Quantcast
Channel: Tech Support Guy - Virus & Other Malware Removal
Viewing all 4746 articles
Browse latest View live

full screen takeover

0
0
Hello awolnation,

What you're referring to is a type of malware called ransomware.

Please answer the following questions so I have a better idea of the situation.
  • What is the Operating System and bit-type (32 or 64-bit) of the infected PC?
  • Do you have regular access to a clean PC?
  • Do you have access to a clean USB drive that you can format?
  • Do you have access to your Windows Installation disc?
  • Does your computer have a CD/DVD drive?
  • Do you have access to a blank CD/DVD?
  • After turning your computer on, when does the ransomware screen appear?

Joywallet

0
0
I have been infected by joywallet and i got it to go away but what should i do to make sure I'm clean?

Unexpected Shutdowns - Malware?

0
0
Re-opening thread to add the following by the O/P and to allow the O/P to add more information.

Quote:

Originally Posted by ARChile
This is the reason that the user gave:
My apologies for not keeping this thread alive. After the failed Win7+Asus driver re-install in Chile, I have arrived in the USA and have the computer in the Asus repair facility. I wanted to report to Mark that they believe it's a disk drive & refer Asus' tech. support to this thread, which shows a tremendous amount of previous errorless disk testing. As the Asus folks in Chile felt the disk had proven ok and believed the problem to be the motherboard, I very much hope to solve the shutdown problem before returning to Chile. Thank you.

I have RAT file in my pc

0
0
Hello guys i really need serious help. i have just found out that my pc is infacted with njrat hacking and i have a rat file in my pc that i cannot delete or i cannot stop the rat file from task process manager please please help me out,,
i have a amd machine running norton anti virus and malewarebyte none of this can detect the file,,,,
please help

Virus? UpdateFlashPlayer

0
0
Hello jbrzozow,

Unfortunately, your computer is infected with a Backdoor Trojan. I must therefore issue the following warning. Please let me know your thoughts on the warning below, and how you wish to proceed.

Quote:

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal critical system, financial and personal information.

Please disconnect your computer from the internet immediately. If your computer was used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for banking, email, eBay, paypal, online forums, etc). Consider these accounts already compromised.

If you have used a router, you will need to reset it with a strong logon/password to ensure the malware cannot gain control before connecting again. Banking and credit card institutions should be notified of the possible security breach immediately. Please read the following for further information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Whilst the identified infection(s) can be removed, there is no way to guarantee that your computer will be trustworthy again. This is due to the nature of the infection, which allows the attacker complete control over the computer. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat the hard drive and reinstall the Operating System. Please read the following information:Please let me know how you wish to proceed, and if you have any questions.

Downloaded an app from Cnet, got a toolbar instead

0
0
UPDATE:

I found and removed two apps that were installed without my knowledge:

AVG PC Tuneup 2014
AVG Security Toolbar

They seemed to have been removed completely.

Possible virus/malware... computer acting strangely!

0
0
First off:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz, Intel64 Family 6 Model 58 Stepping 9
Processor Count: 4
RAM: 6026 Mb
Graphics Card: NVIDIA GeForce GT 650M, 1024 Mb
Hard Drives: C: Total - 462956 MB, Free - 144004 MB;
Motherboard: Alienware, M14xR2
Antivirus: Microsoft Security Essentials, Updated and Enabled

Back to the problem. My computer has been acting strangely. It all started when I randomly started getting disconnected from the internet. The problem progressed until it stated my drivers were corrupt. Thinking this could be easily fixed, I uninstalled the drivers and tried to do a fresh install. This didn't work. The official drivers from my card, whenever they tried to be installed, gave a "drivers could not be installed properly" and my computer refused to recognize my networking card. So I went and downloaded an older version directly from the dell website. These worked for some reason. Everything seemed fine. After everything was acting strange, I decided to do a virus scan with Malwarebytes. It took me 5 times to actually get the scan to work. It kept freezing my entire screen over and over. I had to hold down the power button each time in order to shut down my computer. I tried scanning in safe mode twice, both times that froze as well. Everything ran extremely slow. Finally after much persistence, I seemed to have fixed everything... by doing nothing. It just seemed to have fixed itself. Until two days after (today) when the drivers went corrupt again, just out of the blue. I was on Skype and it just stopped recognizing the network card as though the drivers had failed. I uninstalled/reinstalled the drivers again, everything is fine. I run a virus scan on a freshly installed Malwarebytes, it turns up nothing. My computer is absolutely clean to MB. Try MSE, also says everything is fine. I run CHKDSK before start up, it repairs some files. Everything seems to be alright, but I'm still suspicious. This is a brand new network card, less than a few months old. I installed it myself and I know I installed it properly. Chrome was constantly freezing and locking up my computer whenever I went to websites with anything Flash related. After reinstalling Chrome, it seems to be fine but I want to be sure everything is alright. I feel like I'm missing something. Thanks ahead of time for any help.

Virus and malware infestation

0
0
Computer running slow, redirects, pop-ups. Ran Malwarebytes and it helped, but still not right.

Any help is appreciated.

