Clean button.
After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
To restore an item that has been deleted:
Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

Please go here to run the online antivirus scannner from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
[*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

Double-click to run it. When the tool opens click Yes to disclaimer.
Press the Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

gjwsfg · October 28, 2014

Step 4

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.3 (10.21.2014:1)

OS: Windows 7 Home Premium x64

Ran by Graham on Tue 10/28/2014 at 9:27:30.48

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{449C3E0B-6B73-445B-82AE-3153B5093B57}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5D5EE544-ABDA-4953-9A7B-978D449D9B1D}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Graham\AppData\Roaming\zip opener packages"

Successfully deleted: [Folder] "C:\Users\Graham\appdata\local\cre"

Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{0E2F8F2D-BE65-4547-8BCD-1168B8C8C0C2}

Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{35EC0B26-C3DE-45D1-8735-60E4F304E918}

Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{653CC3CC-00A1-4C15-8D60-EAF71329B5CB}

Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{AAE614B3-D42F-42E8-803C-E2E79022C52E}

Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{CD1B7AFE-C6EA-4DCC-8271-A2329DB06B13}

Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{F219200E-D1E5-4889-A5BC-9AC6F63DED61}

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 10/28/2014 at 9:34:38.96

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

gjwsfg · October 28, 2014

Step 5

# AdwCleaner v4.002 - Report created 28/10/2014 at 10:26:32

# DB v2014-10-26.6

# Updated 27/10/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Graham - GRAHAM-HP

# Running from : C:\Users\Graham\Downloads\AdwCleaner (1).exe

# Option : Clean

***** [ Services ] *****

[#] Service Deleted : ExpatShieldService

[#] Service Deleted : ExpatSrv

[#] Service Deleted : ExpatTrayService

[#] Service Deleted : ExpatWd

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [15414 octets] - [19/10/2014 12:32:31]

AdwCleaner[R1].txt - [1255 octets] - [28/10/2014 10:15:18]

AdwCleaner[s0].txt - [14269 octets] - [19/10/2014 12:36:42]

AdwCleaner[s1].txt - [1189 octets] - [28/10/2014 10:26:32]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1249 octets] ##########

gjwsfg · October 28, 2014

Step 6

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/28/2014

Scan Time: 10:39:03 AM

Logfile: malware scan.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.10.28.03

Rootkit Database: v2014.10.22.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Enabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Graham

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 391042

Time Elapsed: 1 hr, 0 min, 21 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

gjwsfg · October 28, 2014

Step 7

C:\AdwCleaner\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe.vir a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert0.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert1.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert2.dll.vir Win32/Toolbar.Conduit.Y potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\Expat_ShieldToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\ldrtbExpa.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\prxtbExpa.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Expat_Shield\tbExpa.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\ldrtbYour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\prxtbYou0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\prxtbYour.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\tbYour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Your-TV\Your-TVToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\ldrtbyour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\prxtbyou0.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\prxtbyour.dll.vir Win32/Toolbar.Conduit.O potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\tbyour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Program Files (x86)\your-tv-live\your-tv-liveToolbarHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT2549263\Expat_ShieldAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT2780272\Your-TVAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Local\Conduit\CT3171454\your-tv-liveAutoUpdateHelper.exe.vir Win32/Toolbar.Conduit.Q potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Expat_Shield\ldrtbExpa.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Expat_Shield\tbExpa.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Your-TV\ldrtbYour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\Your-TV\tbYour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\your-tv-live\ldrtbyour.dll.vir a variant of Win32/Toolbar.Conduit.P potentially unwanted application

C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\LocalLow\your-tv-live\tbyour.dll.vir a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\Graham\AppData\Local\Downloaded Installations\{AC08ECED-D6F8-404E-93A0-F037F0623C92}\The Weather Channel App.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

C:\Users\Graham\AppData\Local\Temp\ApnStub.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\Graham\AppData\Local\Temp\ASK1F63.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\Graham\AppData\Local\Temp\ASK714E.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\Graham\AppData\Local\Temp\ASKB5AB.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\Graham\AppData\Local\Temp\ASKC57A.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application

C:\Users\Graham\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exe a variant of Win32/InstallCore.RA potentially unwanted application

C:\Users\Graham\AppData\Local\Temp\nsp72FF.tmp.tbWise.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\Graham\AppData\Local\Temp\tbedrs.dll a variant of Win32/Toolbar.Conduit.B potentially unwanted application

C:\Users\Graham\AppData\Local\Temp\25832002.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application

C:\Users\Graham\AppData\Local\Temp\25889598.Uninstall\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application

C:\Users\Graham\AppData\Local\Temp\is357113909\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application

C:\Users\Graham\AppData\Local\Temp\{167158CE-1637-4167-8A1C-C2549EEA966A}\Offercast2821_WCL2_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

C:\Users\Graham\Downloads\HSS-2.24-install-anchorfree-232-expatshield.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application

C:\Users\Graham\Downloads\HSS-2.90-install-hss-409-conduit.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Users\Graham\Downloads\HSS-3.42-install-hss-409-conduit.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Users\Graham\Downloads\Produtools_Manuals_2_1.exe Win32/Toolbar.Conduit potentially unwanted application

C:\Windows\Installer\b8beaab.msi a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application

gjwsfg · October 28, 2014

Step 8: FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01

Ran by Graham (administrator) on GRAHAM-HP on 28-10-2014 17:00:48

Running from C:\Users\Graham\Downloads

Loaded Profile: Graham (Available profiles: Graham & LogMeInRemoteUser)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Cisco WebEx LLC) C:\Windows\SysWOW64\atashost.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe

(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe

() C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe

() C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe

(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe

(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\agent.exe

(Flexera Software LLC.) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe

(Schneider Electric) C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe

(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE

(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe

(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Dropbox, Inc.) C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

() C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnria_nmhost.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe

(Google Inc.) C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe

(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe

(Farbar) C:\Users\Graham\Downloads\FRST64 (3).exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-11] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)

HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2011-09-16] (LogMeIn, Inc.)

HKLM\...\Run: [HP LaserJet 200 color MFP M276 Series Fax] => C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe [3706424 2011-10-09] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2011-01-27] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Display] => C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe [284024 2012-01-24] (Schneider Electric)

HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)

HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-09-25] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brScnStsMon00] => C:\Program Files (x86)\BrownyScn\Brother\BrStMonScn.exe [3048448 2013-05-07] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [1944576 2013-03-07] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)

HKLM-x32\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking13\Ereg\Ereg.exe [325960 2014-05-30] (Nuance Communications, Inc.)

HKLM-x32\...\Run: [statusAlerts] => C:\Program Files (x86)\HP\StatusAlerts\bin\HPStatusAlerts.exe [313248 2012-07-18] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Google Update] => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-19] (Google Inc.)

