Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Acronis & Windows fails to backup, IE10 redirects & Malwarebyt

Started by Cairnsy , Jun 19 2014 05:35 AM

Acronis fails Windows backup fails IE10 redirects Malwarebytes BSOD

Please log in to reply

#1
Cairnsy

Posted 19 June 2014 - 05:35 AM

Member

Member
22 posts

Hi,

This is my first post - THANKS for all the great info over the years... it has been invaluable

I have an HP ProBook 4520s which has been running Windows 7 Pro for many years

The only upgrades are a Hybrid SSD HDD & maxed out RAM Slots

I thought I had fixed Google redirects a while ago & all seemed OK

When trying to backup using Acronis True Image Home 2012 it fails all the time with error messages like this:

"Failed to prepare data stream. Check whether the source and target partitions exist."

My Windows backup fails too with Blue Screens typical (from memory)

An IE10 upgrade failed a few weeks ago, so I gave up on that idea... Man! That was a challenge getting IE9 back & had to use... Google Chrome :smashcomp: - Now that IE10 has installed without asking & seems to be working OK (except the Google redirects now, making it virtually useless)

Upon running your recommended Malwarebytes Anti-Malware it found about 5 Filesystem Objects problems, then went to scan for Heuristic Analysis & found about 5 of those too – it seemed to hang for ages & then Blue screen!

I was able to Safe Boot, re-run Malwarebytes Anti-Malware and remove the Filesystem Objects problems by cancelling the Scan before the Heuristic Analysis started – if left to run to do a Heuristic Analysis it Blue screens! Although it doesn't find any Filesystem Objects problems now :yeah:

I have ran through your “How to fix Google Redirects”

And now I find myself posting the following OTM Report:

All processes killed
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Public\Documents\Computer Stuff\Geeks to Go\2014-06-19 Google redirect problem\cmd.bat deleted successfully.
C:\Users\Public\Documents\Computer Stuff\Geeks to Go\2014-06-19 Google redirect problem\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator

User: All Users

User: ASPNET

User: CURRENT_USER

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Ian
->Temp folder emptied: 229095019 bytes
->Temporary Internet Files folder emptied: 233795783 bytes
->Java cache emptied: 1761832 bytes
->Google Chrome cache emptied: 11258751 bytes
->Flash cache emptied: 67658 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 3125280 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 139111446 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 1543380 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 753 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 88960 bytes
RecycleBin emptied: 526004 bytes

Total Files Cleaned = 592.00 mb

Restore point Set: OTM Restore Point

[EMPTYFLASH]

User: Administrator

User: All Users

User: ASPNET

User: CURRENT_USER

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest

User: HomeGroupUser$

User: Ian
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTM by OldTimer - Version 3.1.21.0 log created on 06192014_195114

Files moved on Reboot...
C:\Users\Ian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ian\AppData\Local\Temp\JavaDeployReg.log moved successfully.
C:\Users\Ian\AppData\Local\Temp\TimeInfo.txt moved successfully.
C:\Users\Ian\AppData\Local\Temp\TrcInfo.txt moved successfully.
File C:\Users\Ian\AppData\Local\Temp\~DF45FA9DDF462B7D51.TMP not found!
File C:\Users\Ian\AppData\Local\Temp\~DF496048D5ED593A97.TMP not found!
File C:\Users\Ian\AppData\Local\Temp\~DF62B08ECFC96B51C9.TMP not found!
File C:\Users\Ian\AppData\Local\Temp\~DFB1146E93FBAC1848.TMP not found!
C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{D91E5A0C-08E3-4088-AED8-1D02D433C8D2}.tmp not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0BA2951E-DEFF-4FE0-9AE9-EC3F6E5A0BC3}.tmp not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{242DCD74-568F-4B9A-8E7C-64146D39887B}.tmp not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{618FDE8D-7EF1-4E55-B412-9785801BE423}.tmp not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{8E098724-93C7-4887-B5A6-6E74AA242A73}.tmp not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLL1L543\k3k702ZOKiLJc3WVjuplzHZ2MAKAc2x4R1uOSeegc5U[1].eot not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLL1L543\proxy[2].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLL1L543\push[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWUDNQ3F\267407-how-to-fix-google-redirects[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWUDNQ3F\coomera[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWUDNQ3F\push[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWUDNQ3F\rs=AItRSTOhbwYgLybuv8JFwyejswRNBntJZw[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWUDNQ3F\wx-icon-font-global[1].eot not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHMUZY4J\0[2].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHMUZY4J\0[9].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHMUZY4J\ads[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHMUZY4J\cJZKeOuBrn4kERxqtaUH3fY6323mHUZFJMgTvxaG2iE[1].eot not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHMUZY4J\EInbV5DfGHOiMmvb1Xr-hnZ2MAKAc2x4R1uOSeegc5U[1].eot not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHMUZY4J\proxy[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SHMUZY4J\USCA0356[2].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S97SLGYS\chat_message_52df20dbc4522c398abba5d0b6377131[1].dat not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S97SLGYS\MTP_ySUJH_bn48VBG8sNSnZ2MAKAc2x4R1uOSeegc5U[1].eot not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\S97SLGYS\recentposts[3].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HH4W5OJ2\DhmkJ2TR0QN[2].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HH4W5OJ2\dn[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HH4W5OJ2\like[5].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HH4W5OJ2\like[7].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73M1ZXQJ\88596_Q4_Home_300x250_300x250[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73M1ZXQJ\DXI1ORHCpsQm3Vp6mXoaTXZ2MAKAc2x4R1uOSeegc5U[1].eot not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73M1ZXQJ\frame[2].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73M1ZXQJ\Hgo13k-tfSpn0qi1SFdUffY6323mHUZFJMgTvxaG2iE[1].eot not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73M1ZXQJ\postmessageRelay[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73M1ZXQJ\rt=ifr[1].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Y5B5P9D\postmessageRelay[3].htm not found!
File C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5Y5B5P9D\px[1].htm not found!
File move failed. C:\Users\Ian\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Low\SkypeClickToCall\Logs\AutoUpdateSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ngp.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TimeInfo.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\TrcInfo.txt scheduled to be moved on reboot.
C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

Registry entries deleted on Reboot...

How can I get rid of the Heuristic Analysis problems, Google redirects & advertising pop-ups and get my backups working again?

Looking forward to your reply

Thanks & Regards

Ian

#2
Buddierdl

Posted 20 June 2014 - 12:29 PM

Trusted Helper

Malware Removal
2,524 posts

Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click to run it. When the tool opens click Yes to disclaimer.

Press Scan button.

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

#3
Cairnsy

Posted 20 June 2014 - 04:00 PM

Member

Topic Starter
Member
22 posts

HI Duck King,

Cool Moticon... Gota love a Duck that crashes into a Glass Plate Window!

Thanks for your reply, Farbar FRST Log below:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014
Ran by Ian (administrator) on IANS-HP-4520S on 21-06-2014 07:49:40
Running from C:\Users\Public\Documents\Computer Stuff\Geeks to Go\2014-06-19 Google redirect problem
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE
(Mentor Graphics Corporation) C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IASTORDATAMGRSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks 2013\SolidWorks\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks 2014\SolidWorks\sldworks_fs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IASTORICON.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Viewpoint Corporation) C:\Program Files (x86)\Viewpoint\Viewpoint Manager\ViewMgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Farbar) C:\Users\Public\Documents\Computer Stuff\Geeks to Go\2014-06-19 Google redirect problem\2014-06-21 01 FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-09-11] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AirCardEnabler] => [X]
HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe [120088 2007-10-29] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LauncherP255D] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2718720 2012-02-07] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [p255d RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [356352 2012-04-24] ()
HKLM-x32\...\Run: [StatusAutoRunp255d] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [4222464 2012-04-24] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-12] (SUPERAntiSpyware)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\MountPoints2: {bf8feb34-dbf7-11e0-b425-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
AppInit_DLLs: c:\progra~2\sw_x64~1.boo C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4395520 2014-04-04] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => "c:\progra~2\sw30e4~1.boo" File Not Found
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE05B7E20B70CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google....454d836ee98a656
http://www.bom.gov.a...s/coomera.shtml
http://www.weather.c.../5-day/USCA0356
http://www.quickflix.com.au/Member
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.exi...&cc=AU&unqvl=50
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.exi...&cc=AU&unqvl=50
SearchScopes: HKCU - DefaultScope {8984637A-27A6-420B-835C-E9D0E2A98CCC} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {8984637A-27A6-420B-835C-E9D0E2A98CCC} URL = https://www.google.c...?q={searchTerms}
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: BEstSSaveFForYou - {44D241F8-9A2A-DE07-82D0-6FF731756168} - C:\ProgramData\BEstSSaveFForYou\yLVY3.x64.dll ()
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.x64.dll No File
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: BEstSSaveFForYou - {44D241F8-9A2A-DE07-82D0-6FF731756168} - C:\ProgramData\BEstSSaveFForYou\yLVY3.dll ()
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.dll No File
Toolbar: HKLM-x32 - Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files (x86)\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice...ntrol-6.1.4.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://remote.wbmpl...COL /relayp.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} vpnweb.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} https://www.solidwor...dimdownload.cab
DPF: HKLM-x32 {B8E73359-3422-4384-8D27-4EA1B4C01232} https://remote.wbmpl...COL /cscopf.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF Plugin: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @caminova.com/DjVuPlugin - C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @ei.TotalRecipeSearch_14.com/Plugin - C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-05-20]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] - C:\Program Files\Web Assistant\Firefox
FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox [2012-05-20]