Hijack this Log below.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:25:49 PM, on 8/22/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 5.4\Support\DynamicLinkSupport\dynamiclink\CS6\dynamiclinkmanager.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx...5v155k49l1523o
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:14310;https=127.0.0.1:14310
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ee9aab28-7d67-44a3-aefc-c66aef34af76} - C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tSrcAs.dll
R3 - URLSearchHook: (no name) - {f92a9fe4-2850-4198-b9d5-279880e49b16} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Toolbar BHO - {9d4f812f-17c3-4867-a2b5-99bd6b43a5be} - C:\PROGRA~2\PLAYFI~1\bar\1.bin\1tbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Search Assistant BHO - {d95c8f1d-d90e-4683-87f0-abcb2c53d2ad} - C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tSrcAs.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Playfin - {d30bc29f-19f6-40b3-a91f-d4707048ade6} - C:\Program Files (x86)\Playfin_1t\bar\1.bin\1tbar.dll
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [InstaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - .DEFAULT User Startup: Best Buy Software Installer.lnk = C:\Program Files\Best Buy Software Installer\Best Buy Software Installer.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/...soft/wrc32.ocx
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GRegService (Greg_Service) - Acer Incorporated - C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Updater Service - Acer - C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11394 bytes

Malwarebytes-Anti Malware Issue

0
0
My Malware Anti-Malware Program (Free Edition) is behaving oddly. Whenever I try to run a scan (Threat Scan) it seems to get stuck on 'Pre-scan operation' and eventually I have to stop/cancel the scan. When I do this the program disappears from the screen/monitor as it should but the Malwarebytes icon remains on the taskbar and cannot be deleted/removed/closed. When I click on Task Manager there is an empty window, nothing running. When I then try to turn the PC off it won't do so because Malwarebytes according to the PC is still running and the 'end now' won't work. I then have to resort to pressing the restart button at the front of the PC.
Anyone any ideas on how to solve this ?
My O.S. is Windows XP Home.

M...LOCKER/Personal file is this a virus

0
0
Here are the Farbar scans

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-08-2014
Ran by Marie (administrator) on MARIE-PC on 23-08-2014 14:46:46
Running from C:\Users\Marie\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YARNJHE.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6470760 2012-05-08] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-03-26] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [724480 2012-10-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2014-01-21] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2583139604-823116366-500879084-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2583139604-823116366-500879084-1001\...\RunOnce: [Uninstall C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910_1\amd64 "

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E67AC053A02CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/soft...3/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...0321/CTPID.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin -> C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
FF Extension: Wajam - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi [2013-02-14]