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Dashlane] => C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe [219832 2014-08-26] ()

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [sOFileManager] => "C:\Ebix Inc\Common Files\SOFileManager.exe"

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [smartAnalyzer for SmartOffice] => C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartAnalyzer for SmartOffice - Installer.appref-ms

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [smartOffice Desktop Integrations] => C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ebix Inc\SmartOffice Desktop Integrations 2.0 - Installer.appref-ms

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [GoogleChromeAutoLaunch_A4BAE6C0FC33D3253063724F847430B9] => C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe [854344 2014-10-22] (Google Inc.)

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [iSUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [TWC.Win7] => C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe [55120 2014-08-27] ()

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: H - H:\ToolLauncher-Bootstrap.exe

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: I - I:\ToolLauncher-Bootstrap.exe

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {0caa949a-faba-11e1-8892-101f7415c16d} - F:\ToolLauncher-Bootstrap.exe

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {158e2fa5-a619-11e2-b327-101f7415c16d} - F:\MotorolaDeviceManagerSetup.exe -a

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {383ab370-1011-11e4-8510-101f7415c16d} - F:\MotorolaDeviceManagerSetup.exe -a

HKU\S-1-5-21-356050647-1739812504-2184696174-1001\...\MountPoints2: {b340be31-de66-11e1-b9ad-cb184ff0a5a3} - F:\ToolLauncher-Bootstrap.exe

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk

ShortcutTarget: APC UPS Status.lnk -> C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe (Schneider Electric)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk

ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk

ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk

ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)

Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Desktop Integrations – Login.lnk

ShortcutTarget: SmartOffice Desktop Integrations – Login.lnk -> C:\Ebix Inc\Common Files\SmartBridgeDXO.exe (No File)

Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartOffice Sync Tray - Launcher.lnk

ShortcutTarget: SmartOffice Sync Tray - Launcher.lnk -> C:\Ebix Inc\SmartOffice Desktop Integration\SmartLinkTray.exe (No File)

ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}

SearchScopes: HKCU - {F0C07441-FD14-4F34-9C4C-A673AFE4ADE0} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

BHO: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Dragon Web Extension For Internet Explorer -> {609C0837-8DD3-4F9B-AAC5-446F36BC0353} -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\dgnriaie.dll (Nuance Communications, Inc.)

BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Graham\AppData\Roaming\Dashlane\ie\KWIEBar.dll (Dashlane)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab

DPF: HKLM-x32 {B8CFAE23-A32D-4D85-A685-4BAEB03D9128} http://illustrations.columbuslife.com/clb/reports/control/clbrptview.cab

DPF: HKLM-x32 {BDFCAF79-6A4E-46FB-8AAC-2629A03B8CBB} https://www.ez-data.com/SmartInstaller.cab

DPF: HKLM-x32 {C8BF1F77-0A43-4AEC-A0AC-BEEE472B65C6} http://www.ez-data.com/SmartAnalyser.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T27L10NSP31-13320/training/ieatgpc1.cab

Handler: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File

Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Tcpip\..\Interfaces\{CFBB5837-FE40-4CA4-A753-7AD4F3DCF920}: [NameServer] 8.8.8.8

FireFox:

========

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: nuance.com/DgnRia2_x86_64 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)

FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\11\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin-x32: nuance.com/DgnRia2 -> C:\Program Files (x86)\Nuance\NaturallySpeaking13\Program\npDgnRia2.dll (Nuance Communications, Inc.)

FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Graham\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

Chrome:

=======

CHR HomePage: Default -> hxxp://www.google.com/ig

CHR StartupUrls: Default -> "hxxp://www.google.com/"

CHR DefaultSuggestURL: Default -> http://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}

CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Entanglement Web App) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2011-12-28]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]

CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-28]

CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-27]

CHR Extension: (Dragon Web Extension) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddaloccgjfibfpkalenodgehlhkgoahe [2014-08-13]

CHR Extension: (Dashlane) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2014-07-31]

CHR Extension: (Poppit!) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2011-12-28]

CHR Extension: (Google Wallet) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]

CHR Extension: (Docs PDF/PowerPoint Viewer (by Google)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnbmlagghjjcbdhgmkedmbmedengocbn [2011-12-28]

CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2012-02-12]

CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-27]

CHR Extension: (RSS Feed Reader) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2012-10-24]

CHR HKCU\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\Graham\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []

CHR HKLM-x32\...\Chrome\Extension: [cfffenfdjeibfomfbppoljahojkbbobb] - C:\Users\Graham\AppData\Local\CRE\cfffenfdjeibfomfbppoljahojkbbobb.crx []

CHR StartMenuInternet: Google Chrome - C:\Users\Graham\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-04-02] (Advanced Micro Devices, Inc.) [File not signed]

R2 APC Data Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [21880 2012-01-24] (Schneider Electric)

R2 APC UPS Service; C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe [705912 2012-01-24] (Schneider Electric)

R2 DragonLoggerService; C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe [137280 2014-07-12] (Nuance Communications, Inc.)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)

S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-01] (WildTangent)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [220504 2013-08-22] (Garmin Ltd or its subsidiaries)

S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]

R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [164864 2012-05-02] (HP) [File not signed]

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]

R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed]

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376168 2014-10-28] (LogMeIn, Inc.)

R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226152 2014-10-28] (LogMeIn, Inc.)

R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2011-09-16] (LogMeIn, Inc.)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)

S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)

S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]

R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]

S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2012-12-23] (Intuit Inc.) [File not signed]

R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-12-23] (Intuit Inc.) [File not signed]

R3 ScannerStatusMonitorService; C:\Program Files (x86)\BrownyScn\ScannerStatusMonitorService.exe [276992 2013-05-08] (Brother Industries, Ltd.) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-23] (LogMeIn, Inc.)

S4 LMIRfsClientNP; No ImagePath

R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)

S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 16:57 - 2014-10-28 16:57 - 02113024 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (3).exe

2014-10-28 16:56 - 2014-10-28 16:56 - 02113024 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (2).exe

2014-10-28 16:53 - 2014-10-28 16:53 - 00006482 _____ () C:\Users\Graham\Desktop\eset.txt

2014-10-28 11:51 - 2014-10-28 11:51 - 02347384 _____ (ESET) C:\Users\Graham\Downloads\esetsmartinstaller_enu.exe

2014-10-28 11:51 - 2014-10-28 11:51 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-10-28 11:47 - 2014-10-28 11:47 - 00001072 _____ () C:\Users\Graham\Desktop\malware scan.txt

2014-10-28 10:14 - 2014-10-28 10:14 - 01998336 _____ () C:\Users\Graham\Downloads\AdwCleaner (1).exe

2014-10-28 10:02 - 2014-10-28 10:02 - 00000000 _____ () C:\Windows\SysWOW64\shoC99.tmp

2014-10-28 09:34 - 2014-10-28 09:34 - 00001724 _____ () C:\Users\Graham\Desktop\JRT.txt

2014-10-28 09:27 - 2014-10-28 09:27 - 00000000 ____D () C:\Windows\ERUNT

2014-10-28 09:13 - 2014-10-28 09:13 - 01706144 _____ (Thisisu) C:\Users\Graham\Downloads\JRT.exe