Chrome:
=======
CHR HomePage: hxxp://search.easylifeapp.com/
CHR RestoreOnStartup: "hxxp://search.easylifeapp.com/"
CHR StartupUrls: "hxxp://search.easylifeapp.com/"
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Docs) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-25]
CHR Extension: (Google Drive) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-25]
CHR Extension: (WebCamera360) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnhdeincpllgeldajmlncemfloafomon [2014-06-06]
CHR Extension: (YoutubeAdblocker) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb [2014-03-20]
CHR Extension: (Google Search) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-25]
CHR Extension: (Gmail Offline) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-05-25]
CHR Extension: (safaeweB) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh [2014-03-20]
CHR Extension: (Google 1 Button) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2014-03-20]
CHR Extension: (Silver Bird Plus Twitter Client) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kagejfgngcmkbaacpmcnbpkhmhoeccee [2014-06-12]
CHR Extension: (SNT) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nelfieniholaklmfjiodckbnpohlcndn [2014-03-20]
CHR Extension: (SNT) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfkcedmkkfjigkabnehdhknhcfmadgad [2014-03-20]
CHR Extension: (NextCoup) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknkdmhgjgngocoeolabhoeojfhlpgkg [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]
CHR Extension: (Gmail) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-25]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-05-20]
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx [2012-05-20]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Ian\AppData\Local\Wajam\Chrome\wajam.crx [2012-05-20]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks 2014\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2014-01-12] (Dassault Systèmes SolidWorks Corp.)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-11-12] (Fork Ltd.) [File not signed]
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-01] (McAfee, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-12-28] (Dassault Systèmes) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [131072 2012-04-24] () [File not signed]
R3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-11] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-09-15] (SolidWorks) [File not signed]
R2 uArcCapture; C:\Windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)
R2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2008-09-09] (Viewpoint Corporation) [File not signed]
S2 699fd52f; "C:\Windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 cmusbnet; C:\Windows\System32\DRIVERS\cmusbnet.sys [103936 2007-06-12] (Cmotech Co., Ltd)
S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [112768 2007-06-08] (C-motech Co.,Ltd)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-19] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [126440 2009-12-19] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-01] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-01] () [File not signed]
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-01] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2009-12-18] ()
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [29064 2007-11-06] ()
S3 SWNC8U55; C:\Windows\System32\DRIVERS\swnc8u55.sys [195584 2007-09-21] (Sierra Wireless Inc.)
S3 SWUMX55; C:\Windows\System32\DRIVERS\swumx55.sys [189056 2007-09-21] (Sierra Wireless Inc.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-21 07:49 - 2014-06-21 07:49 - 00000000 ____D () C:\FRST
2014-06-19 21:16 - 2014-06-19 21:16 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-19 21:14 - 2014-06-19 21:14 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect
2014-06-19 20:05 - 2014-06-19 20:05 - 00001130 _____ () C:\Users\Ian\Desktop\GooredFix.txt
2014-06-19 20:05 - 2014-06-19 20:05 - 00000000 ____D () C:\Users\Ian\Desktop\GooredFix Backups
2014-06-19 20:01 - 2014-06-19 20:01 - 00000000 ____D () C:\Windows\ERDNT
2014-06-19 19:51 - 2014-06-19 19:51 - 00000000 ____D () C:\_OTM
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-19 04:46 - 2014-06-19 04:47 - 00274808 _____ () C:\Windows\Minidump\061914-18642-01.dmp
2014-06-18 23:12 - 2014-06-18 23:12 - 00274808 _____ () C:\Windows\Minidump\061814-20623-01.dmp
2014-06-17 19:26 - 2014-06-17 19:26 - 00274744 _____ () C:\Windows\Minidump\061714-18408-01.dmp
2014-06-17 18:24 - 2014-06-17 18:24 - 00638192 _____ () C:\Windows\Minidump\061714-34133-01.dmp
2014-06-16 17:24 - 2014-06-16 17:25 - 00274808 _____ () C:\Windows\Minidump\061614-26332-01.dmp
2014-06-14 07:13 - 2014-06-08 19:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-14 07:13 - 2014-06-08 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-14 07:13 - 2014-04-25 12:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-14 07:13 - 2014-04-25 12:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-14 07:13 - 2014-04-05 12:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-14 07:13 - 2014-04-05 12:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 07:13 - 2014-03-27 00:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-14 07:13 - 2014-03-27 00:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 07:13 - 2014-03-27 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-14 07:13 - 2014-03-27 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-14 07:13 - 2014-03-27 00:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-14 07:13 - 2014-03-27 00:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-14 07:13 - 2014-03-27 00:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-14 07:13 - 2014-03-27 00:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-14 07:11 - 2014-05-24 12:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-14 07:11 - 2014-05-24 12:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-14 07:11 - 2014-05-24 12:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-14 07:11 - 2014-05-24 12:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-14 07:11 - 2014-05-24 12:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-14 07:11 - 2014-05-24 12:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-14 07:11 - 2014-05-24 11:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-14 07:11 - 2014-05-24 11:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 07:11 - 2014-05-24 11:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 07:11 - 2014-05-24 10:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-14 07:11 - 2014-05-24 10:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-06-12 20:20 - 2014-06-12 20:20 - 00000000 ____D () C:\ProgramData\BEstSSaveFForYou
2014-05-29 21:15 - 2014-06-19 20:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-29 21:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-29 21:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-29 21:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TX Profile Manager
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\Program Files (x86)\TX Profile Manager
2014-05-27 21:06 - 2014-05-30 03:28 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-05-27 21:06 - 2014-05-27 21:06 - 02120416 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\Ian\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\ProgramData\NextCoup
2014-05-27 21:04 - 2014-05-27 21:04 - 00000000 ____D () C:\Program Files (x86)\CeheeappMeo
2014-05-27 21:01 - 2014-05-27 21:01 - 00000000 ____D () C:\Program Files (x86)\BesotSaauveForrYou
2014-05-26 22:45 - 2014-01-09 12:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-26 22:45 - 2014-01-04 08:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-26 21:49 - 2014-06-20 21:35 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIan
2014-05-26 21:49 - 2014-06-20 21:35 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForIan.job
2014-05-25 15:51 - 2013-10-02 11:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-05-25 15:50 - 2013-10-02 12:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-05-25 15:50 - 2013-10-02 12:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-05-25 15:50 - 2013-10-02 12:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-05-25 15:50 - 2013-10-02 11:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-05-25 15:50 - 2013-10-02 11:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-05-25 15:50 - 2013-10-02 11:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-25 15:50 - 2013-10-02 10:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-25 15:50 - 2013-10-02 10:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-05-25 15:50 - 2013-10-02 10:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-05-25 15:50 - 2013-10-02 10:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-05-25 15:50 - 2013-10-02 10:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-05-25 15:50 - 2013-10-02 09:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-25 15:50 - 2013-10-02 09:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-05-25 15:50 - 2013-10-02 09:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-25 15:50 - 2013-10-02 08:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-05-25 15:50 - 2013-09-25 12:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-05-25 15:50 - 2013-09-25 11:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-05-25 15:20 - 2014-05-25 15:20 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 15:20 - 2014-05-25 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 15:17 - 2014-05-25 15:17 - 00000000 __SHD () C:\Users\Ian\AppData\Local\EmieUserList
2014-05-25 15:17 - 2014-05-25 15:17 - 00000000 __SHD () C:\Users\Ian\AppData\Local\EmieSiteList
2014-05-25 14:53 - 2014-05-25 15:31 - 00002621 _____ () C:\Windows\IE10_main.log
2014-05-25 14:52 - 2014-05-25 14:52 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Internet Explorer 10_1539962
2014-05-24 19:59 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-05-24 19:52 - 2014-05-25 15:31 - 00010267 _____ () C:\Windows\IE11_main.log
2014-05-23 07:12 - 2014-05-27 21:06 - 00000000 ____D () C:\ProgramData\BesotSaauveForrYou
2014-05-22 17:20 - 2014-05-27 21:06 - 00000000 ____D () C:\ProgramData\CeheeappMeo

==================== One Month Modified Files and Folders =======

2014-06-21 07:49 - 2014-06-21 07:49 - 00000000 ____D () C:\FRST
2014-06-21 07:43 - 2013-12-10 20:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-21 07:35 - 2011-09-11 07:59 - 01625623 _____ () C:\Windows\WindowsUpdate.log
2014-06-21 07:27 - 2009-07-14 15:13 - 00801086 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-21 07:25 - 2013-11-18 17:52 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-06-21 07:25 - 2012-12-13 20:32 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D869E3FE-BFE5-4AE4-9DD5-36499A8FDBF5}
2014-06-20 21:35 - 2014-05-26 21:49 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIan
2014-06-20 21:35 - 2014-05-26 21:49 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForIan.job
2014-06-20 17:54 - 2011-10-05 12:39 - 00000000 ____D () C:\Users\Ian\AppData\Local\TempSWBackupDirectory
2014-06-20 17:14 - 2013-12-10 20:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-19 21:16 - 2014-06-19 21:16 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-19 21:16 - 2014-04-15 06:00 - 00015714 _____ () C:\Windows\setupact.log
2014-06-19 21:14 - 2014-06-19 21:14 - 00000000 ____D () C:\Users\Ian\AppData\Local\SearchProtect
2014-06-19 21:14 - 2014-03-20 21:14 - 00000428 ____H () C:\Windows\Tasks\SW.Booster-S-990783876.job
2014-06-19 21:07 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-19 21:07 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-19 21:00 - 2011-09-11 18:57 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-06-19 20:59 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-19 20:29 - 2014-05-29 21:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 20:05 - 2014-06-19 20:05 - 00001130 _____ () C:\Users\Ian\Desktop\GooredFix.txt
2014-06-19 20:05 - 2014-06-19 20:05 - 00000000 ____D () C:\Users\Ian\Desktop\GooredFix Backups
2014-06-19 20:01 - 2014-06-19 20:01 - 00000000 ____D () C:\Windows\ERDNT
2014-06-19 19:51 - 2014-06-19 19:51 - 00000000 ____D () C:\_OTM
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-19 04:47 - 2014-06-19 04:46 - 00274808 _____ () C:\Windows\Minidump\061914-18642-01.dmp
2014-06-19 04:46 - 2014-05-04 21:27 - 849582712 _____ () C:\Windows\MEMORY.DMP
2014-06-19 04:46 - 2011-12-14 05:25 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 23:12 - 2014-06-18 23:12 - 00274808 _____ () C:\Windows\Minidump\061814-20623-01.dmp
2014-06-18 22:26 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-06-18 20:19 - 2011-09-22 10:02 - 00000000 ____D () C:\Users\Ian\AppData\Local\SolidWorks
2014-06-17 21:06 - 2014-05-04 07:37 - 00006748 _____ () C:\Windows\PFRO.log
2014-06-17 19:49 - 2014-03-30 08:10 - 00000000 ____D () C:\ProgramData\Assistant
2014-06-17 19:49 - 2012-05-20 10:48 - 00000000 ____D () C:\Program Files\Web Assistant
2014-06-17 19:26 - 2014-06-17 19:26 - 00274744 _____ () C:\Windows\Minidump\061714-18408-01.dmp
2014-06-17 18:24 - 2014-06-17 18:24 - 00638192 _____ () C:\Windows\Minidump\061714-34133-01.dmp
2014-06-16 20:46 - 2011-09-11 18:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-16 20:45 - 2012-02-01 07:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-16 17:25 - 2014-06-16 17:24 - 00274808 _____ () C:\Windows\Minidump\061614-26332-01.dmp
2014-06-16 07:28 - 2014-05-07 07:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 07:12 - 2013-08-22 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 07:09 - 2011-09-15 10:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-16 07:09 - 2011-09-11 08:54 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 20:20 - 2014-06-12 20:20 - 00000000 ____D () C:\ProgramData\BEstSSaveFForYou
2014-06-12 20:20 - 2014-03-20 21:11 - 00000000 ____D () C:\ProgramData\f8bb9531aeead637
2014-06-12 20:08 - 2011-09-11 21:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-10 18:01 - 2012-10-27 09:43 - 00000000 ____D () C:\Users\Ian\Documents\Aeromodelling
2014-06-10 07:43 - 2013-02-09 08:50 - 00000000 ____D () C:\Users\Ian\Documents\House Stuff
2014-06-09 06:50 - 2011-09-22 11:05 - 00000000 ____D () C:\Users\Ian\AppData\Local\Deployment
2014-06-08 19:13 - 2014-06-14 07:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 19:08 - 2014-06-14 07:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-04 20:35 - 2013-12-30 12:28 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-30 05:14 - 2011-09-11 20:45 - 00000000 ____D () C:\Users\Public\Documents\Computer Stuff
2014-05-30 03:28 - 2014-05-27 21:06 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-05-29 21:46 - 2012-04-01 21:30 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-29 21:46 - 2011-09-11 08:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-29 18:41 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\Public\Documents\Marie's Stuff
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TX Profile Manager
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\Program Files (x86)\TX Profile Manager
2014-05-28 21:35 - 2013-05-23 21:18 - 00005120 _____ () C:\Users\Ian\AppData\Roaming\SpektrumTelemetryView.pre
2014-05-27 21:06 - 2014-05-27 21:06 - 02120416 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\Ian\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-27 21:06 - 2014-05-27 21:06 - 00000000 ____D () C:\ProgramData\NextCoup
2014-05-27 21:06 - 2014-05-23 07:12 - 00000000 ____D () C:\ProgramData\BesotSaauveForrYou
2014-05-27 21:06 - 2014-05-22 17:20 - 00000000 ____D () C:\ProgramData\CeheeappMeo
2014-05-27 21:06 - 2014-03-20 21:12 - 00000000 ____D () C:\ProgramData\SafEweB
2014-05-27 21:06 - 2014-03-20 21:12 - 00000000 ____D () C:\Program Files (x86)\SafEweB
2014-05-27 21:05 - 2013-12-30 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2014-05-27 21:05 - 2013-05-02 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profili
2014-05-27 21:05 - 2013-05-02 17:28 - 00000000 ____D () C:\Program Files (x86)\ProfiliV2
2014-05-27 21:04 - 2014-05-27 21:04 - 00000000 ____D () C:\Program Files (x86)\CeheeappMeo
2014-05-27 21:01 - 2014-05-27 21:01 - 00000000 ____D () C:\Program Files (x86)\BesotSaauveForrYou
2014-05-26 17:29 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\Public\Documents\Funny Stuff
2014-05-25 15:52 - 2009-07-14 13:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-25 15:37 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-25 15:31 - 2014-05-25 14:53 - 00002621 _____ () C:\Windows\IE10_main.log
2014-05-25 15:31 - 2014-05-24 19:52 - 00010267 _____ () C:\Windows\IE11_main.log
2014-05-25 15:20 - 2014-05-25 15:20 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-25 15:20 - 2014-05-25 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-05-25 15:20 - 2012-03-05 20:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-25 15:17 - 2014-05-25 15:17 - 00000000 __SHD () C:\Users\Ian\AppData\Local\EmieUserList
2014-05-25 15:17 - 2014-05-25 15:17 - 00000000 __SHD () C:\Users\Ian\AppData\Local\EmieSiteList
2014-05-25 14:52 - 2014-05-25 14:52 - 00000000 ____D () C:\Program Files (x86)\sweetpacks bundle uninstaller_Internet Explorer 10_1539962
2014-05-24 20:08 - 2011-09-11 08:12 - 00001413 _____ () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-24 20:01 - 2011-09-12 01:20 - 00000000 ____D () C:\Windows\Panther
2014-05-24 12:48 - 2014-06-14 07:11 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-24 12:47 - 2014-06-14 07:11 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-24 12:47 - 2014-06-14 07:11 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-24 12:46 - 2014-06-14 07:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-24 12:45 - 2014-06-14 07:11 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-24 12:45 - 2014-06-14 07:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-24 12:45 - 2014-06-14 07:11 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-24 11:26 - 2014-06-14 07:11 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-24 11:26 - 2014-06-14 07:11 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-24 11:26 - 2014-06-14 07:11 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-24 11:26 - 2014-06-14 07:11 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-24 11:26 - 2014-06-14 07:11 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-24 11:26 - 2014-06-14 07:11 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-24 11:25 - 2014-06-14 07:11 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-24 11:25 - 2014-06-14 07:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-24 11:09 - 2014-06-14 07:11 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-24 11:03 - 2014-06-14 07:11 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-24 10:13 - 2014-06-14 07:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-05-24 10:06 - 2014-06-14 07:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

Files to move or delete:
====================
C:\ProgramData\PKP_DLeo.DAT
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
C:\Users\Ian\WebVpnRegKey6-remote-wbmpl-com-au.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-18 22:19

==================== End Of Log ============================

Additional file is also attached

Looking forward to your reply

Thanks & Regards

Ian

Attached Files

Addition.txt 56.25KB 366 downloads

#4
Buddierdl

Posted 22 June 2014 - 11:08 AM

Trusted Helper

Malware Removal
2,524 posts

Hi,

That is a very long log. I will have some instructions for you on Monday.