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "chrome://newtab/", "chrome://newtab/"
CHR DefaultSearchKeyword: google.co.uk
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={goo gle:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google :cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={g oogle:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\PepperFlash\pepflashplayer.dl l ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-08]
CHR Extension: (Wajam) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-11-04]
CHR Extension: (Google Wallet) - C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2013-09-08]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Marie\AppData\Local\Wajam\Chrome\wajam.crx [2012-07-26]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-05-24] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-05-24] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2011-10-19] (Creative Technology Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112128 2012-10-02] (Creative Technology Ltd)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2148816 2012-12-14] (AVG)
S2 UtilityChest_49Service; C:\PROGRA~2\UTILIT~2\bar\1.bin\49barsvc.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2014-04-15] (AVG Technologies CZ, s.r.o.)
R3 cthda; C:\Windows\System32\drivers\cthda.sys [1053024 2012-10-02] (Creative Technology Ltd)
R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [26464 2012-10-02] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
U1 StarOpen; No ImagePath
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [11880 2012-07-04] (TuneUp Software)
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 14:46 - 2014-08-23 14:46 - 00017934 _____ () C:\Users\Marie\Downloads\FRST.txt
2014-08-23 14:46 - 2014-08-23 14:46 - 00000000 ____D () C:\FRST
2014-08-23 14:45 - 2014-08-23 14:45 - 01094656 _____ (Farbar) C:\Users\Marie\Downloads\FRST.exe
2014-08-23 14:43 - 2014-08-23 14:43 - 02102784 _____ (Farbar) C:\Users\Marie\Downloads\FRST64.exe
2014-08-22 19:53 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 19:53 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 19:53 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 19:53 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 19:53 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 19:53 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 19:53 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 19:53 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 19:53 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 19:53 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 19:53 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 19:53 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 19:53 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 19:53 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-19 18:58 - 2014-08-13 16:57 - 00000205 _____ () C:\Users\Marie\Desktop\Inbox - ngcx2@marietemp.co.uk - Gmail.url
2014-08-15 11:08 - 2014-08-15 11:08 - 00012237 _____ () C:\Users\Marie\Downloads\Graham Fitch Class Rota 2014.xlsx
2014-08-15 07:30 - 2014-08-15 07:30 - 00065536 _____ () C:\Users\Marie\Downloads\x FOI request Stephen Nash 140509.xls
2014-08-15 07:29 - 2014-08-15 07:29 - 00026112 _____ () C:\Users\Marie\Downloads\x FOI request Natalie Davis 260710 2443.XLS.xls
2014-08-13 22:30 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-13 22:30 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-13 22:30 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-13 22:30 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-13 22:30 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-13 22:30 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-13 22:30 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-13 22:30 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-13 19:42 - 2014-07-24 13:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-13 19:42 - 2014-07-24 13:10 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-13 19:42 - 2014-07-24 13:10 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-13 19:42 - 2014-07-24 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-13 19:42 - 2014-07-24 13:09 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-13 19:42 - 2014-07-24 11:52 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-13 19:42 - 2014-07-24 11:52 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-13 19:42 - 2014-07-24 11:51 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-13 19:42 - 2014-07-24 11:51 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-13 19:42 - 2014-07-24 11:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-13 19:42 - 2014-07-24 11:29 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-13 19:42 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-13 19:42 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-13 19:42 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-13 19:42 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-13 19:42 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-13 19:42 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-13 19:42 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-13 19:42 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-13 19:42 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-13 19:42 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-13 19:42 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-13 19:42 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-13 19:41 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-13 19:41 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-13 19:41 - 2014-07-24 13:09 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-13 19:41 - 2014-07-24 13:09 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-13 19:41 - 2014-07-24 13:09 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-13 19:41 - 2014-07-24 13:09 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-13 19:41 - 2014-07-24 13:09 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-08-13 19:41 - 2014-07-24 13:09 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-13 19:41 - 2014-07-24 11:51 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-13 19:41 - 2014-07-24 11:51 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-13 19:41 - 2014-07-24 11:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-08-13 19:41 - 2014-07-24 11:51 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-08-13 19:41 - 2014-07-24 11:51 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-13 19:41 - 2014-07-24 10:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-08-13 19:41 - 2014-07-24 10:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-08-13 19:41 - 2014-07-16 04:25 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-13 19:41 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-13 19:41 - 2014-07-16 03:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-13 19:41 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-13 19:41 - 2014-07-16 03:12 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-13 19:41 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-13 19:41 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-13 19:41 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-13 19:41 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-13 19:41 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-13 19:41 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-13 19:41 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-13 19:41 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-13 19:41 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-13 19:41 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-13 19:41 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-13 19:41 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-13 16:57 - 2014-08-13 16:57 - 00000205 _____ () C:\Users\Marie\Desktop\Inbox - 6thhappiest@gmail.com - Gmail.url
2014-08-12 20:58 - 2014-08-12 20:58 - 00229376 _____ () C:\Users\Marie\Downloads\Order_48842.xls
2014-08-10 11:16 - 2014-08-10 11:16 - 00509440 _____ (Tech Support Guy System) C:\Users\Marie\Downloads\SysInfo (1).exe
2014-08-06 18:37 - 2014-08-23 14:42 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-06 18:37 - 2014-08-23 07:26 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-06 18:37 - 2014-08-19 17:44 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-06 18:37 - 2014-08-06 18:37 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-06 18:37 - 2014-08-06 18:37 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-06 18:37 - 2014-08-06 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-06 09:05 - 2014-08-06 09:05 - 06010880 _____ () C:\Program Files (x86)\GUT19E7.tmp
2014-08-06 09:05 - 2014-08-06 09:05 - 00000000 ____D () C:\Program Files (x86)\GUM19E6.tmp
2014-08-05 17:25 - 2014-08-05 17:25 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moneysoft