2014-10-27 22:22 - 2014-10-27 23:11 - 1118918486 _____ () C:\Users\Graham\Downloads\downton_abbey.5x06.720p_hdtv_x264-fov (1).mkv

2014-10-27 20:27 - 2014-10-27 20:59 - 669433169 _____ () C:\Users\Graham\Downloads\downton_abbey.5x06.720p_hdtv_x264-fov.mkv

2014-10-27 12:56 - 2014-10-27 12:56 - 00188944 _____ (Cisco WebEx LLC) C:\Users\Graham\Downloads\,assetmark,1963755534,1896325541,EC,002951617,SDJTSwAAAAFh1c3yUcT-InPiWTM51QgL8JHgK-_ZTd4BVOZXVDFWQQ2,1_webex.exe

2014-10-25 16:08 - 2014-10-25 16:08 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-10-25 16:08 - 2014-10-25 16:08 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-10-25 16:05 - 2014-10-25 16:06 - 19114072 _____ () C:\Users\Graham\Desktop\RogueKillerX64.exe

2014-10-25 15:02 - 2014-10-28 10:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-25 15:02 - 2014-10-25 15:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-25 15:02 - 2014-10-25 15:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-25 15:02 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-25 15:02 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-10-25 15:02 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-10-25 15:00 - 2014-10-25 15:01 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Graham\Downloads\mbam-setup-2.0.3.1025.exe

2014-10-25 14:46 - 2014-10-25 14:46 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Graham\Desktop\mbam-clean-2.1.1.1001.exe

2014-10-25 14:34 - 2014-10-25 14:34 - 00000000 ____D () C:\Windows\ERDNT

2014-10-25 14:33 - 2014-10-25 14:33 - 00000924 _____ () C:\Users\LogMeInRemoteUser\Desktop\NTREGOPT.lnk

2014-10-25 14:33 - 2014-10-25 14:33 - 00000924 _____ () C:\Users\Graham\Desktop\NTREGOPT.lnk

2014-10-25 14:33 - 2014-10-25 14:33 - 00000905 _____ () C:\Users\LogMeInRemoteUser\Desktop\ERUNT.lnk

2014-10-25 14:33 - 2014-10-25 14:33 - 00000905 _____ () C:\Users\Graham\Desktop\ERUNT.lnk

2014-10-25 14:33 - 2014-10-25 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-10-25 14:33 - 2014-10-25 14:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-10-25 14:32 - 2014-10-25 14:32 - 00791393 _____ (Lars Hederer ) C:\Users\Graham\Desktop\erunt-setup.exe

2014-10-25 14:28 - 2014-10-25 15:00 - 00002144 _____ () C:\Users\Graham\Desktop\Rkill.txt

2014-10-25 14:27 - 2014-10-25 14:27 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Graham\Desktop\rkill.exe

2014-10-25 13:26 - 2014-10-25 14:26 - 00000426 ____H () C:\Windows\system32\Rebecca.dat

2014-10-22 17:05 - 2014-10-22 17:05 - 00001174 _____ () C:\Users\Graham\Desktop\TeamViewer 9.lnk

2014-10-22 16:49 - 2014-10-22 16:53 - 00054436 _____ () C:\Users\Graham\Desktop\Addition.txt

2014-10-22 16:47 - 2014-10-22 16:53 - 00059485 _____ () C:\Users\Graham\Desktop\FRST.txt

2014-10-22 16:46 - 2014-10-22 16:46 - 02112000 _____ (Farbar) C:\Users\Graham\Desktop\FRST64 (2).exe

2014-10-21 17:19 - 2014-10-21 17:21 - 00054079 _____ () C:\Users\Graham\Downloads\Addition.txt

2014-10-21 17:16 - 2014-10-28 17:01 - 00031338 _____ () C:\Users\Graham\Downloads\FRST.txt

2014-10-21 17:16 - 2014-10-21 17:16 - 02110976 _____ (Farbar) C:\Users\Graham\Downloads\FRST64 (1).exe

2014-10-21 17:13 - 2014-10-28 17:00 - 00000000 ____D () C:\FRST

2014-10-21 17:13 - 2014-10-21 17:13 - 02110976 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe

2014-10-19 12:32 - 2014-10-28 10:26 - 00000000 ____D () C:\AdwCleaner

2014-10-19 12:31 - 2014-10-19 12:32 - 01976320 _____ () C:\Users\Graham\Downloads\AdwCleaner.exe

2014-10-19 12:20 - 2014-10-19 12:20 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC

2014-10-19 12:20 - 2014-10-19 12:20 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk

2014-10-19 12:20 - 2014-10-19 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2014-10-19 12:20 - 2014-10-19 12:20 - 00000000 ____D () C:\Program Files\CCleaner

2014-10-19 12:19 - 2014-10-19 12:20 - 04965896 _____ (Piriform Ltd) C:\Users\Graham\Downloads\ccsetup418.exe

2014-10-19 12:17 - 2014-10-19 12:16 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-10-19 12:16 - 2014-10-19 12:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-10-19 12:16 - 2014-10-19 12:16 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-10-19 12:16 - 2014-10-19 12:16 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-10-19 08:16 - 2014-10-27 12:47 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGraham

2014-10-19 08:16 - 2014-10-27 12:47 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForGraham.job

2014-10-17 01:34 - 2014-10-17 01:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-10-17 01:31 - 2014-10-17 01:31 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-10-17 01:31 - 2014-10-17 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\Program Files\iTunes

2014-10-17 01:30 - 2014-10-17 01:31 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-10-17 01:30 - 2014-10-17 01:30 - 00000000 ____D () C:\Program Files\iPod

2014-10-15 17:02 - 2014-06-18 18:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll

2014-10-15 17:02 - 2014-06-18 18:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll

2014-10-15 17:02 - 2014-06-18 18:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll

2014-10-15 17:01 - 2014-06-18 18:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll

2014-10-15 17:01 - 2014-06-18 18:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll

2014-10-15 17:01 - 2014-06-18 18:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll

2014-10-15 16:54 - 2014-10-09 22:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll

2014-10-15 16:54 - 2014-10-09 22:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2014-10-15 16:54 - 2014-10-09 22:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2014-10-15 16:54 - 2014-10-06 22:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-10-15 16:54 - 2014-10-06 22:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-10-15 16:54 - 2014-09-28 20:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-10-15 16:54 - 2014-09-25 18:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-10-15 16:54 - 2014-09-25 18:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-10-15 16:54 - 2014-09-25 18:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-10-15 16:54 - 2014-09-25 18:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-10-15 16:54 - 2014-09-25 18:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-10-15 16:54 - 2014-09-25 18:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-10-15 16:54 - 2014-09-25 18:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-10-15 16:54 - 2014-09-18 22:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-10-15 16:54 - 2014-09-18 21:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-10-15 16:54 - 2014-09-18 21:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-10-15 16:54 - 2014-09-18 21:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-10-15 16:54 - 2014-09-18 21:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-10-15 16:54 - 2014-09-18 21:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-10-15 16:54 - 2014-09-18 21:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-10-15 16:54 - 2014-09-18 21:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-10-15 16:54 - 2014-09-18 21:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-10-15 16:54 - 2014-09-18 21:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-10-15 16:54 - 2014-09-18 21:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-10-15 16:54 - 2014-09-18 21:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-10-15 16:54 - 2014-09-18 21:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-10-15 16:54 - 2014-09-18 21:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-10-15 16:54 - 2014-09-18 21:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-10-15 16:54 - 2014-09-18 21:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-10-15 16:54 - 2014-09-18 21:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-10-15 16:54 - 2014-09-18 21:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-10-15 16:54 - 2014-09-18 21:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-10-15 16:54 - 2014-09-18 21:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-10-15 16:54 - 2014-09-18 21:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-10-15 16:54 - 2014-09-18 21:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-10-15 16:54 - 2014-09-18 21:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-10-15 16:54 - 2014-09-18 21:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-10-15 16:54 - 2014-09-18 21:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-10-15 16:54 - 2014-09-18 21:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-10-15 16:54 - 2014-09-18 20:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-10-15 16:54 - 2014-09-18 20:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-10-15 16:54 - 2014-09-18 20:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-10-15 16:54 - 2014-09-18 20:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-10-15 16:54 - 2014-09-18 20:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-10-15 16:54 - 2014-09-18 20:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-10-15 16:54 - 2014-09-18 20:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-10-15 16:54 - 2014-09-18 20:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-10-15 16:54 - 2014-09-18 20:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-10-15 16:54 - 2014-09-18 20:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-10-15 16:54 - 2014-09-18 20:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-10-15 16:54 - 2014-09-18 20:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-15 16:54 - 2014-09-18 20:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-10-15 16:54 - 2014-09-18 20:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-10-15 16:54 - 2014-09-18 20:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-10-15 16:54 - 2014-09-18 20:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-10-15 16:54 - 2014-09-18 20:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-10-15 16:54 - 2014-09-18 19:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-10-15 16:54 - 2014-09-18 19:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-10-15 16:54 - 2014-09-18 19:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-10-15 16:54 - 2014-09-18 19:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-10-15 16:54 - 2014-09-04 01:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll

2014-10-15 16:54 - 2014-09-04 01:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll

2014-10-15 16:53 - 2014-09-17 22:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-10-15 16:53 - 2014-09-17 21:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-10-15 16:52 - 2014-07-16 22:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll

2014-10-15 16:52 - 2014-07-16 22:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe

2014-10-15 16:52 - 2014-07-16 22:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll

2014-10-15 16:52 - 2014-07-16 22:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe

2014-10-15 16:52 - 2014-07-16 22:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll

2014-10-15 16:52 - 2014-07-16 22:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll

2014-10-15 16:52 - 2014-07-16 22:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2014-10-15 16:52 - 2014-07-16 22:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2014-10-15 16:52 - 2014-07-16 21:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll

2014-10-15 16:52 - 2014-07-16 21:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2014-10-15 16:52 - 2014-07-16 21:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe

2014-10-15 16:52 - 2014-07-16 21:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2014-10-15 16:52 - 2014-07-16 21:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll

2014-10-15 16:52 - 2014-07-16 21:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

2014-10-15 16:52 - 2014-07-16 21:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys

2014-10-15 16:52 - 2014-07-16 21:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys

2014-10-14 17:17 - 2014-09-12 21:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-10-14 17:17 - 2014-09-12 21:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-10-11 10:39 - 2014-10-12 10:20 - 00000000 ____D () C:\Users\Graham\Desktop\Robin Pics

2014-10-10 06:03 - 2014-10-10 19:27 - 00009344 _____ () C:\Users\Graham\Documents\lowes.xlsx

2014-10-08 10:11 - 2014-10-08 10:11 - 01635288 _____ () C:\Windows\Minidump\100814-44772-01.dmp

2014-10-07 16:09 - 2014-10-07 16:09 - 00003750 _____ () C:\Users\Graham\Downloads\c145356.ics

2014-09-30 18:13 - 2014-09-24 22:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll

2014-09-30 18:13 - 2014-09-24 21:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2014-09-29 14:43 - 2014-09-29 15:30 - 1053921938 _____ () C:\Users\Graham\Downloads\downton_abbey.5x02.720p_hdtv_x264-fov.mkv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 16:54 - 2014-06-23 16:00 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001.job

2014-10-28 16:52 - 2011-09-21 03:42 - 01557136 _____ () C:\Windows\WindowsUpdate.log

2014-10-28 16:38 - 2011-12-27 18:20 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA.job

2014-10-28 16:37 - 2012-04-06 09:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-28 10:39 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-28 10:39 - 2009-07-14 00:45 - 00032064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-28 10:33 - 2014-01-21 13:24 - 00001004 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk

2014-10-28 10:33 - 2014-01-21 13:24 - 00000988 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk

2014-10-28 10:33 - 2012-02-12 11:32 - 00000000 ___RD () C:\Users\Graham\Dropbox

2014-10-28 10:33 - 2012-02-12 11:30 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Dropbox

2014-10-28 10:32 - 2011-12-28 12:05 - 00000000 ____D () C:\Program Files (x86)\LogMeIn

2014-10-28 10:29 - 2011-12-28 12:06 - 00107392 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIRfsClientNP.dll

2014-10-28 10:29 - 2011-12-28 12:06 - 00092520 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIinit.dll

2014-10-28 10:29 - 2011-12-28 12:06 - 00035688 _____ (LogMeIn, Inc.) C:\Windows\system32\LMIport.dll

2014-10-28 10:28 - 2013-06-20 16:15 - 00000000 ____D () C:\Temp

2014-10-28 10:28 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-28 10:27 - 2010-11-20 23:47 - 00842958 _____ () C:\Windows\PFRO.log

2014-10-28 10:27 - 2009-07-14 00:51 - 00130337 _____ () C:\Windows\setupact.log

2014-10-28 10:13 - 2013-01-02 11:53 - 00000000 ____D () C:\Users\Graham\Desktop\Ethiopia

2014-10-28 10:12 - 2012-01-13 20:42 - 00000000 ____D () C:\Users\Graham\AppData\Local\CrashDumps

2014-10-28 10:10 - 2011-12-27 21:19 - 00000000 ____D () C:\Users\Graham

2014-10-28 10:08 - 2011-12-27 18:20 - 00000000 ____D () C:\Users\Graham\AppData\Local\Deployment

2014-10-28 10:04 - 2011-12-28 12:06 - 00000000 ____D () C:\ProgramData\LogMeIn

2014-10-28 07:22 - 2012-06-03 11:32 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\vlc

2014-10-28 01:28 - 2011-12-27 18:20 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core.job

2014-10-28 01:22 - 2011-12-27 17:33 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{64F8A22D-E6A4-48CF-A58D-1626E28A6D62}