#5
Buddierdl

Posted 23 June 2014 - 08:06 AM

Trusted Helper

Malware Removal
2,524 posts

Cool Moticon... Gota love a Duck that crashes into a Glass Plate Window!

Daffy Duck is quite the character!

Moving on,

Ok. Quite a bit to do. Will probably take a few passes. Please let me know if there is any improvement after these steps.

Step 1: Uninstalls.

Please uninstall the following programs using the "Programs and Features" menu in the control panel (unless you purposely installed them and want to keep them, then let me know).

SNT
Assistant
SkypEmoticons
Web Assistant 2.0.0.600
Anything related to Viewpoint:
- Viewpoint Manager
- Viewpoint Media Player
- Viewpoint Toolbar

Step 2: Remove Chrome extensions.

Click the Chrome menu on the browser toolbar.
Click Tools.
Select Extensions.
Click the trash can icon by the following extensions.
- safaeweB
- SNT
- NextCoup
- wajam
A confirmation dialog appears, click Remove.

Step 3: Run FRST fix. Please move FRST to your desktop, and also save the attached fixlist.txt to your desktop. Then run FRST again and select "Fix." Post the resulting fixlog.txt.

Step 4: Run JRT.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Things I need in your next reply:

FRST fixlog
JRT log
How is your computer running now? Any more redirects?

Attached Files

fixlist.txt 3.64KB 267 downloads

#6
Cairnsy

Posted 24 June 2014 - 04:42 AM

Member

Topic Starter
Member
22 posts

Hi Buddierdl,

Thanks for all that, much appreciated

Redirects & annoying pop-ups seem to have been removed - COOL!

As usual - when trying to uninstall "Assistant" I get the error:

"There was a problem starting C:\PROGRA~3\ASSIST~1\ASSIST~1.DLL"

"The specified module could not be found."

The Microsoft Fixit is as usual unable to see it, and then asks for an install key!

FRST fixlog below:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-06-2014
Ran by Ian at 2014-06-24 17:54:10 Run:1
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-23] (Client Connect LTD)
AppInit_DLLs: c:\progra~2\sw_x64~1.boo C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL => C:\ProgramData\Assistant\Assistant_x64.dll [4395520 2014-04-04] ()
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-23] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => "c:\progra~2\sw30e4~1.boo" File Not Found
C:\Program Files (x86)\SearchProtect
c:\progra~2\sw30e4~1.boo
c:\progra~2\sw_x64~1.boo
C:\ProgramData\Assistant
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.easylifeapp.com/
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.exi...&cc=AU&unqvl=50
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.exi...&cc=AU&unqvl=50
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
BHO: BEstSSaveFForYou - {44D241F8-9A2A-DE07-82D0-6FF731756168} - C:\ProgramData\BEstSSaveFForYou\yLVY3.x64.dll ()
C:\ProgramData\BEstSSaveFForYou
BHO: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.x64.dll No File
C:\Program Files (x86)\NextCoup
BHO-x32: BEstSSaveFForYou - {44D241F8-9A2A-DE07-82D0-6FF731756168} - C:\ProgramData\BEstSSaveFForYou\yLVY3.dll ()
BHO-x32: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files (x86)\Viewpoint\Viewpoint Toolbar\3.9.0\ViewBarBHO.dll (Viewpoint Corporation)
Toolbar: HKLM-x32 - Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files (x86)\Common Files\Viewpoint\Toolbar Runtime\3.9.0\IEViewBar.dll (Viewpoint Corporation)
FF Plugin-x32: @viewpoint.com/VMP - C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll (Viewpoint Corporation)
R2 Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [24652 2008-09-09] (Viewpoint Corporation) [File not signed]
BHO-x32: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.dll No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
FF Plugin-x32: @ei.TotalRecipeSearch_14.com/Plugin - C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll (TotalRecipeSearch)
C:\Program Files (x86)\TotalRecipeSearch_14EI
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-05-23] (Client Connect LTD)
S2 699fd52f; "C:\Windows\system32\rundll32.exe" "c:\progra~3\assist~1\AssistantSvc.dll",service
C:\Users\Ian\AppData\Local\SearchProtect
C:\ProgramData\NextCoup
C:\Program Files (x86)\CeheeappMeo
C:\Program Files (x86)\BesotSaauveForrYou
C:\ProgramData\CeheeappMeo
Folder: C:\ProgramData\f8bb9531aeead637
C:\Program Files (x86)\SearchProtect
C:\ProgramData\NextCoup
C:\ProgramData\BesotSaauveForrYou
C:\ProgramData\CeheeappMeo
C:\ProgramData\SafEweB
C:\Program Files (x86)\SafEweB
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
Task: {6217DF82-5436-4C3A-97AF-C1AB3A9B8213} - System32\Tasks\SW.Booster-S-990783876 => c:\programdata\appure\sw.booster\SW.Booster.exe <==== ATTENTION
c:\programdata\appure
Task: C:\Windows\Tasks\SW.Booster-S-990783876.job => c:\programdata\appure\sw.booster\SW.Booster.exe
*****************

"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
" c:\progra~2\sw_x64~1.boo C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
" c:\progra~2\sw30e4~1.boo" => Value Data not found.
"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"c:\progra~2\sw30e4~1.boo" => File/Directory not found.
c:\progra~2\sw_x64~1.boo => Moved successfully.
C:\ProgramData\Assistant => Moved successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44D241F8-9A2A-DE07-82D0-6FF731756168}' => Key deleted successfully.
'HKCR\CLSID\{44D241F8-9A2A-DE07-82D0-6FF731756168}' => Key deleted successfully.

"C:\ProgramData\BEstSSaveFForYou" directory move:

C:\ProgramData\BEstSSaveFForYou\yLVY3.dat => Moved successfully.
C:\ProgramData\BEstSSaveFForYou\yLVY3.dll => Moved successfully.
C:\ProgramData\BEstSSaveFForYou\yLVY3.tlb => Moved successfully.
C:\ProgramData\BEstSSaveFForYou\yLVY3.x64.dll => Moved successfully.
Could not move "C:\ProgramData\BEstSSaveFForYou" directory. => Scheduled to move on reboot.

'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
'HKCR\CLSID\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
C:\Program Files (x86)\NextCoup => Moved successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44D241F8-9A2A-DE07-82D0-6FF731756168}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{44D241F8-9A2A-DE07-82D0-6FF731756168}' => Key deleted successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7327C09-B521-4EDB-8509-7D2660C9EC98}'=> Key not found.
'HKCR\Wow6432Node\CLSID\{A7327C09-B521-4EDB-8509-7D2660C9EC98}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{F8AD5AA5-D966-4667-9DAF-2561D68B2012} => Value not found.
'HKCR\Wow6432Node\CLSID\{F8AD5AA5-D966-4667-9DAF-2561D68B2012}'=> Key not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@viewpoint.com/VMP'=> Key not found.
C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll not found.
Viewpoint Manager Service => Service not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{F57F2283-FAA5-883D-4454-CE70306B2D43}' => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => value deleted successfully.
'HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}'=> Key not found.
'HKLM\Software\Wow6432Node\MozillaPlugins\@ei.TotalRecipeSearch_14.com/Plugin' => Key deleted successfully.
C:\Program Files (x86)\TotalRecipeSearch_14EI\Installr\1.bin\NP14EISB.dll => Moved successfully.
C:\Program Files (x86)\TotalRecipeSearch_14EI => Moved successfully.
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
CltMngSvc => Service not found.
699fd52f => Service deleted successfully.
"C:\Users\Ian\AppData\Local\SearchProtect" => File/Directory not found.
C:\ProgramData\NextCoup => Moved successfully.
C:\Program Files (x86)\CeheeappMeo => Moved successfully.
C:\Program Files (x86)\BesotSaauveForrYou => Moved successfully.
C:\ProgramData\CeheeappMeo => Moved successfully.

========================= Folder: C:\ProgramData\f8bb9531aeead637 ========================

2014-05-27 21:06 - 2014-05-27 21:06 - 0079724 _____ () C:\ProgramData\f8bb9531aeead637\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}
2014-03-20 21:13 - 2014-03-20 21:13 - 0037462 _____ () C:\ProgramData\f8bb9531aeead637\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
2014-03-20 21:11 - 2014-05-27 21:06 - 0000910 _____ () C:\ProgramData\f8bb9531aeead637\{497C131E-2032-051B-B32A-C69A960FBB13}
2014-05-27 21:06 - 2014-05-27 21:06 - 0002666 _____ () C:\ProgramData\f8bb9531aeead637\{497C131E-2032-051B-B32A-C69A960FBB13}.old
2014-03-20 21:13 - 2014-03-20 21:13 - 0029380 _____ () C:\ProgramData\f8bb9531aeead637\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}
2014-03-29 20:37 - 2014-03-29 20:37 - 0000892 _____ () C:\ProgramData\f8bb9531aeead637\{B5DB572D-EA87-D3B0-08F6-4D153EA6A783}
2014-03-20 21:15 - 2014-06-24 17:44 - 0000866 _____ () C:\ProgramData\f8bb9531aeead637\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
2014-06-24 17:44 - 2014-06-24 17:44 - 0037418 _____ () C:\ProgramData\f8bb9531aeead637\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old
2014-05-27 21:01 - 2014-05-27 21:01 - 0000898 _____ () C:\ProgramData\f8bb9531aeead637\{F6A71DC7-28F4-C6C7-8FA9-8A56C80FC96A}
2014-05-27 21:04 - 2014-05-27 21:04 - 0000868 _____ () C:\ProgramData\f8bb9531aeead637\{F6C44C71-2CFE-8176-3A4D-CBD0DCE5AEFA}
2014-06-12 20:20 - 2014-06-12 20:20 - 0000512 _____ () C:\ProgramData\f8bb9531aeead637\0f839359446eec4cba746061f27383bc.ini
2014-03-28 17:43 - 2014-03-28 17:43 - 0000501 _____ () C:\ProgramData\f8bb9531aeead637\2a0b23fa8d6e74d4ba746061f27383bc.ini
2014-05-23 07:12 - 2014-05-23 07:12 - 0000158 _____ () C:\ProgramData\f8bb9531aeead637\60b6132765a7b0abba746061f27383bc.ini
2014-06-12 07:23 - 2014-06-12 07:23 - 0000162 _____ () C:\ProgramData\f8bb9531aeead637\8452e691c1478e9aba746061f27383bc.ini
2014-03-28 17:43 - 2014-03-28 17:43 - 0000346 _____ () C:\ProgramData\f8bb9531aeead637\8c84dcdc46445dd6ba746061f27383bc.ini
2014-06-12 07:23 - 2014-06-12 07:23 - 0000361 _____ () C:\ProgramData\f8bb9531aeead637\a4972f3d267d7857ba746061f27383bc.ini
2014-05-22 17:20 - 2014-05-22 17:20 - 0000502 _____ () C:\ProgramData\f8bb9531aeead637\c639ec01ae8d99a9ba746061f27383bc.ini
2014-06-06 07:20 - 2014-06-06 07:20 - 0000357 _____ () C:\ProgramData\f8bb9531aeead637\d08d3ab0b9962d8dba746061f27383bc.ini
2014-05-23 07:12 - 2014-05-23 07:12 - 0000160 _____ () C:\ProgramData\f8bb9531aeead637\eb6fe1e673371e2eba746061f27383bc.ini
2014-05-23 07:12 - 2014-05-23 07:12 - 0000514 _____ () C:\ProgramData\f8bb9531aeead637\f5cc729cb4343855ba746061f27383bc.ini

====== End of Folder: ======

"C:\Program Files (x86)\SearchProtect" => File/Directory not found.
"C:\ProgramData\NextCoup" => File/Directory not found.
C:\ProgramData\BesotSaauveForrYou => Moved successfully.
"C:\ProgramData\CeheeappMeo" => File/Directory not found.
C:\ProgramData\SafEweB => Moved successfully.
C:\Program Files (x86)\SafEweB => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6217DF82-5436-4C3A-97AF-C1AB3A9B8213}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6217DF82-5436-4C3A-97AF-C1AB3A9B8213}' => Key deleted successfully.
C:\Windows\System32\Tasks\SW.Booster-S-990783876 => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SW.Booster-S-990783876' => Key deleted successfully.
c:\programdata\appure => Moved successfully.
C:\Windows\Tasks\SW.Booster-S-990783876.job => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-24 17:57:43)<=

C:\ProgramData\BEstSSaveFForYou => Is moved successfully.