2014-07-28 08:36 - 2014-07-28 08:36 - 17286594 _____ () C:\Users\Marie\Downloads\Photos.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-23 14:46 - 2014-08-23 14:46 - 00017934 _____ () C:\Users\Marie\Downloads\FRST.txt
2014-08-23 14:46 - 2014-08-23 14:46 - 00000000 ____D () C:\FRST
2014-08-23 14:45 - 2014-08-23 14:45 - 01094656 _____ (Farbar) C:\Users\Marie\Downloads\FRST.exe
2014-08-23 14:43 - 2014-08-23 14:43 - 02102784 _____ (Farbar) C:\Users\Marie\Downloads\FRST64.exe
2014-08-23 14:42 - 2014-08-06 18:37 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-23 14:16 - 2013-05-23 17:17 - 01410751 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 14:15 - 2013-09-06 13:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 12:44 - 2009-07-14 05:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 12:44 - 2009-07-14 05:45 - 00031552 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 12:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-23 11:04 - 2013-07-11 07:37 - 00000000 ____D () C:\ProgramData\MFAData
2014-08-23 08:50 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-23 07:26 - 2014-08-06 18:37 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-23 07:23 - 2013-05-23 17:24 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-08-23 07:23 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 07:23 - 2009-07-14 05:51 - 00092317 _____ () C:\Windows\setupact.log
2014-08-22 19:49 - 2009-07-14 05:45 - 00390376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-19 19:09 - 2013-05-29 12:49 - 00000000 ____D () C:\Users\Marie\AppData\Local\Microsoft Games
2014-08-19 17:44 - 2014-08-06 18:37 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-19 11:02 - 2014-01-10 16:20 - 00000000 ___RD () C:\Users\Marie\Documents\wlm store email accounts folder
2014-08-15 12:17 - 2013-05-30 16:21 - 00000000 ____D () C:\Users\Marie\Documents\Money
2014-08-15 11:08 - 2014-08-15 11:08 - 00012237 _____ () C:\Users\Marie\Downloads\Graham Fitch Class Rota 2014.xlsx
2014-08-15 07:30 - 2014-08-15 07:30 - 00065536 _____ () C:\Users\Marie\Downloads\x FOI request Stephen Nash 140509.xls
2014-08-15 07:29 - 2014-08-15 07:29 - 00026112 _____ () C:\Users\Marie\Downloads\x FOI request Natalie Davis 260710 2443.XLS.xls
2014-08-13 22:39 - 2013-05-28 21:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-13 22:36 - 2013-08-14 22:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-13 22:33 - 2013-05-28 22:04 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-13 22:30 - 2014-05-06 20:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-13 16:57 - 2014-08-19 18:58 - 00000205 _____ () C:\Users\Marie\Desktop\Inbox - ngcx2@marietemp.co.uk - Gmail.url
2014-08-13 16:57 - 2014-08-13 16:57 - 00000205 _____ () C:\Users\Marie\Desktop\Inbox - 6thhappiest@gmail.com - Gmail.url
2014-08-12 20:58 - 2014-08-12 20:58 - 00229376 _____ () C:\Users\Marie\Downloads\Order_48842.xls
2014-08-10 11:16 - 2014-08-10 11:16 - 00509440 _____ (Tech Support Guy System) C:\Users\Marie\Downloads\SysInfo (1).exe
2014-08-07 07:02 - 2010-11-21 04:47 - 00247040 _____ () C:\Windows\PFRO.log
2014-08-07 03:06 - 2014-08-13 19:41 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-13 19:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 18:37 - 2014-08-06 18:37 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-08-06 18:37 - 2014-08-06 18:37 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-08-06 18:37 - 2014-08-06 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-08-06 18:37 - 2013-05-28 21:13 - 00000000 ____D () C:\Users\Marie\AppData\Local\Deployment
2014-08-06 18:37 - 2013-05-28 21:13 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-06 09:05 - 2014-08-06 09:05 - 06010880 _____ () C:\Program Files (x86)\GUT19E7.tmp
2014-08-06 09:05 - 2014-08-06 09:05 - 00000000 ____D () C:\Program Files (x86)\GUM19E6.tmp
2014-08-06 08:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-06 08:48 - 2014-05-05 15:27 - 00000000 ____D () C:\Users\Marie\AppData\Local\CrashDumps
2014-08-06 08:44 - 2013-10-28 11:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-08-06 08:42 - 2013-05-28 19:15 - 00000000 ____D () C:\Users\Marie
2014-08-06 08:41 - 2014-03-26 16:12 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-06 08:41 - 2014-03-26 16:12 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-08-06 08:40 - 2013-07-23 11:03 - 00000000 ____D () C:\Users\Mum
2014-08-06 08:39 - 2014-05-05 07:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-08-06 08:39 - 2014-04-10 19:07 - 00000000 ____D () C:\Program Files\Paint.NET
2014-08-06 08:39 - 2014-03-26 16:13 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-06 08:39 - 2014-03-26 16:13 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-06 08:39 - 2014-03-26 16:13 - 00000000 ____D () C:\Program Files\iTunes
2014-08-06 08:39 - 2014-03-26 16:13 - 00000000 ____D () C:\Program Files\iPod
2014-08-06 08:39 - 2014-03-26 16:13 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-06 08:39 - 2014-03-26 16:12 - 00000000 ____D () C:\ProgramData\Apple
2014-08-06 08:39 - 2014-03-26 16:12 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-06 08:39 - 2014-03-26 13:03 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2014-08-06 08:39 - 2014-03-26 13:03 - 00000000 ____D () C:\Users\Marie\AppData\Local\Amazon
2014-08-06 08:39 - 2013-08-26 09:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-08-06 08:39 - 2013-05-30 16:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Moneysoft
2014-08-06 08:39 - 2013-05-28 21:19 - 00000000 ____D () C:\Users\Marie\AppData\Local\Microsoft Help
2014-08-06 08:39 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-08-06 08:38 - 2014-03-26 16:13 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-08-06 07:59 - 2013-07-30 07:47 - 00000505 _____ () C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Gmail.website
2014-08-06 07:22 - 2010-11-21 08:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-05 17:25 - 2014-08-05 17:25 - 00000000 ____D () C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moneysoft
2014-07-28 08:36 - 2014-07-28 08:36 - 17286594 _____ () C:\Users\Marie\Downloads\Photos.zip
2014-07-24 21:03 - 2013-06-01 22:10 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 21:03 - 2013-06-01 22:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 19:22 - 2013-06-01 22:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 13:11 - 2014-08-13 19:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-24 13:10 - 2014-08-13 19:42 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-24 13:10 - 2014-08-13 19:42 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 15399936 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-24 13:09 - 2014-08-13 19:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-24 13:09 - 2014-08-13 19:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-24 13:09 - 2014-08-13 19:41 - 19279872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-24 13:09 - 2014-08-13 19:41 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-24 13:09 - 2014-08-13 19:41 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-07-24 13:09 - 2014-08-13 19:41 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-24 13:09 - 2014-08-13 19:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-07-24 13:09 - 2014-08-13 19:41 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-24 11:52 - 2014-08-13 19:42 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-24 11:52 - 2014-08-13 19:42 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 13757440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 02054656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-24 11:51 - 2014-08-13 19:42 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-24 11:51 - 2014-08-13 19:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-24 11:51 - 2014-08-13 19:41 - 14371328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-24 11:51 - 2014-08-13 19:41 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-24 11:51 - 2014-08-13 19:41 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-24 11:51 - 2014-08-13 19:41 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-24 11:51 - 2014-08-13 19:41 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-24 11:33 - 2014-08-13 19:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-24 11:29 - 2014-08-13 19:42 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-24 10:37 - 2014-08-13 19:41 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-07-24 10:32 - 2014-08-13 19:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Some content of TEMP:
====================
C:\Users\Marie\AppData\Local\temp\1ew2zydz.dll
C:\Users\Marie\AppData\Local\temp\air13A0.exe
C:\Users\Marie\AppData\Local\temp\air1E0C.exe
C:\Users\Marie\AppData\Local\temp\air8EF5.exe
C:\Users\Marie\AppData\Local\temp\DeltaTB.exe
C:\Users\Marie\AppData\Local\temp\Money Manager update.exe
C:\Users\Marie\AppData\Local\temp\setup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-19 19:32