2014-10-27 14:33 - 2011-12-27 18:21 - 00002370 _____ () C:\Users\Graham\Desktop\Google Chrome.lnk

2014-10-27 14:00 - 2012-01-11 15:00 - 00000000 __SHD () C:\Users\Graham\Documents\cache

2014-10-27 12:56 - 2012-01-11 14:59 - 00000000 ____D () C:\ProgramData\WebEx

2014-10-25 12:06 - 2009-07-14 01:13 - 00783424 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-10-25 09:50 - 2011-12-30 17:50 - 77537280 ____R () C:\Users\Graham\Sfg02.QBW

2014-10-25 09:50 - 2011-12-30 17:50 - 00327680 ____R () C:\Users\Graham\Sfg02.QBW.TLG

2014-10-25 09:50 - 2011-12-30 17:50 - 00000327 _____ () C:\Users\Graham\Sfg02.QBW.ND

2014-10-23 19:08 - 2012-01-19 21:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-10-23 19:08 - 2011-12-30 17:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-10-19 22:11 - 2014-06-23 16:00 - 00003598 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001

2014-10-19 12:17 - 2013-09-22 12:05 - 00000000 ____D () C:\ProgramData\Oracle

2014-10-19 12:16 - 2011-05-08 15:36 - 00000000 ____D () C:\Program Files (x86)\Java

2014-10-19 03:53 - 2011-12-31 22:21 - 00000000 ____D () C:\Windows\System32\Tasks\Games

2014-10-19 01:23 - 2011-12-27 18:20 - 00003884 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA

2014-10-19 01:23 - 2011-12-27 18:20 - 00003488 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core

2014-10-16 05:53 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache

2014-10-16 03:40 - 2009-07-14 00:45 - 00310240 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-16 03:36 - 2014-04-30 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel

2014-10-16 03:13 - 2012-01-03 12:47 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-16 03:09 - 2013-08-03 03:00 - 00000000 ____D () C:\Windows\system32\MRT

2014-10-16 03:01 - 2012-01-02 10:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-10-15 17:02 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-10-14 17:13 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-10-11 10:31 - 2014-03-01 18:54 - 00000000 ____D () C:\Users\Graham\Desktop\DCIM

2014-10-10 19:27 - 2013-05-29 06:08 - 00177138 _____ () C:\Users\Graham\Documents\Freedom2.xlsx

2014-10-10 19:27 - 2012-03-19 20:19 - 00054784 _____ () C:\Users\Graham\Documents\perpin1.xls

2014-10-09 01:42 - 2012-11-14 19:00 - 00000344 _____ () C:\Windows\Tasks\HPCeeScheduleForGRAHAM-HP$.job

2014-10-09 01:42 - 2012-06-24 09:01 - 00003220 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGRAHAM-HP$

2014-10-08 11:01 - 2011-12-30 17:50 - 00000000 ____D () C:\Users\Graham\QuickBooksAutoDataRecovery

2014-10-08 10:58 - 2013-04-30 19:03 - 00000103 _____ () C:\Users\Graham\mkx12585.ini

2014-10-08 10:58 - 2011-12-31 13:17 - 00048692 _____ () C:\Users\Graham\~qbofx32

2014-10-08 10:11 - 2012-01-29 00:05 - 515732076 _____ () C:\Windows\MEMORY.DMP

2014-10-08 10:11 - 2012-01-29 00:05 - 00000000 ____D () C:\Windows\Minidump

Files to move or delete:

====================

C:\Users\Graham\en_res.dll

C:\Users\Graham\es_res.dll

C:\Users\Graham\fr_res.dll

C:\Users\Graham\grm_res.dll

C:\Users\Graham\it_res.dll

C:\Users\Graham\jp_res.dll

C:\Users\Graham\mfc80u.dll

C:\Users\Graham\msvcr80.dll

C:\Users\Graham\PCPE Setup.exe

C:\Users\Graham\pt_res.dll

C:\Users\Graham\ResourceReader.dll

C:\Users\Graham\ru_res.dll

C:\Users\Graham\zh_res.dll

Some content of TEMP:

====================

C:\Users\Graham\AppData\Local\Temp\Abspdf.exe

C:\Users\Graham\AppData\Local\Temp\acfpdfu.dll

C:\Users\Graham\AppData\Local\Temp\acfpdfuamd64.dll

C:\Users\Graham\AppData\Local\Temp\acfpdfui.dll

C:\Users\Graham\AppData\Local\Temp\acfpdfuia64.dll

C:\Users\Graham\AppData\Local\Temp\acfpdfuiamd64.dll

C:\Users\Graham\AppData\Local\Temp\acfpdfuiia64.dll

C:\Users\Graham\AppData\Local\Temp\ApnStub.exe

C:\Users\Graham\AppData\Local\Temp\cdintf.dll

C:\Users\Graham\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Graham\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplnwoat.dll

C:\Users\Graham\AppData\Local\Temp\Extract.exe

C:\Users\Graham\AppData\Local\Temp\EyeFiUpdates.exe

C:\Users\Graham\AppData\Local\Temp\G2MInstallerExtractor.exe

C:\Users\Graham\AppData\Local\Temp\HPHelpUpdater.exe

C:\Users\Graham\AppData\Local\Temp\ICReinstall_Free_Download_Setup.exe

C:\Users\Graham\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe

C:\Users\Graham\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Graham\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\Graham\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe

C:\Users\Graham\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe

C:\Users\Graham\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe

C:\Users\Graham\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe

C:\Users\Graham\AppData\Local\Temp\MotoCast_Installer_2.0309.exe

C:\Users\Graham\AppData\Local\Temp\MotorolaDeviceManager_2.0403.exe

C:\Users\Graham\AppData\Local\Temp\MotorolaDeviceManager_2.0405.exe

C:\Users\Graham\AppData\Local\Temp\MSIZAP.EXE

C:\Users\Graham\AppData\Local\Temp\nsp72FF.tmp.tbWise.dll

C:\Users\Graham\AppData\Local\Temp\ochelper.exe

C:\Users\Graham\AppData\Local\Temp\oi_{89ACED93-0376-4753-83C1-B9A90F6FAF02}.exe

C:\Users\Graham\AppData\Local\Temp\PDFPRT400.exe

C:\Users\Graham\AppData\Local\Temp\Quarantine.exe

C:\Users\Graham\AppData\Local\Temp\Resource.exe

C:\Users\Graham\AppData\Local\Temp\SP53394.exe

C:\Users\Graham\AppData\Local\Temp\SP53462.exe

C:\Users\Graham\AppData\Local\Temp\SP54127.exe

C:\Users\Graham\AppData\Local\Temp\sp54373.exe

C:\Users\Graham\AppData\Local\Temp\sp54620.exe

C:\Users\Graham\AppData\Local\Temp\SP54714.exe

C:\Users\Graham\AppData\Local\Temp\SP55151.exe

C:\Users\Graham\AppData\Local\Temp\sp58915.exe

C:\Users\Graham\AppData\Local\Temp\sp64126.exe

C:\Users\Graham\AppData\Local\Temp\sqlite3.dll

C:\Users\Graham\AppData\Local\Temp\tbedrs.dll

C:\Users\Graham\AppData\Local\Temp\tmp2CBA.exe

C:\Users\Graham\AppData\Local\Temp\tmp2E.exe

C:\Users\Graham\AppData\Local\Temp\tmp3ED7.exe

C:\Users\Graham\AppData\Local\Temp\tmp3FA9.exe

C:\Users\Graham\AppData\Local\Temp\tmp76EE.exe

C:\Users\Graham\AppData\Local\Temp\tmp7A6C.exe

C:\Users\Graham\AppData\Local\Temp\tmp84A9.exe

C:\Users\Graham\AppData\Local\Temp\tmp8A34.exe

C:\Users\Graham\AppData\Local\Temp\tmp8DBF.exe

C:\Users\Graham\AppData\Local\Temp\tmp905C.exe

C:\Users\Graham\AppData\Local\Temp\tmpA5BB.exe

C:\Users\Graham\AppData\Local\Temp\tmpE0EB.exe

C:\Users\Graham\AppData\Local\Temp\tmpF5A5.exe

C:\Users\Graham\AppData\Local\Temp\UninstallHPSA.exe

C:\Users\Graham\AppData\Local\Temp\UninstallHPTCA.exe

C:\Users\Graham\AppData\Local\Temp\vcredist_x86.exe

C:\Users\Graham\AppData\Local\Temp\xmllite.dll

C:\Users\Graham\AppData\Local\Temp\_is3E69.exe

C:\Users\Graham\AppData\Local\Temp\_is8D60.exe

C:\Users\Graham\AppData\Local\Temp\_isA794.exe

C:\Users\Graham\AppData\Local\Temp\_isBF99.exe

C:\Users\Graham\AppData\Local\Temp\_isE80.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-16 05:45

==================== End Of Log ============================

gjwsfg · October 28, 2014

Step 8: Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01

Ran by Graham at 2014-10-28 17:01:46

Running from C:\Users\Graham\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}

AS: Microsoft Security Essentials (Disabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)

Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden

AMD APP SDK Runtime (Version: 2.4.595.9 - Advanced Micro Devices Inc.) Hidden

AMD System Monitor (HKLM-x32\...\{C1C82DC9-1547-4038-8F0A-C069F0B7F2ED}) (Version: 1.0.5 - Advanced Micro Devices, Inc.)

AMD VISION Engine Control Center (x32 Version: 2011.0401.2259.39449 - ATI) Hidden

AnswerWorks 5.0 English Runtime (HKLM-x32\...\{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}) (Version: 5.0.7 - Vantage Software Technologies)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{942836D4-5395-652B-F1E8-A7C5B039910C}) (Version: 3.0.820.0 - ATI Technologies, Inc.)

Audacity 1.3.14 (Unicode) (HKLM-x32\...\Audacity 1.3 Beta (Unicode)_is1) (Version: - Audacity Team)

Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)

BBC iPlayer Desktop (HKLM-x32\...\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1) (Version: 3.2.15 - British Broadcasting Corp.)

BBC iPlayer Desktop (x32 Version: 3.2.15 - British Broadcasting Corp.) Hidden

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden

Brother MFL-Pro Suite ADS-1500W (HKLM-x32\...\{BB45C673-7F52-4F7F-96BA-DE1995EEB471}) (Version: 1.0.4.0 - Brother Industries, Ltd.)

Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151 (Jun-27-2014) - Carbonite)

CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cisco WebEx Meetings (HKLM-x32\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.3922 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Dashlane (HKCU\...\Dashlane) (Version: 3.0.6.69630 - Dashlane SAS)

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dragon NaturallySpeaking 13 (HKLM-x32\...\{33EA20FB-5389-4938-BA59-2BCD9BB68F41}) (Version: 13.00.000 - Nuance Communications Inc.)

Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

Duplicate File Finder (HKLM-x32\...\{0670E1C9-84EF-4C85-B030-CF0A5A76B212}_is1) (Version: 5.4 - Ashisoft)

Elevated Installer (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden

Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)

ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)

Evernote v. 4.2.2 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.2.3979 - Evernote Corp.)

Eye-Fi Center 3.4 (HKLM-x32\...\{7764F7B0-7225-4145-82B6-2AB4540D33A6}) (Version: 3.4.26 - Eye-Fi, Inc)

Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)

Garmin BaseCamp (HKLM-x32\...\{B27D272F-2860-4363-9803-956C0A9FAFB9}) (Version: 4.1.2 - Garmin Ltd or its subsidiaries)

Garmin City Navigator Europe NT 2013.10 Update (HKLM-x32\...\{EC28FA6E-E38D-4F72-80EF-1FBE66B05668}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)

Garmin City Navigator North America NT 2013.10 Update (HKLM-x32\...\{DE2E1909-12C2-4249-8003-7978BEA3A14F}) (Version: 16.10.0.0 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries)

Garmin Communicator Plugin x64 (HKLM\...\{EB418DDD-5365-4381-87F6-D8BBB21CC1CA}) (Version: 4.0.1 - Garmin Ltd or its subsidiaries)

Garmin Express (HKLM-x32\...\{31a12940-e5c8-4d27-a6ac-005212152f1f}) (Version: 2.2.21 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden

Garmin MapInstall (HKLM-x32\...\{5ED7CD44-1A33-4B36-BA09-0B55FE82AF95}) (Version: 4.0.3 - Garmin Ltd or its subsidiaries)

Garmin Update Service (x32 Version: 2.2.21 - Garmin Ltd or its subsidiaries) Hidden

Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)

Garmin WebUpdater (HKLM-x32\...\{F4DA4C73-026F-4D38-8C6B-85F0193E4B56}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)

Get the Picture! (HKLM-x32\...\com.image.getthepicture) (Version: 2.3.4 - Image Holdings)

Get the Picture! (x32 Version: 2.3.4 - Image Holdings) Hidden

Google Chrome (HKCU\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)

GoToMeeting 6.4.4.1831 (HKCU\...\GoToMeeting) (Version: 6.4.4.1831 - CitrixOnline)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Documentation (HKLM-x32\...\{C1C43BC8-2460-4E01-9628-332E04523BDC}) (Version: 1.2.0.0 - Hewlett-Packard)

HP DVB-T TV Tuner 8.0.64.43 (HKLM-x32\...\HP DVB-T TV Tuner) (Version: 8.0.64.43 - )

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.4 - WildTangent)

HP LaserJet 200 color MFP M276 (HKLM-x32\...\{CC38C23C-7824-4DBB-AC73-997CD0BBFEC7}) (Version: 5.0.14057.1503 - Hewlett-Packard)

HP LaserJet 200 color MFP M276 Fax (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden

HP LaserJet 200 color MFP M276 HP Device Toolbox (x32 Version: 29.0.84.0 - Hewlett-Packard Co.) Hidden

HP LJ200 M276 HP Scan (x32 Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)