==== End of Fixlog ====

JRT log below:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Ian on Tue 24/06/2014 at 19:51:25.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ilivid
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\totalrecipesearch_14ei
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\totalrecipesearch_14installer.start
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\totalrecipesearch_14installer.start.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\au__rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetup_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetup_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_installer_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibar_installer_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\incredibartoolbar_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{c670dcae-e392-aa32-6f42-143c7fc4bdfd}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

~~~ Files

Successfully deleted: [File] "C:\end"

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\snt"
Successfully deleted: [Folder] "C:\ProgramData\viewpoint"
Successfully deleted: [Folder] "C:\Users\Ian\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\Ian\appdata\locallow\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Ian\appdata\locallow\viewpoint"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
Successfully deleted: [Folder] "C:\Program Files (x86)\snt"
Successfully deleted: [Folder] "C:\Program Files (x86)\viewpoint"
Successfully deleted: [Folder] "C:\Program Files (x86)\youtubeadblocker"
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{06FCD481-9E33-4796-ACE8-79DE9F04487A}
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{33297DEB-718C-44FB-BEB7-D363CBF6A74B}
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{42A35C34-988A-45BE-81B9-510975CDB810}
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{4B472D8A-7C53-4C45-9879-975B7C64C5E5}
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{8F8723E9-7937-49C6-BBC0-C91064CE149F}
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{A0D311B4-3187-4F71-9A2B-17F7F5EF5032}
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{DD92C095-2104-4805-BF92-B25D0F2C4768}
Successfully deleted: [Empty Folder] C:\Users\Ian\appdata\local\{EC2F2768-CBC7-4E9E-92A5-7F8D412F3A0E}

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 24/06/2014 at 19:57:30.83
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Looking forward to your reply

Best Regards

Ian

#7
Buddierdl

Posted 24 June 2014 - 09:01 AM

Trusted Helper

Malware Removal
2,524 posts

Ok. Let's run this next. Please don't select "Clean" until I can review the log for false positives.

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
Copy and paste the contents of that logfile in your next reply.
A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

#8
Cairnsy

Posted 25 June 2014 - 02:22 AM

Member

Topic Starter
Member
22 posts

Hi Buddierdl,

The only entry vaguely familiar is the DivX entry, log below:

# AdwCleaner v3.213 - Report created 25/06/2014 at 18:17:03
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ian - IANS-HP-4520S
# Running from : C:\Users\Ian\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
Folder Found : C:\Program Files (x86)\Common Files\Viewpoint
Folder Found : C:\Program Files (x86)\FindBiestDeaal
Folder Found : C:\ProgramData\FindBiestDeaal
Folder Found : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Found : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
Folder Found : C:\Users\Administrator\AppData\Local\torch
Folder Found : C:\Users\ASPNET\AppData\Local\Chromatic Browser
Folder Found : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Found : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
Folder Found : C:\Users\ASPNET\AppData\Local\torch
Folder Found : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Found : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
Folder Found : C:\Users\Guest\AppData\Local\torch
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
Folder Found : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Found : C:\Users\Ian\AppData\Local\Chromatic Browser
Folder Found : C:\Users\Ian\AppData\Local\torch
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Found : HKCU\Software\RegisteredApplicationsEx
Key Found : HKCU\Software\Viewpoint
Key Found : [x64] HKCU\Software\RegisteredApplicationsEx
Key Found : [x64] HKCU\Software\Viewpoint
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Found : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\BesutoSSaavEForYou.BesutoSSaavEForYou
Key Found : HKLM\SOFTWARE\Classes\BesutoSSaavEForYou.BesutoSSaavEForYou.2.3
Key Found : HKLM\SOFTWARE\Classes\CheapMe.CheapMe
Key Found : HKLM\SOFTWARE\Classes\CheapMe.CheapMe.5.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Found : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Found : HKLM\Software\DeviceVM
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
Key Found : HKLM\Software\Viewpoint
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : [x64] HKLM\SOFTWARE\DeviceVM
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : [x64] HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages] - hxxps://mail.google.com/mail/u/0/#inbox/146ce65d55eb1c8e
hxxp://www.bom.gov.au/qld/forecasts/coomera.shtml
hxxp://www.quickflix.com.au/Member

-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8648 octets] - [25/06/2014 18:17:03]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8708 octets] ##########

Thanks & Regards

Ian

#9
Buddierdl

Posted 25 June 2014 - 08:07 AM

Trusted Helper

Malware Removal
2,524 posts

Let's let AdwCleaner delete all that. The DivX is related to an adware toolbar. You may want to uncheck these entries, however, if you added these pages as your home pages in IE:

hxxps://mail.google.com/mail/u/0/#inbox/146ce65d55eb1c8e
hxxp://www.bom.gov.au/qld/forecasts/coomera.shtml
hxxp://www.quickflix.com.au/Member

Run AdwCleaner again, and deselect the above entries. Then select the "Clean" button and post the log.

Also, please run FRST again, select the "Addition" checkbox, and post fresh FRST scan logs.

#10
Cairnsy

Posted 25 June 2014 - 03:24 PM

Member

Topic Starter
Member
22 posts

HI Buddierdl,

OK, no worries

Computer is running pretty well now - it will be interesting to see if backups work OK after all this is done

Adware Cleaner Log below:

# AdwCleaner v3.213 - Report created 26/06/2014 at 07:05:24
# Updated 23/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Ian - IANS-HP-4520S
# Running from : C:\Users\Ian\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\FindBiestDeaal
Folder Deleted : C:\Program Files (x86)\FindBiestDeaal
Folder Deleted : C:\Program Files (x86)\Common Files\Viewpoint
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\ASPNET\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\ASPNET\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\Ian\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Ian\AppData\Local\torch
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccolccmohopkgoffmolbdoilcaafgoeb
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
Folder Deleted : C:\Users\ASPNET\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfhhaahefeimdflogdjnjiehcjmpmhhh
File Deleted : C:\Program Files (x86)\Mozilla Firefox\user.js

***** [ Shortcuts ] *****

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Key Deleted : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\BesutoSSaavEForYou.BesutoSSaavEForYou
Key Deleted : HKLM\SOFTWARE\Classes\BesutoSSaavEForYou.BesutoSSaavEForYou.2.3
Key Deleted : HKLM\SOFTWARE\Classes\CheapMe.CheapMe
Key Deleted : HKLM\SOFTWARE\Classes\CheapMe.CheapMe.5.1
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{699fd52f}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8E5B29C2-BC6E-40BE-B881-AEE35B1F4035}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{7FD01813-B1B4-4B02-2704-A036AA975ABF}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{FABF19C8-88E1-0726-300A-13CE573A8F47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3B181CF2-878B-4758-8FBD-59D8AC5AB12D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{490A5A0F-1471-47FF-8BB5-719F1F5238AD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\Viewpoint
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Web Assistant
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~3\ASSIST~1\ASSIST~2.DLL

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16921

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [8900 octets] - [25/06/2014 18:17:03]
AdwCleaner[R1].txt - [8960 octets] - [26/06/2014 07:02:59]
AdwCleaner[S0].txt - [8415 octets] - [26/06/2014 07:05:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8475 octets] ##########

FRST Log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-06-2014
Ran by Ian (administrator) on IANS-HP-4520S on 26-06-2014 07:17:48
Running from C:\Users\Ian\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE
(Mentor Graphics Corporation) C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IASTORICON.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks 2013\SolidWorks\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks 2014\SolidWorks\sldworks_fs.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IASTORDATAMGRSVC.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Farbar) C:\Users\Ian\Desktop\01 FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-09-11] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AirCardEnabler] => [X]
HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe [120088 2007-10-29] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LauncherP255D] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2718720 2012-02-07] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [p255d RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [356352 2012-04-24] ()
HKLM-x32\...\Run: [StatusAutoRunp255d] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [4222464 2012-04-24] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-12] (SUPERAntiSpyware)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\MountPoints2: {bf8feb34-dbf7-11e0-b425-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
AppInit_DLLs: c:\progra~2\sw_x64~1.boo => c:\progra~2\sw_x64~1.boo File Not Found
AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => "c:\progra~2\sw30e4~1.boo" File Not Found
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x876F7D6E058ECF01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice...ntrol-6.1.4.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://remote.wbmpl...COL /relayp.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} vpnweb.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} https://www.solidwor...dimdownload.cab
DPF: HKLM-x32 {B8E73359-3422-4384-8D27-4EA1B4C01232} https://remote.wbmpl...COL /cscopf.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 202.125.32.4 202.125.32.5

FireFox:
========
FF Plugin: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @caminova.com/DjVuPlugin - C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (NextCoup) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknkdmhgjgngocoeolabhoeojfhlpgkg [2014-05-27]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks 2014\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2014-01-12] (Dassault Systèmes SolidWorks Corp.)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-11-12] (Fork Ltd.) [File not signed]
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-01] (McAfee, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-12-28] (Dassault Systèmes) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [131072 2012-04-24] () [File not signed]
R3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-11] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-09-15] (SolidWorks) [File not signed]
R2 uArcCapture; C:\Windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-25 18:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-25 18:16 - 2014-06-26 07:05 - 00000000 ____D () C:\AdwCleaner
2014-06-25 18:16 - 2014-06-25 18:16 - 01342659 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-06-25 17:26 - 2014-06-25 20:42 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForIan.job
2014-06-25 17:26 - 2014-06-25 17:26 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIan
2014-06-24 19:57 - 2014-06-24 19:57 - 00007281 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-06-24 19:51 - 2014-06-24 19:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 19:50 - 2014-06-24 19:49 - 01016261 _____ (Thisisu) C:\Users\Ian\Desktop\02 JRT.exe
2014-06-24 17:52 - 2014-06-26 07:17 - 00027147 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-06-24 17:49 - 2014-06-21 07:49 - 02083328 _____ (Farbar) C:\Users\Ian\Desktop\01 FRST64.exe
2014-06-24 17:34 - 2014-06-24 17:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-22 06:40 - 2014-06-22 06:40 - 00274808 _____ () C:\Windows\Minidump\062214-22807-01.dmp
2014-06-21 07:49 - 2014-06-26 07:17 - 00000000 ____D () C:\FRST
2014-06-19 20:05 - 2014-06-19 20:05 - 00001130 _____ () C:\Users\Ian\Desktop\GooredFix.txt
2014-06-19 20:05 - 2014-06-19 20:05 - 00000000 ____D () C:\Users\Ian\Desktop\GooredFix Backups
2014-06-19 20:01 - 2014-06-19 20:01 - 00000000 ____D () C:\Windows\ERDNT
2014-06-19 19:51 - 2014-06-19 19:51 - 00000000 ____D () C:\_OTM
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-19 04:46 - 2014-06-19 04:47 - 00274808 _____ () C:\Windows\Minidump\061914-18642-01.dmp
2014-06-18 23:12 - 2014-06-18 23:12 - 00274808 _____ () C:\Windows\Minidump\061814-20623-01.dmp
2014-06-17 19:26 - 2014-06-17 19:26 - 00274744 _____ () C:\Windows\Minidump\061714-18408-01.dmp
2014-06-17 18:24 - 2014-06-17 18:24 - 00638192 _____ () C:\Windows\Minidump\061714-34133-01.dmp
2014-06-16 17:24 - 2014-06-16 17:25 - 00274808 _____ () C:\Windows\Minidump\061614-26332-01.dmp