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-08-2014
Ran by Marie at 2014-08-23 14:47:14
Running from C:\Users\Marie\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Amazon Kindle (HKCU\...\Amazon Kindle) (Version: - Amazon)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2013 (HKLM\...\AVG) (Version: 2013.0.3485 - AVG Technologies)
AVG 2013 (Version: 13.0.3485 - AVG Technologies) Hidden
AVG 2013 (Version: 13.0.3955 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 12.0.4010.19 - AVG Technologies)
AVG PC TuneUp (x32 Version: 12.0.4010.19 - AVG Technologies) Hidden
AVG PC TuneUp Language Pack (en-US) (x32 Version: 12.0.4010.19 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeepBurner Pro v1.9.0.228 (HKLM-x32\...\{1AD22277-7A1E-71EC-B27D-EB7A22BED143}) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version: - Microsoft)
Dolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)
Epson Connect Guide (HKLM-x32\...\Epson Connect Guide) (Version: - )
Epson Easy Photo Print 2 (HKLM-x32\...\{02A312B5-1542-47B6-BFE9-F51358C39E86}) (Version: 2.4.0.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{8F01524C-0676-4CC1-B4AE-64753C723391}) (Version: 3.01.0005 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.31.00 - SEIKO EPSON CORPORATION)
Epson Network Guide WF-3540 Series (HKLM-x32\...\WF-3540 Series Netg) (Version: - )
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version: - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual (HKLM-x32\...\EPSON Stylus CX7300_CX8300_DX7400_DX8400 User’s Guide) (Version: - )
Epson User's Guide WF-3540 Series (HKLM-x32\...\WF-3540 Series Useg) (Version: - )
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.225 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Search Enhancement Pack (x32 Version: 1.2.123.0 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Moneysoft Money Manager (HKLM-x32\...\{8873C319-A197-49C3-A394-14E21C189EF8}_is1) (Version: - Moneysoft Ltd.)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Neuratron PhotoScore Lite (HKLM-x32\...\Neuratron PhotoScore Lite) (Version: 5.5.1 - Neuratron Limited)
NVIDIA 3D Vision Controller Driver 306.97 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 306.97 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.23 - NVIDIA Corporation)
NVIDIA Control Panel 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 327.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
OpenOffice.org 3.1 (HKLM-x32\...\{E6B87DC4-2B3D-4483-ADFF-E483BF718991}) (Version: 3.1.9399 - OpenOffice.org)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6631 - Realtek Semiconductor Corp.)
Revo Uninstaller Pro 2.5.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 2.5.9 - VS Revo Group, Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - )
Sibelius 5 (HKLM-x32\...\{C23B8C30-E05E-4CB5-8188-F27CC3B2DD3E}) (Version: 5.2.0 - Sibelius Software)
Sibelius Scorch (all browsers) (HKLM-x32\...\{37EF63D9-3E31-45A9-A90F-BDE07CE88095}) (Version: 5.2.1 - Sibelius Software)
Sibelius Sounds Essentials (HKLM-x32\...\Sibelius Sounds Essentials) (Version: - )
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Sound Blaster Z-Series (HKLM-x32\...\{47954582-81A8-44D4-A631-E6AE58E80399}) (Version: 1.00.05 - Creative Technology Limited)
Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Wajam (HKLM-x32\...\Wajam) (Version: 2.03 - Wajam) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.1.2013.0 - BillP Studios)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2583139604-823116366-500879084-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDri veShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2583139604-823116366-500879084-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDri veShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2583139604-823116366-500879084-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDri veShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2583139604-823116366-500879084-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDri veShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2583139604-823116366-500879084-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Marie\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSy ncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