HP MovieStore (x32 Version: 1.0.047 - Hewlett-Packard) Hidden

HP On Screen Display (HKLM-x32\...\{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}) (Version: 1.1.2 - Hewlett-Packard Company)

HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)

HP Product FWUpdater (x32 Version: 4.0.0.7242 - Hewlett-Packard Company) Hidden

HP Quick Launch (HKLM-x32\...\{EB58480C-0721-483C-B354-9D35A147999F}) (Version: 2.3.6 - Hewlett-Packard Company)

HP Setup (HKLM-x32\...\{210A03F5-B2ED-4947-B27E-516F50CBB292}) (Version: 8.6.4530.3651 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13253.3682 - Hewlett-Packard Company)

HP Software Framework (HKLM-x32\...\{28FE073B-1230-4BF6-830C-7434FD0C0069}) (Version: 4.1.13.1 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Unified IO (Version: 2.0.0.404 - HP) Hidden

HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden

hpbM276DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden

HPDXP (x32 Version: 3.0.26.8 - HP) Hidden

HPLaserJet200color-MFPM276_HelpLearnCenter_SI (HKLM-x32\...\{0F044C7A-6EE1-4F03-90AC-329AAF2FCF12}) (Version: 1.01.0000 - Hewlett-Packard)

HPLJDXPHelper (x32 Version: 020.021.004 - HP) Hidden

HPLJUTCore (x32 Version: 004.005.0001 - HP) Hidden

HPLJUTM276 (x32 Version: 3.00.0003 - HP) Hidden

hppFaxDrvM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden

hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden

hppM276LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden

hppSendFaxM276 (x32 Version: 003.000.00002 - Hewlett-Packard) Hidden

hpStatusAlerts (x32 Version: 050.037.00142 - Hewlett Packard) Hidden

hpStatusAlertsM276 (x32 Version: 050.034.00131 - Hewlett-Packard) Hidden

iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)

IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6329.0 - IDT)

iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)

Java Auto Updater (x32 Version: 2.1.71.14 - Oracle, Inc.) Hidden

Java 6 Update 37 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216037FF}) (Version: 6.0.370 - Oracle)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LJDXPHelperUI (x32 Version: 020.021.004 - HP) Hidden

LogMeIn (HKLM-x32\...\{976475B8-63E9-4559-BE2C-D26086BE4C40}) (Version: 4.1.2126 - LogMeIn, Inc.)

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Mahjong Garden Deluxe (x32 Version: 2.2.0.98 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)

Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden

Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Mystery P.I. - Stolen in San Francisco (x32 Version: 2.2.0.95 - WildTangent) Hidden

Namco All-Stars PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden

PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Pivothead Eyewear Recorder version 0.8.7.2 (HKLM-x32\...\7E809322-61A9-4CFE-BBB0-057A760325BD_is1) (Version: 0.8.7.2 - Pivothead)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden

PowerChute Personal Edition 3.0.2 (HKLM-x32\...\{8ED262EE-FC73-47A9-BB86-D92223246881}) (Version: 3.0.2 - Schneider Electric)

QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden

QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4005.2305 - Intuit Inc.)

Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.9.16 - Intuit)

Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.12.7 - Intuit)

Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.02.0 - Ralink)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.41.216.2011 - Realtek)

Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.80 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden

RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.103 - RoxioNow)

Slingo Supreme (x32 Version: 2.2.0.95 - WildTangent) Hidden

SmartAnalyzer for SmartOffice - Installer (HKCU\...\54cf1f7f18457d33) (Version: 1.0.0.46 - Ebix Inc)

SmartAnalyzer for SmartOffice (HKLM-x32\...\{AF65A957-ABE0-4C26-AEB3-58BDB64AD733}) (Version: 1.0.46 - Ebix Inc)

SmartOffice Desktop Integration - Installer (HKCU\...\43cbdbbaf98478b8) (Version: 1.0.0.90 - Ebix Inc)

SmartOffice Desktop Integrations 2.0 - Installer (HKCU\...\d8e2e892d55ef4cd) (Version: 3.0.0.13 - Ebix Inc)

SmartOffice Desktop Integrations 2.0 (HKLM-x32\...\{79B6DA64-8AFB-44B4-8C4F-03BC6DA15829}) (Version: 3.0.13 - Ebix Inc)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)

TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29947 - TeamViewer)

The Weather Channel App (HKLM-x32\...\{167158CE-1637-4167-8A1C-C2549EEA966A}) (Version: 1.00.0000 - The Weather Channel)

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden

Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)

Visual Studio Tools for the Office system 3.0 Runtime (x32 Version: 9.0.30729 - Microsoft Corporation) Hidden

Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)

VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)

Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App for HP (x32 Version: 4.0.11.9 - WildTangent) Hidden

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-356050647-1739812504-2184696174-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

19-10-2014 13:46:59 Scheduled Checkpoint

19-10-2014 16:13:38 Installed Java 7 Update 71

19-10-2014 16:14:02 Windows Update

22-10-2014 16:50:41 Windows Update

25-10-2014 15:58:04 Windows Backup

25-10-2014 20:28:42 Windows Update

28-10-2014 20:49:19 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01CC98A0-A9F9-475F-9F69-DF9F566BFAB2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CNF8G5QBQN => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {06CB909D-7BA1-499C-B6B4-4D06CFD7D2A9} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {099A54C1-86A0-47B3-A55C-64193493F34A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {0A03B829-C94A-41AB-A631-093670D2F5DA} - System32\Tasks\HPCeeScheduleForGraham => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {17BFA054-7549-48CC-853D-4609BED90055} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)

Task: {1F06A448-C8BC-4DEE-B120-A4C9311DAA1A} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {3246F233-1FEE-4E7C-AD05-435D76A3DE02} - System32\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001 => C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-19] (Citrix Online, a division of Citrix Systems, Inc.)

Task: {3CA6CF2F-0E5E-48FD-8A7B-E5AFC4B50EBF} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

Task: {3E1FE93D-5E90-474F-9757-674337FEECD3} - System32\Tasks\{16368D8E-4947-43F6-BE13-20043D1E85AF} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()

Task: {45079B39-7275-415A-8E07-8C7E7BEDDDD9} - System32\Tasks\HPLJCustParticipation => C:\Program Files (x86)\HP\HPLJUT\HPLJUTSCH.exe [2012-06-14] (Hewlett Packard)

Task: {5050D9DB-FF20-44CF-BE19-08442A0E3980} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {6304540D-490E-41CB-95AF-803BB1B04833} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {6706B596-715B-434A-9733-A0EC98B18622} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-03-22] (CyberLink)

Task: {72671FF3-AAAC-4FAF-84A1-B85C39AA3097} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)

Task: {99290D8A-CC5C-4D8C-A7AC-078B62A9EF0B} - System32\Tasks\HPCeeScheduleForGRAHAM-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {B2080E7F-2B57-4CBB-92BE-5677D1569174} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)