2014-06-14 07:13 - 2014-06-08 19:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-14 07:13 - 2014-06-08 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-14 07:13 - 2014-04-25 12:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-14 07:13 - 2014-04-25 12:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-14 07:13 - 2014-04-05 12:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-14 07:13 - 2014-04-05 12:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 07:13 - 2014-03-27 00:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-14 07:13 - 2014-03-27 00:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 07:13 - 2014-03-27 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-14 07:13 - 2014-03-27 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-14 07:13 - 2014-03-27 00:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-14 07:13 - 2014-03-27 00:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-14 07:13 - 2014-03-27 00:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-14 07:13 - 2014-03-27 00:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-14 07:11 - 2014-05-24 12:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-14 07:11 - 2014-05-24 12:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-14 07:11 - 2014-05-24 12:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-14 07:11 - 2014-05-24 12:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-14 07:11 - 2014-05-24 12:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-14 07:11 - 2014-05-24 12:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-14 07:11 - 2014-05-24 11:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-14 07:11 - 2014-05-24 11:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 07:11 - 2014-05-24 11:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 07:11 - 2014-05-24 10:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-14 07:11 - 2014-05-24 10:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-05-29 21:15 - 2014-06-19 20:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-29 21:15 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-29 21:15 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-29 21:15 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TX Profile Manager
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\Program Files (x86)\TX Profile Manager
2014-05-27 21:06 - 2014-05-27 21:06 - 02120416 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe

==================== One Month Modified Files and Folders =======

2014-06-26 07:17 - 2014-06-24 17:52 - 00027147 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-06-26 07:17 - 2014-06-21 07:49 - 00000000 ____D () C:\FRST
2014-06-26 07:16 - 2012-12-13 20:32 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D869E3FE-BFE5-4AE4-9DD5-36499A8FDBF5}
2014-06-26 07:15 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 07:15 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 07:13 - 2011-09-11 07:59 - 01895407 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 07:13 - 2009-07-14 15:13 - 00801086 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 07:09 - 2013-12-10 20:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 07:07 - 2014-04-15 06:00 - 00016554 _____ () C:\Windows\setupact.log
2014-06-26 07:07 - 2013-11-18 17:52 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-06-26 07:07 - 2011-09-11 18:57 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-06-26 07:07 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 07:06 - 2014-05-04 07:37 - 00007054 _____ () C:\Windows\PFRO.log
2014-06-26 07:05 - 2014-06-25 18:16 - 00000000 ____D () C:\AdwCleaner
2014-06-26 07:05 - 2012-05-20 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-25 20:56 - 2013-12-10 20:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 20:42 - 2014-06-25 17:26 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForIan.job
2014-06-25 18:16 - 2014-06-25 18:16 - 01342659 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-06-25 17:50 - 2011-09-22 10:02 - 00000000 ____D () C:\Users\Ian\AppData\Local\SolidWorks
2014-06-25 17:49 - 2011-10-05 12:39 - 00000000 ____D () C:\Users\Ian\AppData\Local\TempSWBackupDirectory
2014-06-25 17:26 - 2014-06-25 17:26 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIan
2014-06-25 17:25 - 2011-09-11 08:12 - 00000000 ____D () C:\Users\Ian
2014-06-24 19:59 - 2014-05-25 15:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-24 19:57 - 2014-06-24 19:57 - 00007281 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-06-24 19:51 - 2014-06-24 19:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 19:51 - 2013-12-10 20:48 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 19:50 - 2013-12-10 20:48 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 19:49 - 2014-06-24 19:50 - 01016261 _____ (Thisisu) C:\Users\Ian\Desktop\02 JRT.exe
2014-06-24 17:44 - 2014-03-20 21:11 - 00000000 ____D () C:\ProgramData\f8bb9531aeead637
2014-06-24 17:36 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-24 17:34 - 2014-06-24 17:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-23 21:20 - 2012-02-01 07:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-23 21:20 - 2011-09-11 18:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-23 20:32 - 2013-05-04 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-06-23 12:47 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\Public\Documents\Travel
2014-06-23 07:12 - 2013-12-30 12:36 - 00000000 ____D () C:\Program Files (x86)\GPSBabel
2014-06-22 06:40 - 2014-06-22 06:40 - 00274808 _____ () C:\Windows\Minidump\062214-22807-01.dmp
2014-06-22 06:40 - 2014-05-04 21:27 - 1073410552 _____ () C:\Windows\MEMORY.DMP
2014-06-22 06:40 - 2011-12-14 05:25 - 00000000 ____D () C:\Windows\Minidump
2014-06-21 07:49 - 2014-06-24 17:49 - 02083328 _____ (Farbar) C:\Users\Ian\Desktop\01 FRST64.exe
2014-06-19 20:29 - 2014-05-29 21:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-19 20:05 - 2014-06-19 20:05 - 00001130 _____ () C:\Users\Ian\Desktop\GooredFix.txt
2014-06-19 20:05 - 2014-06-19 20:05 - 00000000 ____D () C:\Users\Ian\Desktop\GooredFix Backups
2014-06-19 20:01 - 2014-06-19 20:01 - 00000000 ____D () C:\Windows\ERDNT
2014-06-19 19:51 - 2014-06-19 19:51 - 00000000 ____D () C:\_OTM
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-19 04:47 - 2014-06-19 04:46 - 00274808 _____ () C:\Windows\Minidump\061914-18642-01.dmp
2014-06-18 23:12 - 2014-06-18 23:12 - 00274808 _____ () C:\Windows\Minidump\061814-20623-01.dmp
2014-06-18 22:26 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 19:26 - 2014-06-17 19:26 - 00274744 _____ () C:\Windows\Minidump\061714-18408-01.dmp
2014-06-17 18:24 - 2014-06-17 18:24 - 00638192 _____ () C:\Windows\Minidump\061714-34133-01.dmp
2014-06-16 17:25 - 2014-06-16 17:24 - 00274808 _____ () C:\Windows\Minidump\061614-26332-01.dmp
2014-06-16 07:28 - 2014-05-07 07:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 07:12 - 2013-08-22 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 07:09 - 2011-09-15 10:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-16 07:09 - 2011-09-11 08:54 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 20:08 - 2011-09-11 21:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-10 18:01 - 2012-10-27 09:43 - 00000000 ____D () C:\Users\Ian\Documents\Aeromodelling
2014-06-10 07:43 - 2013-02-09 08:50 - 00000000 ____D () C:\Users\Ian\Documents\House Stuff
2014-06-09 06:50 - 2011-09-22 11:05 - 00000000 ____D () C:\Users\Ian\AppData\Local\Deployment
2014-06-08 19:13 - 2014-06-14 07:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 19:08 - 2014-06-14 07:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-30 05:14 - 2011-09-11 20:45 - 00000000 ____D () C:\Users\Public\Documents\Computer Stuff
2014-05-29 21:46 - 2012-04-01 21:30 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-29 21:46 - 2011-09-11 08:29 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-29 21:15 - 2014-05-29 21:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-29 18:41 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\Public\Documents\Marie's Stuff
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TX Profile Manager
2014-05-28 21:37 - 2014-05-28 21:37 - 00000000 ____D () C:\Program Files (x86)\TX Profile Manager
2014-05-28 21:35 - 2013-05-23 21:18 - 00005120 _____ () C:\Users\Ian\AppData\Roaming\SpektrumTelemetryView.pre
2014-05-27 21:06 - 2014-05-27 21:06 - 02120416 _____ (their database support use requirements) C:\Windows\SysWOW64\setup.exe
2014-05-27 21:05 - 2013-05-02 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Profili
2014-05-27 21:05 - 2013-05-02 17:28 - 00000000 ____D () C:\Program Files (x86)\ProfiliV2

Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\nsjC61F.exe
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe
C:\Users\Ian\AppData\Local\Temp\vmgrremok.exe

==================== Bamital & volsnap Check =================

LastRegBack: 2014-06-18 22:19

==================== End Of Log ============================

Addition.txt Log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-06-2014
Ran by Ian at 2014-06-26 07:18:09
Running from C:\Users\Ian\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
3D XML Player (HKLM\...\{52FDBE6F-53FE-47C5-8D49-6366555D7056}) (Version: 12.36.12304 - Dassault Systemes)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.506.5829 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.506.5829 - ABBYY) Hidden
Acronis True Image Home 2012 (HKLM-x32\...\{BE0CD30D-69A6-4B3A-857D-218C2C32E912}Visible) (Version: 15.0.7119 - Acronis)
Acronis True Image Home 2012 (x32 Version: 15.0.7119 - Acronis) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.4.0.2710 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{553255F3-78FD-40F1-A6F8-6882140265FE}) (Version: 1.2.1 - Apple Inc.)
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 1.0.23.26 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.43.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 1.0.0.26 - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
ATI Catalyst Install Manager (HKLM\...\{0C23986C-11FF-C8B3-1CBC-591EBA542882}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 2070 Bluetooth 3.0 (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.5600 - Broadcom Corporation)
Bulk Rename Utility 2.7.1.2 (HKLM\...\Bulk Rename Utility_is1) (Version: - TGRMN Software)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2011.0316.116.298 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2011.0316.116.298 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2011.0316.116.298 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Czech (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Danish (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Dutch (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help English (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Finnish (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help French (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help German (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Greek (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Italian (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Japanese (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Korean (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Polish (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Russian (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Spanish (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Swedish (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Thai (x32 Version: 2011.0316.0115.298 - ATI) Hidden
CCC Help Turkish (x32 Version: 2011.0316.0115.298 - ATI) Hidden
ccc-core-static (x32 Version: 2011.0316.116.298 - ATI) Hidden
ccc-utility64 (Version: 2011.0316.116.298 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.0.10055 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.0.10055 - Cisco Systems, Inc.) Hidden
COSMOSM 2013 x64 Edition (2010/290) (Version: 21.000.001 - SolidWorks Corporation) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 5.0.1.9 - Hewlett-Packard)
DIM version 5.0 (HKLM-x32\...\{6DE074E7-920D-41EA-AB31-80BD61FB6AAA}_is1) (Version: 5.0 - Alan Light)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
Document Express DjVu Plug-in (HKLM\...\{7A6B4BF8-961E-4A50-BE30-6721DAF83739}) (Version: 6.1.31831 - Caminova, Inc.)
DocuPrint P255 d_dw (HKLM-x32\...\InstallShield_{89BD10A5-0189-4D08-9ABE-B5BA3E1F5F6A}) (Version: 1.028.00 - Fuji Xerox)
DocuPrint P255 d_dw (x32 Version: 1.028.00 - Fuji Xerox) Hidden
Download Navigator (HKLM-x32\...\{445C3B1B-2C9B-441E-92E0-BD0868E710A1}) (Version: 2.0.0 - SEIKO EPSON CORPORATION)
DraftSight x64 (HKLM\...\{E25EC9C8-3F12-4905-B7BC-CBD6209FB373}) (Version: 12.0.1301 - Dassault Systemes)
Drive Encryption for HP ProtectTools (HKLM-x32\...\Drive Encryption) (Version: 5.0.6.0 - Hewlett-Packard)
Drive Encryption for HP ProtectTools (Version: 5.0.6.0 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version: - DVD Shrink)
Elevated Installer (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
EPSON Artisan 837 Series Printer Uninstall (HKLM\...\EPSON Artisan 837 Series) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - Seiko Epson Corporation)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Extended Asian Language font pack for Adobe Reader XI (HKLM-x32\...\{AC76BA86-7AD7-2530-0000-A00000000004}) (Version: 11.0.0 - Adobe Systems Incorporated)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 5.0.1.2 - Hewlett-Packard)
Garmin BaseCamp (HKLM-x32\...\{DF1C5B60-29DE-463C-BF2C-708D95F3F752}) (Version: 3.3.2 - Garmin Ltd or its subsidiaries)
Garmin City Navigator Australia And New Zealand NT 2013.10 Update (HKLM-x32\...\{D8077FA2-97A4-48C6-BDCA-C3E426B06FF9}) (Version: 13.10.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{d6f59919-3fd4-48c5-8404-def6f92d8422}) (Version: 2.3.17.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.3.17.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Gtk# for .Net 2.12.10 (HKLM-x32\...\{550B72C4-F404-4812-971F-947E835A877E}) (Version: 2.12.10 - Novell, Inc.)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{67C090D6-109A-47D7-8DED-4160C4D96F32}) (Version: 4.0.4.1 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{71663900-662B-48F4-9485-8EFF21B9E8B1}) (Version: 1.1.8.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)
HP Product Detection (HKLM-x32\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 5.12.754 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 5.12.754 - Hewlett-Packard Company) Hidden
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F487D}) (Version: 1.0.1.63 - DeviceVM, Inc.)
HP QuickWeb (HKLM-x32\...\{7861911B-4270-498A-8F7A-FCF0570F48BB}) (Version: 1.0.1.69 - DeviceVM, Inc.)
HP Software Framework (HKLM-x32\...\{A807CEB4-96A8-46A8-A298-C3AA87B47B00}) (Version: 4.0.59.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50012.0 - Sonix)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HyperCam 2 (HKLM-x32\...\HyperCam 2) (Version: 2.26.00 - Hyperionics Technology LLC)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6300.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.32 - Irfan Skiljan)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ SE Development Kit 6 Update 27 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0160270}) (Version: 1.6.0.270 - Oracle)