24-07-2014 18:21:42 Windows Update
01-08-2014 00:31:28 Scheduled Checkpoint
01-08-2014 07:47:28 Windows Update
06-08-2014 06:10:09 Restore Operation
06-08-2014 07:43:42 Installed Software Updater
13-08-2014 10:46:10 Scheduled Checkpoint
13-08-2014 21:30:18 Windows Update
22-08-2014 18:52:52 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-08-16 12:53 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D04D2EE-4BD9-43DF-A0F8-3AE5B75F9132} - System32\Tasks\{F0514C72-4BE9-4097-AF0A-50459B69A4B3} => C:\Program Files (x86)\Sibelius Software\Sibelius 5\Sibelius.exe [2008-09-10] (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
Task: {0DE969E7-EFF5-4775-8E3B-853F635112AB} - System32\Tasks\{CFFB5058-0BA7-48E8-98CC-6C9BC326DC37} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {15E3639D-4473-4399-871A-23AA899BF615} - System32\Tasks\{5C8E5222-1206-453C-A726-43557D8903A2} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {18D0DEA9-48B6-4942-8186-710E65F7DBDC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06] (Google Inc.)
Task: {2B5E8FF4-5E47-482B-9DAD-39FF9A2A0791} - System32\Tasks\{0628DC45-8084-4110-B41E-481380D892D4} => C:\Program Files (x86)\Sibelius Software\Sibelius 5\Sibelius.exe [2008-09-10] (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
Task: {368B50E3-377B-4AEC-A3D5-B245FD28E2FD} - System32\Tasks\{ACBFD87F-EF3F-4582-A9AC-99EEC13380AF} => C:\Program Files (x86)\Sibelius Software\Sibelius 5\Sibelius.exe [2008-09-10] (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
Task: {407A62B2-72C5-4815-834E-2325BCAB2BE3} - System32\Tasks\{D3A7B705-2691-48FB-95BA-65391CD7DA29} => Iexplore.exe http://ui.skype.com/ui/0/6.3.73.105....all?page=tsWLM
Task: {439E145E-70DF-45B0-8823-03695B872ECA} - System32\Tasks\{ACCF8C32-F3E3-43F9-B895-D4DF09952387} => C:\Program Files (x86)\Sibelius Software\Sibelius 5\Sibelius.exe [2008-09-10] (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
Task: {45506820-01AF-4029-B3FE-6C546B6C4667} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {49B4A5A9-13FE-41FF-B167-A5553E5C2A11} - System32\Tasks\{382A92F8-4A4F-44D3-BE10-E9386358059A} => C:\Program Files (x86)\Sibelius Software\Sibelius 5\Sibelius.exe [2008-09-10] (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
Task: {4F5FFA06-5FE7-48CD-B3F3-3D49183B411E} - System32\Tasks\{865313F4-1328-485C-86C8-5A7C940D6C72} => Chrome.exe
Task: {67C2327C-6874-4491-8D50-81B3944BFB00} - System32\Tasks\{A7BA773A-C807-4D36-BFFC-A4886A6A61E2} => Iexplore.exe http://ui.skype.com/ui/0/6.3.73.105....ll?page=tsMain
Task: {69B7CF25-5131-40F0-952B-885118DAF7A7} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {80D7BA6A-46C0-46CC-BD84-87936DD08286} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2012 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2012-12-14] (AVG)
Task: {91465BBD-BE9E-4DBA-9268-6DDDAFFAB498} - System32\Tasks\{2AA3ADF4-3276-43F4-A5C5-52189D83DCEF} => Chrome.exe
Task: {973CCF57-5A75-40CF-91A6-169C58682A09} - System32\Tasks\{E6F7FB56-FD9D-41E8-BF11-DB2F0F925132} => Iexplore.exe http://ui.skype.com/ui/0/6.3.73.105....all?page=tsWLM
Task: {B823D9B0-E5A7-49A3-8D7D-19D5CE32845A} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CA49A2B5-03C8-49B7-B86C-F4FCCDC12B5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-06] (Google Inc.)
Task: {CCFBCF5A-4DF0-4B2C-AD68-286F9BCF3093} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {D7D0D687-F1C6-4D0A-9C37-5FF40A0A41D0} - System32\Tasks\{F0BE06EA-717E-4076-B289-82CCC4354B36} => C:\Users\Marie\Desktop\HijackThis from Trend.exe
Task: {DD07473E-8184-4EF6-825C-81819FBF97FB} - System32\Tasks\{56620137-334E-4B59-86A5-E006CAD805E9} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {E60548E3-D501-4147-9FCE-5D8F52881D2C} - System32\Tasks\{DD54FE8E-DA7B-41D3-B594-6C1D787AB6F3} => C:\Program Files (x86)\Sibelius Software\Sibelius 5\Sibelius.exe [2008-09-10] (Sibelius Software, a division of Avid Technology, Inc. and its licensors.)
Task: {F2A356A9-9C75-4056-B814-4A4255E5FA62} - System32\Tasks\{365A9E8E-5D06-475B-8632-FA77DD380E63} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {F5B15D24-F1A2-4CEA-8B70-966B1B6C60F7} - System32\Tasks\{4567612C-B384-4611-A27C-EC6909C41FF6} => C:\Program Files (x86)\Windows Live\Mail\wlmail.exe [2014-03-31] (Microsoft Corporation)
Task: {FB33BA9F-837A-42DC-B6C0-EB36D5FFFDC6} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {FEEAC7A4-4D1D-4F2A-ABE0-BAC5F74649C0} - System32\Tasks\TidyNetwork Update => C:\Users\Marie\AppData\Local\TidyNetwork.com\tidy2update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-05-23 17:23 - 2013-09-12 08:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 21:58 - 2014-02-12 21:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-14 10:11 - 2014-08-14 10:11 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\de4aaa11d46d614b 5330b337b67e5227\IsdiInterop.ni.dll
2013-05-23 17:23 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-08-19 17:44 - 2014-08-07 04:20 - 00718152 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libglesv2.dll
2014-08-19 17:44 - 2014-08-07 04:20 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\libegl.dll
2014-08-19 17:44 - 2014-08-07 04:20 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\pdf.dll
2014-08-19 17:44 - 2014-08-07 04:20 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-08-19 17:44 - 2014-08-07 04:20 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.143\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Marie\Documents\Fellowship Garden advertising Nov 2013.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marie\Documents\Norwood Junction Stn Oct 2013.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marie\Documents\Piano Lesson Account October fees 2013 Israel.eml:OECustomProperty
AlternateDataStreams: C:\Users\Marie\Documents\Re_ Sale of Spider Plants Nov 2013.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: FUFAXRCV => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
MSCONFIG\startupreg: FUFAXSTM => "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WinPatrol => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2014 00:37:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (08/23/2014 07:24:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 07:51:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 09:21:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2014 00:50:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (08/20/2014 11:41:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 07:34:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.