Task: {B8D67547-011F-4D73-BEA2-9DD49E0ABA0E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {C791B834-5D2B-4ACB-81E2-44B0B8936EE0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {C9DA3A46-3540-4A6B-89DB-93C6C336DEA6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-10-21] (Microsoft)

Task: {CAE212A3-EBAF-48B0-A8C8-6F8007C43260} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {D6F44D96-499A-44D7-99E3-17FF8604FB2B} - System32\Tasks\{4EFFA3A2-06F4-4702-AEC2-68D8161C5E3F} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()

Task: {DAFAAA64-4E44-44EB-B418-F033F559D7C6} - System32\Tasks\{66388A37-E5B7-4495-9CFD-6ED8734121C4} => C:\Program Files (x86)\Quicken\qw.exe [2014-03-04] ()

Task: {DCE50077-7C8C-45DE-9777-99B0247E9499} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-356050647-1739812504-2184696174-1001.job => C:\Users\Graham\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001Core.job => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-356050647-1739812504-2184696174-1001UA.job => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\HPCeeScheduleForGRAHAM-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

Task: C:\Windows\Tasks\HPCeeScheduleForGraham.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2011-04-02 02:06 - 2011-04-02 02:06 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-06-13 11:09 - 2005-04-22 00:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll

2014-01-07 10:09 - 2014-08-26 12:16 - 00219832 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\Dashlane.exe

2014-08-27 08:07 - 2014-08-27 08:07 - 00055120 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exe

2014-08-27 08:07 - 2014-08-27 08:07 - 01164632 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.UI.dll

2014-08-27 08:07 - 2014-08-27 08:07 - 00259936 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Services.dll

2014-08-27 08:07 - 2014-08-27 08:07 - 00115552 _____ () C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.Models.dll

2014-02-18 16:52 - 2014-08-26 12:16 - 00225464 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\DashlanePlugin.exe

2011-04-08 10:57 - 2011-04-08 10:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-12 20:58 - 2014-02-12 20:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 00277688 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.0.6.69630.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 00408760 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.0.6.69630.dll

2014-08-26 12:15 - 2014-08-26 12:15 - 00427192 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.0.6.69630.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 30333112 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.0.6.69630.dll

2014-08-26 12:15 - 2014-08-26 12:15 - 00266936 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.0.6.69630.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 05765304 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.0.6.69630.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 06068920 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.0.6.69630.dll

2014-10-27 14:33 - 2014-10-22 00:04 - 01042760 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\libglesv2.dll

2014-10-27 14:33 - 2014-10-22 00:04 - 00211272 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\libegl.dll

2014-10-27 14:33 - 2014-10-22 00:04 - 08910664 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\pdf.dll

2014-10-27 14:33 - 2014-10-22 00:04 - 01681224 _____ () C:\Users\Graham\AppData\Local\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_regex-vc90-mt-p-1_33.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00021832 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBCompressor.dll

2012-12-23 00:53 - 2012-12-23 00:53 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\zlib1.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00141640 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBMAPILibrary.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\boost_serialization-vc90-mt-p-1_33.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00415560 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FtuEngine.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00529224 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\BackupLib.dll

2014-01-16 11:04 - 2014-01-16 11:04 - 00128840 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\QBProActiveCore.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00570696 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\FeaturesBridge.dll

2014-01-16 14:04 - 2014-01-16 14:04 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2013\mbpopup.dll

2014-06-12 17:41 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2014-10-28 10:32 - 2014-10-28 10:32 - 00043008 _____ () c:\users\graham\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplnwoat.dll

2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\Graham\AppData\Roaming\Dropbox\bin\libcef.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 12242616 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.0.6.69630.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 02050744 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.0.6.69630.dll

2014-08-26 12:14 - 2014-08-26 12:14 - 00185016 _____ () C:\Users\Graham\AppData\Roaming\Dashlane\3.0.6.69630\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.0.6.69630.dll

2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0FF263E8

AlternateDataStreams: C:\Users\Graham\Downloads\forwardedMessage.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\atashost => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

MSCONFIG\startupreg: Eye-Fi => "C:\Program Files (x86)\Eye-Fi\Helper\EyeFiHelper.exe"

MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

MSCONFIG\startupreg: MobileDocuments => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

========================= Accounts: ==========================

Administrator (S-1-5-21-356050647-1739812504-2184696174-500 - Administrator - Disabled)

Graham (S-1-5-21-356050647-1739812504-2184696174-1001 - Administrator - Enabled) => C:\Users\Graham

Guest (S-1-5-21-356050647-1739812504-2184696174-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-356050647-1739812504-2184696174-1004 - Limited - Enabled)

LogMeInRemoteUser (S-1-5-21-356050647-1739812504-2184696174-1002 - Administrator - Enabled) => C:\Users\LogMeInRemoteUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/28/2014 04:40:08 PM) (Source: Application) (EventID: 0) (User: )

Description: Value cannot be null.

Parameter name: key

Error: (10/28/2014 04:40:00 PM) (Source: Application) (EventID: 0) (User: )

Description: Value cannot be null.

Parameter name: key

Error: (10/28/2014 04:40:00 PM) (Source: Application) (EventID: 0) (User: )

Description: Value cannot be null.

Parameter name: key

Error: (10/28/2014 04:36:54 PM) (Source: Application) (EventID: 0) (User: )

Description: Value cannot be null.

Parameter name: key

Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 17878

Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 17878

Error: (10/28/2014 04:06:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 16864

Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 16864

Error: (10/28/2014 04:06:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

System errors:

=============

Error: (10/28/2014 11:47:37 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.

The computer with the IP address 192.168.1.108 did not allow the name to be claimed by

this computer.

Error: (10/28/2014 11:47:34 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.

The computer with the IP address 192.168.1.108 did not allow the name to be claimed by

this computer.

Error: (10/28/2014 10:29:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (10/28/2014 10:29:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (10/28/2014 10:28:30 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "GRAHAM-HP :20" could not be registered on the interface with IP address 192.168.1.149.

The computer with the IP address 192.168.1.108 did not allow the name to be claimed by

this computer.

Error: (10/28/2014 10:28:30 AM) (Source: Server) (EventID: 2505) (User: )

Description: The server could not bind to the transport \Device\NetBT_Tcpip_{BA102103-93D2-4F11-91FB-B6C1E8023F30} because another computer on the network has the same name. The server could not start.

Error: (10/28/2014 10:28:05 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "GRAHAM-HP :0" could not be registered on the interface with IP address 192.168.1.149.

The computer with the IP address 192.168.1.108 did not allow the name to be claimed by

this computer.

Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:

%%1069

Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7038) (User: )

Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:

%%50

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/28/2014 10:27:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Windows Search service failed to start due to the following error:

%%1069

Microsoft Office Sessions:

=========================

Error: (06/07/2012 09:23:55 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/29/2012 05:23:58 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/18/2012 06:42:50 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.

Error: (05/12/2012 10:23:13 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/26/2012 07:34:14 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/09/2012 05:19:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (02/07/2012 07:23:00 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 6 seconds with 0 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:

===================================

Date: 2013-06-05 22:20:23.644