LightScribe System Software (HKLM-x32\...\{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}) (Version: 1.18.22.2 - LightScribe)
LizardTech DjVu Control (autoinstall) (HKLM-x32\...\DjVu) (Version: - )
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.98 - LSI Corporation)
Machinery's Handbook 27 (HKLM-x32\...\Application_X_1.0) (Version: - )
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x64) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x64) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2005 Tools for Applications - ENU (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Applications - ENU) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Applications - ENU (x32 Version: 8.0.50727.146 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Guide EPSON Artisan 837 Series (HKLM-x32\...\EPSON Artisan 837 Series Netg) (Version: - )
Nikon File Uploader 2 (HKLM-x32\...\{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}) (Version: 2.0.2 - Nikon)
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon)
OneSteel OSPC (HKLM-x32\...\{0C37891A-4254-4EDF-8B4B-28C2EA2F02F2}) (Version: 1.02.08 - OneSteel)
PhoenixRC (HKLM-x32\...\{7A8985B1-3936-49B1-8F58-4B826A497155}) (Version: 2.5.19 - Runtime Games Ltd)
Photoview 360 Network Render Client 2013 SP03 x64 Edition (Version: 21.30.60 - SolidWorks Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Picture Control Utility (HKLM-x32\...\{87441A59-5E64-4096-A170-14EFE67200C3}) (Version: 1.2.1 - Nikon)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.11 - Nikon)
Pocketmags Offline Reader (HKCU\...\d25cd259a3d7df31) (Version: 0.9.2.0 - Pocketmags)
Pre-Boot Security for HP ProtectTools (Version: 5.0.7.1 - Hewlett-Packard) Hidden
PrimoPDF -- brought to you by Nitro PDF Software (HKLM-x32\...\PrimoPDF) (Version: 5 - Nitro PDF Software)
Privacy Manager for HP ProtectTools (HKLM\...\{32394B71-1E8E-4233-8958-B84F4CDC8F4D}) (Version: 5.11.814 - Hewlett-Packard Company)
QuickTime (HKLM-x32\...\{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}) (Version: 7.66.71.0 - Apple Inc.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 1.12.0016 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30109 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SolidWorks 2013 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20130-40000-1100-100) (Version: 21.0.0.5024 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP01 (HKLM-x32\...\SolidWorks Installation Manager 20130-40100-1100-100) (Version: 21.1.0.52 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20130-40200-1100-100) (Version: 21.2.0.50 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP03 (HKLM-x32\...\SolidWorks Installation Manager 20130-40300-1100-100) (Version: 21.3.0.60 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP03 (Version: 21.130.60 - SolidWorks) Hidden
SolidWorks 2014 x64 Edition SP0 (HKLM-x32\...\SolidWorks Installation Manager 20140-40000-1100-100) (Version: 22.0.0.5018 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP01 (HKLM-x32\...\SolidWorks Installation Manager 20140-40100-1100-100) (Version: 22.1.0.44 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP02 (HKLM-x32\...\SolidWorks Installation Manager 20140-40200-1100-100) (Version: 22.2.0.40 - SolidWorks Corporation)
SolidWorks 2014 x64 Edition SP02 (Version: 22.120.40 - SolidWorks) Hidden
SolidWorks Composer Player 2014 SP0 x64 Edition (Version: 22.00.5018 - Dassault Systemes SolidWorks) Hidden
SolidWorks eDrawings 2013 x64 Edition SP03 (Version: 13.3.111 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks eDrawings 2014 x64 Edition SP02 (Version: 14.2.116 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Explorer 2013 SP03 x64 Edition (Version: 21.30.60 - SolidWorks Corporation) Hidden
SolidWorks Explorer 2014 SP02 x64 Edition (Version: 22.20.40 - SolidWorks Corporation) Hidden
SolidWorks Flow Simulation 2013 SP0 x64 Edition (Version: 21.00.5025 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP0 x64 Edition (Version: 21.00.5024 - SolidWorks Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.0.1118 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.24.0 - Synaptics Incorporated)
Telstra Turbo Connection Manager (HKLM-x32\...\{0D4D333F-9321-4FC5-BB65-AD0DE414AD70}) (Version: 5.0.1546.1 - Sierra Wireless Inc)
Telstra Turbo Modem Manager (HKLM-x32\...\{A3E07804-B5DB-43E1-AEBD-DC89422CF254}) (Version: 1.00.0000 - C-motech)
Theft Recovery (HKLM-x32\...\InstallShield_{33C9F24B-1D92-4632-A915-81E3BB1D5D6B}) (Version: 5.1.0.18 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.18 - Hewlett-Packard) Hidden
TotalMedia Suite update (x32 Version: 1.0.0.1 - ArcSoft) Hidden
TX Profile Manager version 1.0.9.1 (HKLM-x32\...\{4048CE6C-A586-4932-B081-0403166B1F0B}_is1) (Version: 1.0.9.1 - Andrew Powell)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
User's Guide EPSON Artisan 837 Series (HKLM-x32\...\EPSON Artisan 837 Series Useg) (Version: - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.5 - Nikon)
Windows 7 Default Setting (HKLM-x32\...\{5BF8E079-D6E2-4323-B794-75152371122A}) (Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\3134FEF0E1D959EC0CC2E458C94B7057B2AC0CC9) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00) (HKLM\...\88EB56038379B8B7DCFB4D2448A60F52E064B265) (Version: 10/22/2009 2.06.00 - FTDI)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4.9310D8F796442B71068C511E15D70529A702D19D.1) (Version: 4.2.3972 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.3972 - Zinio LLC) Hidden

==================== Restore Points =========================

18-06-2014 11:17:43 Windows Backup
19-06-2014 09:55:20 OTM Restore Point
20-06-2014 11:48:15 Windows Update
25-06-2014 08:28:14 Windows Update

==================== Hosts content: ==========================

2009-07-14 12:34 - 2014-06-19 19:51 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {34B2B3D4-0513-4D36-B54A-082BA4AFC525} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3D19EEB5-64A1-40EA-BFEA-F731DF8B5D53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {68779A07-7A75-4E7F-94AB-8684059498DD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {7FCEFE3B-4EB9-4224-9B38-1DB0DBE720C4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe [2014-05-27] (Microsoft)
Task: {9857E52D-EEDC-451A-B96B-DD69A7EEB8B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-10] (Google Inc.)
Task: {B501CC33-120D-4957-899E-94CF6E8F8D0C} - System32\Tasks\HPCeeScheduleForIan => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {BE361E59-B2B5-4FB5-9535-90827E7B9F56} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-19] (Piriform Ltd)
Task: {F1284A25-25F9-4CAB-9E2E-CBF365457C72} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FC351C02-ACE7-4E31-B4EB-211E56CE3CAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FCF985A7-E40E-4DE3-86EA-147C5972EEC8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FDDC0688-528F-4B87-B6FD-12CCCB6402D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForIan.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-01-16 21:31 - 2012-02-13 14:07 - 00021504 _____ () C:\Windows\System32\fxt6n1alm.dll
2014-01-16 21:31 - 2012-03-30 16:22 - 00020992 _____ () C:\Windows\System32\fxtpn1aLM.DLL
2013-09-29 08:41 - 2011-03-01 08:37 - 00095008 _____ () C:\Windows\System32\Primomonnt.dll
2014-01-16 21:31 - 2012-04-18 10:06 - 13331456 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\fxt6n1aRC.DLL
2014-01-16 21:01 - 2012-04-17 14:50 - 11049472 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\fxtpn1arc.xrs
2010-02-11 13:50 - 2010-02-11 13:50 - 00746256 _____ () C:\Windows\system32\SUPSDK.dll
2009-11-23 09:24 - 2009-11-23 09:24 - 01412608 ____R () C:\Windows\system32\LIBEAY32.dll
2010-04-20 08:10 - 2010-04-20 08:10 - 00100352 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2012-04-24 17:53 - 2012-04-24 17:53 - 00131072 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
2010-06-08 23:55 - 2010-06-08 23:55 - 00173856 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2011-10-01 21:44 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2013-03-29 11:34 - 2013-03-29 11:34 - 00276008 _____ () C:\Program Files\SolidWorks 2013\SolidWorks\sldBodyDiffu.dll
2014-01-12 11:06 - 2014-01-12 11:06 - 00276008 _____ () C:\Program Files\SolidWorks 2014\SolidWorks\sldBodyDiffu.dll
2012-04-24 17:53 - 2012-04-24 17:53 - 04222464 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
2012-04-24 17:53 - 2012-04-24 17:53 - 00316416 _____ () C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
2010-07-21 14:33 - 2010-07-21 14:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2011-03-14 14:20 - 2011-03-14 14:20 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2011-03-16 01:14 - 2011-03-16 01:14 - 00270336 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 14:33 - 2010-07-21 14:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-04-27 18:33 - 2012-04-27 18:33 - 00435552 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll
2014-02-18 05:52 - 2014-02-18 05:52 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\bfd5296be62268bc7a31a424f0d1ad5f\IsdiInterop.ni.dll
2011-09-11 10:34 - 2010-03-04 14:08 - 00058880 ____R () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2012-04-27 19:09 - 2012-04-27 19:09 - 00018784 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: DraftSight API Service => 2
MSCONFIG\Services: Garmin Core Update Service => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: LightScribeService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SolidWorks Background Downloader.lnk => C:\Windows\pss\SolidWorks Background Downloader.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: Cisco AnyConnect Secure Mobility Agent for Windows => "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: File Sanitizer => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: se => "C:\Users\Ian\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
MSCONFIG\startupreg: Telstra_TM => C:\Program Files (x86)\Telstra\Telstra Turbo Modem\Bin\Demon6280.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/25/2014 05:24:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 34823698

Error: (06/25/2014 05:24:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 34823698

Error: (06/25/2014 05:24:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2014 07:44:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9969

Error: (06/25/2014 07:44:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9969

Error: (06/25/2014 07:44:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2014 07:00:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36664806

Error: (06/25/2014 07:00:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 36664806

Error: (06/25/2014 07:00:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (06/25/2014 06:59:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 36662294

System errors:
=============
Error: (06/26/2014 07:08:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (06/26/2014 07:08:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (06/25/2014 08:43:43 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (06/25/2014 08:42:23 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 6:41:33 PM on ‎25/‎06/‎2014 was unexpected.

Error: (06/25/2014 05:36:14 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.177.570.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (06/25/2014 07:09:55 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.177.570.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Microsoft Office Sessions:
=========================
Error: (03/26/2014 06:16:46 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2498 seconds with 480 seconds of active time. This session ended with a crash.

Error: (11/22/2013 07:00:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 16 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/21/2013 05:33:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 37 seconds with 0 seconds of active time. This session ended with a crash.

Error: (08/12/2013 07:14:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.

Error: (07/05/2013 09:33:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 9619 seconds with 420 seconds of active time. This session ended with a crash.

Error: (01/26/2013 08:40:02 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 16714 seconds with 720 seconds of active time. This session ended with a crash.

Error: (01/10/2013 05:20:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 259035 seconds with 2820 seconds of active time. This session ended with a crash.

Error: (11/29/2012 10:16:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 575 seconds with 480 seconds of active time. This session ended with a crash.

Error: (08/24/2012 05:42:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 37789 seconds with 120 seconds of active time. This session ended with a crash.

Error: (06/01/2012 01:41:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 283 seconds with 60 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-05-04 10:24:16.608
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:16.522
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:14.332
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:14.249
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:12.085
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:12.001
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:09.788
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:09.706
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:07.532
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-05-04 10:24:07.436
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 8047.43 MB
Available physical RAM: 5184.6 MB
Total Pagefile: 16093.04 MB
Available Pagefile: 12564.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:449.77 GB) (Free:67.38 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:14.11 GB) (Free:2.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.64 GB) (Free:0.89 GB) FAT32
Drive z: () (Fixed) (Total:0.23 GB) (Free:0.19 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D1A418AC)
Partition 1: (Active) - (Size=235 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

Thanks & Regards

Ian

#11
Buddierdl

Posted 26 June 2014 - 02:31 PM

Trusted Helper

Malware Removal
2,524 posts

Ok. There are a few more things to get rid of.

Could you please open MSCONFIG and re-enable the item named "se." We need to re-enable it in order to delete it. Then run a fresh FRST scan (no need for the addition checkbox this time).

Also, we still have one bad chome extension, NextCoup. Could you please uninstall it like you did the other extension before.