Error: (08/19/2014 06:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 05:41:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 03:03:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/23/2014 07:23:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Utility ChestService service failed to start due to the following error:
%%2

Error: (08/22/2014 10:14:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/22/2014 07:49:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Utility ChestService service failed to start due to the following error:
%%2

Error: (08/21/2014 09:22:15 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.

Error: (08/21/2014 09:21:40 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/21/2014 09:20:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Utility ChestService service failed to start due to the following error:
%%2

Error: (08/20/2014 09:45:39 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/20/2014 11:40:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Utility ChestService service failed to start due to the following error:
%%2

Error: (08/19/2014 07:50:45 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (08/19/2014 06:58:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Utility ChestService service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (08/23/2014 00:37:46 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (08/23/2014 07:24:41 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2014 07:51:02 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2014 09:21:22 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/20/2014 00:50:18 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (08/20/2014 11:41:57 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 07:34:22 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: c:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dllc:\program files (x86)\microsoft\search enhancement pack\search helper\searchhelper.dll2

Error: (08/19/2014 06:59:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 05:41:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/19/2014 03:03:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2013-09-16 18:16:49.972
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\puppy\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-09-16 18:16:49.957
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\puppy\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-16 12:51:36.778
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-16 12:51:36.747
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-16 12:51:36.732
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-16 12:51:36.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-13 18:08:22.530
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-08-13 18:08:22.499
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-06-01 17:02:49.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-06-01 17:02:49.436
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\McAfee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 22%
Total physical RAM: 8122.91 MB
Available physical RAM: 6323.78 MB
Total Pagefile: 16243.99 MB
Available Pagefile: 13758.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (Windows7) (Fixed) (Total:467.6 GB) (Free:379.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive m: (Data) (Fixed) (Total:452.19 GB) (Free:437.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 937979C3)
Partition 1: (Not Active) - (Size=11.7 GB) - (Type=27)
Partition 2: (Active) - (Size=467.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=452.2 GB) - (Type=07 NTFS)

==================== End Of Log ============================

hard drive wont stop running

0
0
Please help. My hard drive is running continuously. I have run a scan with malawarebytes and it did not find anything. Below is the sysinfo.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, Intel64 Family 6 Model 42 Stepping 7
Processor Count: 4
RAM: 8028 Mb
Graphics Card: Intel(R) HD Graphics 3000, -1924 Mb
Hard Drives: C: Total - 696869 MB, Free - 532202 MB;
Motherboard: Acer, VA50_HC_HR
Antivirus: AVG AntiVirus Free Edition 2014, Updated and Enabled

Trovi and Bing have taken over Fire Fox

0
0
More info. I am now bombarded with ad windows opening saying the different drivers need updating or that i have some problem that they can fix.It is worst when i open fire fox. If I use IE it is not to bad.

Computer freezes on and off

0
0
Hello everyone.When I start my computer it works perfectly but after 10 minutes or so it starts to freeze on and off. This started a few weeks ago and I ran my Avast, malwarebytes, Spybot, superspyware, disk cleanup and defragmenter, even a system restore to a earlier time and still the same problem, you are my only hope :) Can you help me to fix it?? Thanks! Here is my info:


Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: AMD Athlon(tm) II X2 240 Processor, AMD64 Family 16 Model 6 Stepping 2
Processor Count: 2
RAM: 2815 Mb
Graphics Card: NVIDIA GeForce 6150SE nForce 430, 256 Mb
Hard Drives: C: Total - 463316 MB, Free - 348707 MB; D: Total - 13520 MB, Free - 1631 MB;
Motherboard: PEGATRON CORPORATION, 2A6C
Antivirus: avast! Antivirus, Updated and Enabled

Trojan removed now creating pwd protected files

0
0
Unfortunately, I have no idea. I'll see if I can get someone else to help with that.

All Day savings adware

0
0
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz, Intel64 Family 6 Model 37 Stepping 5
Processor Count: 4
RAM: 5814 Mb
Graphics Card: Intel(R) HD Graphics, -1316 Mb
Hard Drives: C: Total - 696869 MB, Free - 546641 MB;
Motherboard: Acer, Aspire 5733
Antivirus: Microsoft Security Essentials, Updated and Enabled

I have in the last few days inadvertently downloaded this pop-up adware (All Day savings adware). It does not appear in the program list to uninstall. I have however noticed that I have a duplicated file, the latest one being dated in the last few days and is slightly larger than the original.
Microsoft visual C++ 2008 Redistributable x64 9.0.30729.17 - original date 14/03/2012 - size 600kb
Microsoft visual C++ 2008 Redistributable x64 9.0.30729.17 - new date 22/08/2014 - size 788kb
I guess it would not be as simple as deleting the latest file.
Is there a cleaner I can use to remove or will it have to be manual.
I am not too technical but not too dumb either.
Thank you.

Weird Scan from MBAM Rootkit Scan

0
0
I just removed a good amount of malware with the help of volunteers over at bleepingcomputer but now this has shown up when i run scans with mbam. System runs fine so i'm wondering if this is a false positive?

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 7 Home Premium, Service Pack 1, 64 bit
Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz, Intel64 Family 6 Model 26 Stepping 5
Processor Count: 8
RAM: 12278 Mb
Graphics Card: NVIDIA GeForce GTX 470, 1280 Mb
Hard Drives: C: Total - 122001 MB, Free - 48456 MB; D: Total - 953866 MB, Free - 288982 MB;
Motherboard: ASUSTeK Computer INC., P6T
Antivirus: Microsoft Security Essentials, Updated and Enabled

=========================================================================== ===========

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/23/2014
Scan Time: 2:50:51 PM
Logfile: mbam-sector.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.23.05
Rootkit Database: v2014.08.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 432696
Time Elapsed: 7 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 1
Forged physical sector, Physical Sector #250064593 on Drive #0, Replace-on-Reboot, [ee51b1ef5dcf305f34b824831bc64330],

=========================================================================== ===============================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:24:40 PM, on 8/23/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\ProgramData\KeyScrambler\KeyScrambler.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
D:\mumble\mumble.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Administrator\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [KeyScrambler] C:\ProgramData\KeyScrambler\keyscrambler.exe /a
O4 - HKCU\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] "D:\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-21-3514845564-2089270939-1637311307-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [SteelSeries Engine] C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (User '?')
O4 - HKUS\S-1-5-21-3514845564-2089270939-1637311307-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [CCleaner Monitoring] "D:\CCleaner\CCleaner64.exe" /MONITOR (User '?')
O4 - HKUS\S-1-5-21-3514845564-2089270939-1637311307-501\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Guest')
O4 - HKUS\S-1-5-21-3514845564-2089270939-1637311307-501\..\Run: [CCleaner Monitoring] "D:\CCleaner\CCleaner64.exe" /MONITOR (User 'Guest')
O4 - HKUS\S-1-5-21-3514845564-2089270939-1637311307-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User '?')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'DefaultAppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'DefaultAppPool')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\bonjour\mdnsnsp.dll' missing
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{D73269F4-4E45-41D2-90F0-C203F18E1324}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9173 bytes

Frustrated with my HP

Paypal redirect

0
0
Hi I just bought my computer 2 days ago and everytime I try to go to paypal I get redirected to avangate.com.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-4700HQ CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 8
RAM: 24458 Mb
Graphics Card: NVIDIA GeForce GTX 880M, -1 Mb
Hard Drives: C: Total - 97675 MB, Free - 36503 MB; D: Total - 476932 MB, Free - 476774 MB; E: Total - 476934 MB, Free - 476776 MB; F: Total - 124902 MB, Free - 124791 MB;
Motherboard: ASUSTeK COMPUTER INC., G750JZ
Antivirus: McAfee Anti-Virus and Anti-Spyware, Updated and Enabled

I used this cleaner if it helps.

# AdwCleaner v3.308 - Report created 24/08/2014 at 13:13:59
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : kong - SUPERMAN
# Running from : C:\Users\kong\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17037


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\kong\AppData\Roaming\Mozilla\Firefox\Profiles\o3qik53r.default\pre fs.js ]


*************************

AdwCleaner[R0].txt - [989 octets] - [24/08/2014 13:13:02]
AdwCleaner[S0].txt - [915 octets] - [24/08/2014 13:13:59]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [974 octets] ##########

Tuvaro deleted!

0
0
I kept reading about the sccess stories on the adware cleaner so i decided to try it again. After a couple times and rebooting it is gone!! Thank you so much! Also, my bleeping computer.com. if you down load that will you're computer be automatically have those other apps they advertise on the same page as the download.

PC slow and warning from mcafee after some cleanup

0
0
brilliant , thanks for spending your bankholiday sunday looking at this for me , really appreciated
Viewing all 4746 articles
Browse latest View live




Latest Images