Then try and see if you can run a Malwarebytes scan and post the log for me.

Also, could you please upload the file C:\Windows\SysWOW64\setup.exe to VirusTotal and send me a link to the results page.

#12
Cairnsy

Posted 28 June 2014 - 04:27 AM

Member

Topic Starter
Member
22 posts

Hi Buddierdl,

Thanks for helping me this far – it’s running heaps better already

I didn’t see NextCoup before and have deleted it in Chrome this time. I also “Fixed” it in Malwarebytes – but it still seems to be present in the log though.

One thing I didn’t mention before was the Laptop doesn’t come out of Hibernation mode very well – sometimes OK, other times not.

On restart, there’s some message about the hiberfil.sys file – I’ve been meaning to sort this out, but it’s mostly just an annoyance. I have now deleted the hiberfil.sys file & turned off hibernation thru a CMD prompt.

The reason I mention it is that Malwarebytes scan does still have the BSOD– previously I thought it choked on the Heuristic Scan, but I now wonder if it chokes before it gets there with some pretty large system files

I’ve had a few BSOD’s & problems, but Malwarebytes seemed to run to the end... then Blue Screened again!

Link to VirusTotal scan is here https://www.virustotal.com/en/file/fb02305266692b382b734dbc231f23db3081762f85c4b56079ce177e8c0a166e/analysis/1403950927/ - doesn’t look that flash!

Scan results below:

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2014

Ran by Ian (administrator) on IANS-HP-4520S on 28-06-2014 20:03:39

Running from C:\Users\Ian\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Safe Mode (with Networking)

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Farbar) C:\Users\Ian\Desktop\2014-06-28 FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-09-11] (IDT, Inc.)

HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)

HKLM-x32\...\Run: [DTRun] => C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)

HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AirCardEnabler] => [X]

HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe [120088 2007-10-29] (Sierra Wireless Inc.)

HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [LauncherP255D] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2718720 2012-02-07] (Fuji Xerox Co., Ltd.)

HKLM-x32\...\Run: [p255d RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [356352 2012-04-24] ()

HKLM-x32\...\Run: [StatusAutoRunp255d] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [4222464 2012-04-24] ()

HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)

HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,

Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]

HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-12] (SUPERAntiSpyware)

HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)

HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [se] => "C:\Users\Ian\AppData\Roaming\SkypEmoticons\SE.exe" /minimized

HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\MountPoints2: {bf8feb34-dbf7-11e0-b425-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe

HKU\S-1-5-21-4005721135-716239972-1406188448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-12] (SUPERAntiSpyware)

HKU\S-1-5-21-4005721135-716239972-1406188448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)

HKU\S-1-5-21-4005721135-716239972-1406188448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)

HKU\S-1-5-21-4005721135-716239972-1406188448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-4005721135-716239972-1406188448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [se] => "C:\Users\Ian\AppData\Roaming\SkypEmoticons\SE.exe" /minimized

HKU\S-1-5-21-4005721135-716239972-1406188448-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {bf8feb34-dbf7-11e0-b425-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe

AppInit_DLLs: c:\progra~2\sw_x64~1.boo => c:\progra~2\sw_x64~1.boo File Not Found

AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => "c:\progra~2\sw30e4~1.boo" File Not Found

Lsa: [Notification Packages] DPPassFilter scecli

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk

ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk

ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)

Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File

ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google....46d7acd64af47c1

http://www.bom.gov.a...s/coomera.shtml

http://www.quickflix.com.au/Member

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x876F7D6E058ECF01

SearchScopes: HKLM-x32 - DefaultScope value is missing.

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - DefaultScope {0DEFB678-726B-4CB3-8267-2AED22056469} URL = https://www.google.c...q={searchTerms}

SearchScopes: HKCU - {0DEFB678-726B-4CB3-8267-2AED22056469} URL = https://www.google.c...q={searchTerms}

BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.x64.dll No File

BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.dll No File

DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice...ntrol-6.1.4.cab

DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab

DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab

DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://remote.wbmpl...COL /relayp.cab

DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} vpnweb.cab

DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab

DPF: HKLM-x32 {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} https://www.solidwor...dimdownload.cab

DPF: HKLM-x32 {B8E73359-3422-4384-8D27-4EA1B4C01232} https://remote.wbmpl...COL /cscopf.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:

========

FF Plugin: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()

FF Plugin: @caminova.com/DjVuPlugin - C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)

FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)

FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)

FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt

FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-27]

Chrome:

=======

CHR HomePage:

CHR DefaultSearchKeyword: google.com.au

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]

CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]

Malwarebytes LOG:

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 28/06/2014

Scan Time: 8:07:21 AM

Logfile:

Administrator: Yes

Version: 2.00.2.1012

Malware Database: v2014.06.27.09

Rootkit Database: v2014.06.23.02

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Ian

Scan Type: Threat Scan

Result: Cancelled

Objects Scanned: 73752

Time Elapsed: 3 min, 39 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Disabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 1

PUP.Optional.Multiplug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3D0F43D9-C1D7-733C-01F8-4A3001BF8CC3}, Quarantined, [aacb85f892e9290d99c70b7e25dc05fb],

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 1

PUP.Optional.Multiplug, C:\ProgramData\NextCoup\t99ngyea.exe, Quarantined, [aacb85f892e9290d99c70b7e25dc05fb],

Physical Sectors: 0

(No malicious items detected)

(end)

Looking forward to your reply

Ian

#13
Buddierdl

Posted 28 June 2014 - 06:21 AM

Trusted Helper

Malware Removal
2,524 posts

It looks like the FRST log got cut off. Could you paste the whole thing?

Was MBAM able to finish once? Could you zip and upload the latest memory dumps in C:\Windows\Minidump? If the upload is too big, you might have to use dropbox or a similar file sharing service.

#14
Cairnsy

Posted 28 June 2014 - 02:30 PM

Member

Topic Starter
Member
22 posts

Hi Buddierdl,

Yep - MBAM took FRST out with the BSOD

Minidumps are attached

2014-06-29 FRST log is below:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-06-2014
Ran by Ian (administrator) on IANS-HP-4520S on 29-06-2014 06:06:41
Running from C:\Users\Ian\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fork Ltd.) C:\Prey\platform\windows\cronsvc.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe
(Hewlett-Packard Development Company, L.P) C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.EXE
(Mentor Graphics Corporation) C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(ArcSoft, Inc.) C:\Windows\system\uArcCapture.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks 2013\SolidWorks\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks 2014\SolidWorks\sldworks_fs.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IASTORICON.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Sierra Wireless Inc.) C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmW.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IASTORDATAMGRSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.EXE
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Farbar) C:\Users\Ian\Desktop\2014-06-28 FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2174760 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [489472 2011-09-11] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-04] (Intel Corporation)
HKLM-x32\...\Run: [DTRun] => C:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [518656 2009-11-18] (ArcSoft Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2011-03-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AirCardEnabler] => [X]
HKLM-x32\...\Run: [WatcherHelper] => C:\Program Files (x86)\Telstra\Telstra Turbo Connection Manager\WaHelper.exe [120088 2007-10-29] (Sierra Wireless Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [LauncherP255D] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\Launcher\fxlaunch.exe [2718720 2012-02-07] (Fuji Xerox Co., Ltd.)
HKLM-x32\...\Run: [p255d RUN] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmRun.exe [356352 2012-04-24] ()
HKLM-x32\...\Run: [StatusAutoRunp255d] => C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmpl.exe [4222464 2012-04-24] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-12] (SUPERAntiSpyware)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1095000 2013-12-13] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-04-23] (Samsung)
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\Run: [se] => "C:\Users\Ian\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
HKU\S-1-5-21-4005721135-716239972-1406188448-1000\...\MountPoints2: {bf8feb34-dbf7-11e0-b425-806e6f6e6963} - F:\SWSETUP\APPINSTL\hpsoftwaresetup.exe
AppInit_DLLs: c:\progra~2\sw_x64~1.boo => c:\progra~2\sw_x64~1.boo File Not Found
AppInit_DLLs-x32: c:\progra~2\sw30e4~1.boo => "c:\progra~2\sw30e4~1.boo" File Not Found
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Fast Start.lnk
ShortcutTarget: SolidWorks 2013 Fast Start.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2014 Fast Start.lnk
ShortcutTarget: SolidWorks 2014 Fast Start.lnk -> C:\Windows\Installer\{4FFA60C4-9A8B-4C9E-8265-2241B266304C}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software LLC)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.ninemsn.com.au/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-AU
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://mail.google....46d7acd64af47c1
http://www.bom.gov.a...s/coomera.shtml
http://www.quickflix.com.au/Member
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.au/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x876F7D6E058ECF01
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {0DEFB678-726B-4CB3-8267-2AED22056469} URL = https://www.google.c...?q={searchTerms}
SearchScopes: HKCU - {0DEFB678-726B-4CB3-8267-2AED22056469} URL = https://www.google.c...?q={searchTerms}
BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.x64.dll No File
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: NextCoup - {F57F2283-FAA5-883D-4454-CE70306B2D43} - C:\Program Files (x86)\NextCoup\YAeMM61.dll No File
DPF: HKLM-x32 {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://biz.lgservice...ntrol-6.1.4.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: HKLM-x32 {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://remote.wbmpl...COL /relayp.cab
DPF: HKLM-x32 {538793D5-659C-4639-A56C-A179AD87ED44} vpnweb.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: HKLM-x32 {AB6633A8-60A9-4F5D-B66C-ABE268CC3227} https://www.solidwor...dimdownload.cab
DPF: HKLM-x32 {B8E73359-3422-4384-8D27-4EA1B4C01232} https://remote.wbmpl...COL /cscopf.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1

FireFox:
========
FF Plugin: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin\NP3DXMLPlugin.dll ()
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll ()
FF Plugin: @caminova.com/DjVuPlugin - C:\Program Files\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @3ds.com/3dxml - C:\Program Files\Dassault Systemes\3D XML Player\win_b64\code\bin32\NP3DXMLPlugin.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @caminova.com/DjVuPlugin - C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-01-03]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-27]

Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: google.com.au
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (Google Wallet) - C:\Users\Ian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-25]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [140672 2012-09-08] (SUPERAntiSpyware.com) [File not signed]
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748640 2014-01-03] (Microsoft Corporation)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks 2014\SolidWorks\swScheduler\DTSCoordinatorService.exe [76328 2014-01-12] (Dassault Systèmes SolidWorks Corp.)
R2 CronService; C:\Prey\platform\windows\cronsvc.exe [23552 2013-11-12] (Fork Ltd.) [File not signed]
R3 DEBridge; C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [704512 2010-02-01] (McAfee, Inc.) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [462160 2010-07-16] (DigitalPersona, Inc.)
S4 DraftSight API Service; C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe [123392 2013-12-28] (Dassault Systèmes) [File not signed]
R2 EpsonBidirectionalService; C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION) [File not signed]
S3 FLCDLOCK; C:\Windows\SysWOW64\flcdlock.exe [362040 2009-11-17] (Hewlett-Packard Ltd)
R2 FXNADB; C:\Program Files (x86)\Fuji Xerox\DocuPrint SSW2\SimpleMonitor for AP\fxksmdb.exe [131072 2012-04-24] () [File not signed]
R3 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250712 2013-12-13] (Garmin Ltd or its subsidiaries)
R2 HP ProtectTools Service; C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [32768 2010-10-19] (Hewlett-Packard Development Company, L.P) [File not signed]
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HpFkCryptService; C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [281192 2010-02-01] (McAfee, Inc.)
R2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [297984 2009-12-11] (Hewlett-Packard) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2011-03-04] (Hewlett-Packard Company) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks 2013\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [51848 2012-09-13] (Mentor Graphics Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2011-09-15] (SolidWorks) [File not signed]
R2 uArcCapture; C:\Windows\system\uArcCapture.exe [506472 2009-12-04] (ArcSoft, Inc.)

==================== Drivers (Whitelisted) ====================

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32640 2009-12-04] (ArcSoft, Inc.)
S3 cmusbnet; C:\Windows\System32\DRIVERS\cmusbnet.sys [103936 2007-06-12] (Cmotech Co., Ltd)
S3 cmusbser; C:\Windows\System32\DRIVERS\cmusbser.sys [112768 2007-06-08] (C-motech Co.,Ltd)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [40760 2009-10-21] (Hewlett-Packard Development Company L.P.)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] () [File not signed]
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 qcusbser; C:\Windows\System32\DRIVERS\qcusbser.sys [126440 2009-12-19] (QUALCOMM Incorporated)
R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2010-02-01] (McAfee, Inc.)
R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [40088 2010-02-01] (McAfee, Inc.)
R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [56648 2010-02-01] () [File not signed]
R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [110520 2010-02-01] (McAfee, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 SbAlg; C:\Windows\System32\Drivers\SbAlg.sys [60160 2009-06-04] (McAfee, Inc.)
R0 SbAlg; C:\Windows\SysWow64\Drivers\SbAlg.sys [51800 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2010-02-01] (McAfee, Inc.)
R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [13256 2010-02-01] (McAfee, Inc.)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1803904 2009-12-18] ()
R3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [29064 2007-11-06] ()
S3 SWNC8U55; C:\Windows\System32\DRIVERS\swnc8u55.sys [195584 2007-09-21] (Sierra Wireless Inc.)
S3 SWUMX55; C:\Windows\System32\DRIVERS\swumx55.sys [189056 2007-09-21] (Sierra Wireless Inc.)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-28 08:03 - 2014-06-28 08:03 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Magazine Cloner
2014-06-28 07:09 - 2014-06-28 07:08 - 02083328 _____ (Farbar) C:\Users\Ian\Desktop\2014-06-28 FRST64.exe
2014-06-27 17:47 - 2014-06-28 08:11 - 00000000 ____D () C:\ProgramData\NextCoup
2014-06-27 17:47 - 2014-06-28 05:42 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Ian\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Ian\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-06-26 07:18 - 2014-06-26 07:21 - 00053027 _____ () C:\Users\Ian\Desktop\Addition.txt
2014-06-25 18:17 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-25 18:16 - 2014-06-26 07:05 - 00000000 ____D () C:\AdwCleaner
2014-06-25 18:16 - 2014-06-25 18:16 - 01342659 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-06-25 17:26 - 2014-06-25 20:42 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForIan.job
2014-06-25 17:26 - 2014-06-25 17:26 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIan
2014-06-24 19:57 - 2014-06-24 19:57 - 00007281 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-06-24 19:51 - 2014-06-24 19:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 19:50 - 2014-06-24 19:49 - 01016261 _____ (Thisisu) C:\Users\Ian\Desktop\02 JRT.exe
2014-06-24 17:52 - 2014-06-29 06:06 - 00027767 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-06-24 17:34 - 2014-06-24 17:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-22 06:40 - 2014-06-22 06:40 - 00274808 _____ () C:\Windows\Minidump\062214-22807-01.dmp
2014-06-21 07:49 - 2014-06-29 06:06 - 00000000 ____D () C:\FRST
2014-06-19 20:05 - 2014-06-19 20:05 - 00001130 _____ () C:\Users\Ian\Desktop\GooredFix.txt
2014-06-19 20:05 - 2014-06-19 20:05 - 00000000 ____D () C:\Users\Ian\Desktop\GooredFix Backups
2014-06-19 20:01 - 2014-06-19 20:01 - 00000000 ____D () C:\Windows\ERDNT
2014-06-19 19:51 - 2014-06-19 19:51 - 00000000 ____D () C:\_OTM
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-19 04:46 - 2014-06-19 04:47 - 00274808 _____ () C:\Windows\Minidump\061914-18642-01.dmp
2014-06-18 23:12 - 2014-06-18 23:12 - 00274808 _____ () C:\Windows\Minidump\061814-20623-01.dmp
2014-06-17 19:26 - 2014-06-17 19:26 - 00274744 _____ () C:\Windows\Minidump\061714-18408-01.dmp
2014-06-17 18:24 - 2014-06-17 18:24 - 00638192 _____ () C:\Windows\Minidump\061714-34133-01.dmp
2014-06-16 17:24 - 2014-06-16 17:25 - 00274808 _____ () C:\Windows\Minidump\061614-26332-01.dmp
2014-06-14 07:13 - 2014-06-08 19:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-14 07:13 - 2014-06-08 19:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-14 07:13 - 2014-04-25 12:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-14 07:13 - 2014-04-25 12:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-14 07:13 - 2014-04-05 12:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-14 07:13 - 2014-04-05 12:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 07:13 - 2014-03-27 00:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-14 07:13 - 2014-03-27 00:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 07:13 - 2014-03-27 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-14 07:13 - 2014-03-27 00:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-14 07:13 - 2014-03-27 00:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-14 07:13 - 2014-03-27 00:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-14 07:13 - 2014-03-27 00:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-14 07:13 - 2014-03-27 00:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-14 07:11 - 2014-05-24 12:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-14 07:11 - 2014-05-24 12:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-14 07:11 - 2014-05-24 12:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-14 07:11 - 2014-05-24 12:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-14 07:11 - 2014-05-24 12:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-14 07:11 - 2014-05-24 12:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-14 07:11 - 2014-05-24 12:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-14 07:11 - 2014-05-24 11:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-14 07:11 - 2014-05-24 11:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-14 07:11 - 2014-05-24 11:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-14 07:11 - 2014-05-24 11:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 07:11 - 2014-05-24 11:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 07:11 - 2014-05-24 10:13 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-06-14 07:11 - 2014-05-24 10:06 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2014-06-29 06:07 - 2014-06-24 17:52 - 00027767 _____ () C:\Users\Ian\Desktop\FRST.txt
2014-06-29 06:06 - 2014-06-21 07:49 - 00000000 ____D () C:\FRST
2014-06-29 06:01 - 2009-07-14 15:13 - 00801086 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-29 06:00 - 2013-12-10 20:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 06:00 - 2013-11-18 17:52 - 00000029 _____ () C:\Windows\SysWOW64\TempWmicBatchFile.bat
2014-06-28 20:18 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-28 20:18 - 2009-07-14 14:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-28 20:14 - 2011-09-11 07:59 - 02028220 _____ () C:\Windows\WindowsUpdate.log
2014-06-28 20:12 - 2014-05-29 21:15 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-28 20:11 - 2013-12-10 20:48 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-28 20:11 - 2011-09-11 18:57 - 00000000 ____D () C:\ProgramData\HPQLOG
2014-06-28 20:10 - 2014-04-15 06:00 - 00017058 _____ () C:\Windows\setupact.log
2014-06-28 20:10 - 2009-07-14 15:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-28 18:07 - 2014-05-04 07:37 - 00007720 _____ () C:\Windows\PFRO.log
2014-06-28 08:11 - 2014-06-27 17:47 - 00000000 ____D () C:\ProgramData\NextCoup
2014-06-28 08:11 - 2009-07-14 17:46 - 00000000 ____D () C:\Windows\ShellNew
2014-06-28 08:06 - 2011-09-11 20:45 - 00000000 ____D () C:\Users\Public\Documents\Computer Stuff
2014-06-28 08:03 - 2014-06-28 08:03 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Magazine Cloner
2014-06-28 08:00 - 2013-10-01 08:17 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pocketmags
2014-06-28 08:00 - 2011-09-22 11:05 - 00000000 ____D () C:\Users\Ian\AppData\Local\Deployment
2014-06-28 07:08 - 2014-06-28 07:09 - 02083328 _____ (Farbar) C:\Users\Ian\Desktop\2014-06-28 FRST64.exe
2014-06-28 06:19 - 2012-12-13 20:32 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D869E3FE-BFE5-4AE4-9DD5-36499A8FDBF5}
2014-06-28 05:42 - 2014-06-27 17:47 - 00000000 ____D () C:\Program Files (x86)\NextCoup
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Ian\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Ian\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Guest\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Guest\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\ASPNET\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-06-27 17:47 - 2014-06-27 17:47 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-06-27 17:47 - 2014-03-20 21:11 - 00000000 ____D () C:\ProgramData\f8bb9531aeead637
2014-06-26 17:36 - 2011-09-26 20:21 - 00000000 ____D () C:\Users\Public\Documents\Travel
2014-06-26 07:43 - 2011-10-05 12:39 - 00000000 ____D () C:\Users\Ian\AppData\Local\TempSWBackupDirectory
2014-06-26 07:21 - 2014-06-26 07:18 - 00053027 _____ () C:\Users\Ian\Desktop\Addition.txt
2014-06-26 07:05 - 2014-06-25 18:16 - 00000000 ____D () C:\AdwCleaner
2014-06-26 07:05 - 2012-05-20 10:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-25 20:42 - 2014-06-25 17:26 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForIan.job
2014-06-25 18:16 - 2014-06-25 18:16 - 01342659 _____ () C:\Users\Ian\Desktop\AdwCleaner.exe
2014-06-25 17:50 - 2011-09-22 10:02 - 00000000 ____D () C:\Users\Ian\AppData\Local\SolidWorks
2014-06-25 17:26 - 2014-06-25 17:26 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForIan
2014-06-25 17:25 - 2011-09-11 08:12 - 00000000 ____D () C:\Users\Ian
2014-06-24 19:59 - 2014-05-25 15:20 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-24 19:57 - 2014-06-24 19:57 - 00007281 _____ () C:\Users\Ian\Desktop\JRT.txt
2014-06-24 19:51 - 2014-06-24 19:51 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 19:51 - 2013-12-10 20:48 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-24 19:50 - 2013-12-10 20:48 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-24 19:49 - 2014-06-24 19:50 - 01016261 _____ (Thisisu) C:\Users\Ian\Desktop\02 JRT.exe
2014-06-24 17:36 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-24 17:34 - 2014-06-24 17:34 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-23 21:20 - 2012-02-01 07:06 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-23 21:20 - 2011-09-11 18:35 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-06-23 20:32 - 2013-05-04 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-06-23 07:12 - 2013-12-30 12:36 - 00000000 ____D () C:\Program Files (x86)\GPSBabel
2014-06-22 06:40 - 2014-06-22 06:40 - 00274808 _____ () C:\Windows\Minidump\062214-22807-01.dmp
2014-06-22 06:40 - 2014-05-04 21:27 - 1073410552 _____ () C:\Windows\MEMORY.DMP
2014-06-22 06:40 - 2011-12-14 05:25 - 00000000 ____D () C:\Windows\Minidump
2014-06-19 20:05 - 2014-06-19 20:05 - 00001130 _____ () C:\Users\Ian\Desktop\GooredFix.txt
2014-06-19 20:05 - 2014-06-19 20:05 - 00000000 ____D () C:\Users\Ian\Desktop\GooredFix Backups
2014-06-19 20:01 - 2014-06-19 20:01 - 00000000 ____D () C:\Windows\ERDNT
2014-06-19 19:51 - 2014-06-19 19:51 - 00000000 ____D () C:\_OTM
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-06-19 19:45 - 2014-06-19 19:45 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-06-19 04:47 - 2014-06-19 04:46 - 00274808 _____ () C:\Windows\Minidump\061914-18642-01.dmp
2014-06-18 23:12 - 2014-06-18 23:12 - 00274808 _____ () C:\Windows\Minidump\061814-20623-01.dmp
2014-06-18 22:26 - 2009-07-14 13:20 - 00000000 ____D () C:\Windows\rescache
2014-06-17 19:26 - 2014-06-17 19:26 - 00274744 _____ () C:\Windows\Minidump\061714-18408-01.dmp
2014-06-17 18:24 - 2014-06-17 18:24 - 00638192 _____ () C:\Windows\Minidump\061714-34133-01.dmp
2014-06-16 17:25 - 2014-06-16 17:24 - 00274808 _____ () C:\Windows\Minidump\061614-26332-01.dmp
2014-06-16 07:28 - 2014-05-07 07:14 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-16 07:12 - 2013-08-22 20:01 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-16 07:09 - 2011-09-15 10:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-16 07:09 - 2011-09-11 08:54 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 20:08 - 2011-09-11 21:09 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-10 18:01 - 2012-10-27 09:43 - 00000000 ____D () C:\Users\Ian\Documents\Aeromodelling
2014-06-10 07:43 - 2013-02-09 08:50 - 00000000 ____D () C:\Users\Ian\Documents\House Stuff
2014-06-08 19:13 - 2014-06-14 07:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 19:08 - 2014-06-14 07:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\nsjC61F.exe
C:\Users\Ian\AppData\Local\Temp\Quarantine.exe
C:\Users\Ian\AppData\Local\Temp\vmgrremok.exe

==================== Bamital & volsnap Check =================

LastRegBack: 2014-06-18 22:19

==================== End Of Log ============================

Thanks

Ian

Attached Files

2014-06-29 Minidump file's.rar 215.19KB 161 downloads

Edited by Cairnsy, 29 June 2014 - 04:57 AM.

#15
Buddierdl

Posted 30 June 2014 - 08:17 AM

Trusted Helper

Malware Removal
2,524 posts

It seems like Chromatic and NextCoup don't want to go away...

Let's try one more fixlist, attached. Run it the same way as before.

Are your initial symptoms solved now, except for MBAM? I will look at the minidumps later today.

Let's run an online scan.

Step 1: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Please go here then click on:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
Select the option YES, I accept the Terms of Use then click on:
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Now click on:
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically. The scan may take several hours.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on:
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Step 2: Run SecurityCheck

Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Things I need in your next reply: