It's Cyber Monday - fantastic 70% discount

Buy Now

Limited time offer:

03

Days

/

00

Hrs

/

04

Min

/

04

Sec

Google Redirect - trouble removing it

Posted 4/8/2014 1:18 PM
#96858
User avatar

Sha2009 Valued member

Date Joined Nov 2016
Total Posts: 11
I seem to have had a google redirect virus for a few weeks now, it's affecting all the computers on the home network - but randomly. Currently google will take me to a fake flashplayer update page, and randomly, so will the bbc.co.uk website. Facebook and youtube also fail on me occasionally. <br/>I've trawled through countless websites and forums and tried various recommended solutions, but with no luck. I was hoping for some help from here. <br/>I'm not especially computer literate - so any advice needs to be aimed at a low level. <br/> <br/>It seems necessary to post my hijack this log, but it did throw up an error when it ran, so may not be sufficient: <br/> <br/>Logfile of HijackThis v1.99.1 <br/>Scan saved at 14:08:20, on 08/04/2014 <br/>Platform: Unknown Windows (WinNT 6.01.3505 SP1) <br/>MSIE: Internet Explorer v11.0 (11.00.9600.16521) <br/> <br/>Running processes: <br/>C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe <br/>C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe <br/>C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE <br/>C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE <br/>C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE <br/>C:\Users\Titchard\AppData\Local\Temp\Temp1_hijackthis.zip\HijackThis.exe <br/> <br/>R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = <br/>R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local <br/>R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = <br/>R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll <br/>F2 - REG:system.ini: UserInit=userinit.exe, <br/>O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll <br/>O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll <br/>O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll <br/>O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll <br/>O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll <br/>O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" <br/>O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" <br/>O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" <br/>O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe <br/>O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe <br/>O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" <br/>O4 - Global Startup: Audible Download Manager.lnk = C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe <br/>O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll <br/>O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll <br/>O9 - Extra button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIE.dll <br/>O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL <br/>O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll <br/>O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll <br/>O10 - Unknown file in Winsock LSP: c:\program files (x86)\bonjour\mdnsnsp.dll <br/>O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics <br/>O11 - Options group: [INTERNATIONAL] International <br/>O13 - Gopher Prefix: <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab <br/>O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll <br/>O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll <br/>O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll <br/>O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll <br/>O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll <br/>O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL <br/>O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) <br/>O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe <br/>O23 - Service: BullGuard Behavioural Detection (BsBhvScan) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>O23 - Service: BullGuard scanning service (BsScanner) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe <br/>O23 - Service: BullGuard update service (BsUpdate) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) <br/>O23 - Service: Google Update Service (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing) <br/>O23 - Service: Google Update Service (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing) <br/>O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe <br/>O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) <br/>O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe <br/>O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe <br/>O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe <br/>O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe <br/>O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) <br/>O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) <br/>O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) <br/>O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) <br/>O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
Posted 4/10/2014 8:58 AM
#96871
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Hi Sha2009 <br/> <br/> <br/> <br/> <br/>Please download <br/>Farbar Recovery Scan Tool <br/>and save it to your Desktop. <br/> <br/> <br/>[color=green]Note: You need to run the version compatible with your system. <br/>If you are not sure which version applies to your system download both of them and try to run them. <br/>Only one of them will run on your system, that will be the right version.[/color] <br/> <br/> <br/>[LIST] <br/>Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. <br/>Press Scan button. <br/>It will produce a log called FRST.txt in the same directory the tool is run from. <br/>Please copy and paste log back here. <br/>The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. <br/>[/LIST]

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/10/2014 9:21 AM
#96875
User avatar

Sha2009 Valued member

Date Joined Nov 2016
Total Posts: 11
Thanks for your help - logs below.. <br/> <br/>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 ([color=red]ATTENTION: ====> FRST version is 28 days old and could be outdated[/color]) <br/>Ran by Titchard (administrator) on TITCHARD-PC on 10-04-2014 10:11:39 <br/>Running from C:\Users\Titchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1690YZ6H <br/>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) <br/>Internet Explorer Version 11 <br/>Boot Mode: Normal <br/> <br/>The only official download link for FRST: <br/>Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <br/>Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <br/>Download link from any site other than Bleeping Computer is unpermitted or outdated. <br/>See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ <br/> <br/>==================== Processes (Whitelisted) ================= <br/> <br/>(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe <br/>(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe <br/>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe <br/>(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <br/>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe <br/>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe <br/>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE <br/>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe <br/>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe <br/>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe <br/>(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe <br/>(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe <br/>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe <br/> <br/> <br/>==================== Registry (Whitelisted) ================== <br/> <br/>HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1082368 2014-04-03] (BullGuard Ltd.) <br/>HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2913104 2014-04-03] (BullGuard Ltd.) <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) <br/>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) <br/>HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [] - [X] <br/>HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-24] (Microsoft Corporation) <br/>HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\...\RunOnce: [Uninstall C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" <br/> <br/>==================== Internet (Whitelisted) ==================== <br/> <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFB2205037FCDCE01 <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb <br/>URLSearchHook: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) <br/>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) <br/>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) <br/>BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) <br/>BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) <br/>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) <br/>BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) <br/>BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) <br/>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) <br/>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) <br/>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab <br/>Tcpip\Parameters: [DhcpNameServer] 50.63.128.135 8.8.8.8 <br/> <br/>Chrome: <br/>======= <br/>CHR HomePage: hxxp://www.google.com/ <br/>CHR Extension: (Docs) - C:\Users\Titchard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-21] <br/> <br/>==================== Services (Whitelisted) ================= <br/> <br/>R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [658768 2014-04-03] (BullGuard Ltd.) <br/>R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [507728 2014-04-03] (BullGuard Ltd.) <br/>R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [114512 2014-04-03] (BullGuard Ltd.) <br/>R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [394576 2014-04-03] (BullGuard Ltd.) <br/>R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [699216 2014-04-03] (BullGuard Ltd.) <br/>R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [741712 2014-04-03] (BullGuard Ltd.) <br/>R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [419664 2014-04-03] (BullGuard Ltd.) <br/>R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [245584 2014-04-03] (BullGuard Ltd.) <br/>R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [363344 2014-04-03] (BullGuard Ltd.) <br/>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) <br/>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) <br/>R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-30] (Trusteer Ltd.) <br/> <br/>==================== Drivers (Whitelisted) ==================== <br/> <br/>R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [42760 2013-10-14] (Agnitum Ltd.) <br/>R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469256 2013-10-14] (Agnitum Ltd.) <br/>R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117192 2013-10-14] (BullGuard Ltd.) <br/>R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-04-03] (BullGuard Ltd.) <br/>R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2013-10-25] (BullGuard Ltd.) <br/>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) <br/>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-10] (Malwarebytes Corporation) <br/>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) <br/>R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [296368 2013-11-29] (BullGuard Ltd.) <br/>R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2013-11-29] (BullGuard Ltd.) <br/>R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-31] () <br/>R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-03-30] (Trusteer Ltd.) <br/>R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-03-30] (Trusteer Ltd.) <br/>R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-30] (Trusteer Ltd.) <br/>S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) <br/>R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-10-14] (BitDefender S.R.L.) <br/> <br/>==================== NetSvcs (Whitelisted) =================== <br/> <br/> <br/>==================== One Month Created Files and Folders ======== <br/> <br/>2014-04-10 10:08 - 2014-04-10 10:11 - 00000000 ____D () C:\FRST <br/>2014-04-10 09:28 - 2014-04-10 09:28 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>2014-04-09 02:52 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll <br/>2014-04-09 02:52 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb <br/>2014-04-09 02:52 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb <br/>2014-04-09 02:52 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll <br/>2014-04-09 02:51 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll <br/>2014-04-09 02:51 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll <br/>2014-04-09 02:51 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe <br/>2014-04-09 02:51 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll <br/>2014-04-09 02:51 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe <br/>2014-04-09 02:51 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe <br/>2014-04-09 02:51 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys <br/>2014-04-09 02:51 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys <br/>2014-04-09 02:51 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys <br/>2014-04-09 02:51 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll <br/>2014-04-09 02:51 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll <br/>2014-04-09 02:51 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys <br/>2014-04-08 14:07 - 2014-04-08 14:07 - 00212849 _____ () C:\Users\Titchard\Downloads\hijackthis.zip <br/>2014-04-08 13:42 - 2014-04-08 13:42 - 04118841 _____ () C:\Users\Titchard\Downloads\tdsskiller.zip <br/>2014-04-08 11:13 - 2014-04-10 09:28 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware <br/>2014-04-08 11:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys <br/>2014-04-08 11:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys <br/>2014-04-08 11:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys <br/>2014-04-08 11:09 - 2014-04-08 11:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Titchard\Downloads\mbam-setup-2.0.1.1004.exe <br/>2014-04-08 11:03 - 2014-04-08 11:35 - 00000000 ____D () C:\Users\Titchard\AppData\Roaming\systweak <br/>2014-04-08 11:03 - 2014-04-08 11:03 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro <br/>2014-04-08 11:03 - 2014-04-08 11:03 - 00001054 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk <br/>2014-04-05 08:29 - 2014-04-08 11:37 - 00018304 _____ () C:\Windows\PFRO.log <br/>2014-04-05 08:27 - 2014-04-10 09:25 - 00001018 _____ () C:\Windows\setupact.log <br/>2014-04-05 08:27 - 2014-04-05 08:27 - 00000000 _____ () C:\Windows\setuperr.log <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll <br/>2014-03-12 13:25 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll <br/>2014-03-12 13:24 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll <br/>2014-03-12 13:24 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll <br/>2014-03-12 13:24 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll <br/>2014-03-12 13:24 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll <br/>2014-03-12 13:24 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll <br/>2014-03-12 13:24 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll <br/>2014-03-12 13:24 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll <br/>2014-03-12 13:24 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe <br/>2014-03-12 13:24 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe <br/>2014-03-12 13:24 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll <br/>2014-03-12 13:24 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe <br/>2014-03-12 13:24 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe <br/>2014-03-12 13:24 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll <br/>2014-03-12 13:24 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll <br/>2014-03-12 13:24 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll <br/>2014-03-12 13:24 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll <br/>2014-03-12 13:24 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll <br/>2014-03-12 13:24 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll <br/>2014-03-12 13:24 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll <br/>2014-03-12 13:24 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll <br/>2014-03-12 13:24 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll <br/>2014-03-12 13:24 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe <br/>2014-03-12 13:24 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll <br/>2014-03-12 13:24 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl <br/>2014-03-12 13:24 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll <br/>2014-03-12 13:24 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll <br/>2014-03-12 13:24 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll <br/>2014-03-12 13:24 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll <br/>2014-03-12 13:24 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll <br/>2014-03-12 13:24 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl <br/>2014-03-12 13:24 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll <br/>2014-03-12 13:24 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll <br/>2014-03-12 13:24 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll <br/>2014-03-12 13:24 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll <br/>2014-03-12 13:24 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll <br/>2014-03-12 13:24 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll <br/>2014-03-12 13:24 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys <br/>2014-03-12 13:24 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll <br/>2014-03-12 13:24 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll <br/>2014-03-12 13:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll <br/>2014-03-12 13:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll <br/>2014-03-12 13:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll <br/>2014-03-12 13:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll <br/> <br/>==================== One Month Modified Files and Folders ======= <br/> <br/>2014-04-10 10:11 - 2014-04-10 10:08 - 00000000 ____D () C:\FRST <br/>2014-04-10 10:11 - 2013-10-20 11:31 - 00000000 ____D () C:\ProgramData\BullGuard <br/>2014-04-10 09:54 - 2013-12-11 16:14 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job <br/>2014-04-10 09:36 - 2013-10-21 16:24 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>2014-04-10 09:35 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>2014-04-10 09:35 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>2014-04-10 09:34 - 2013-10-20 10:25 - 01391533 _____ () C:\Windows\WindowsUpdate.log <br/>2014-04-10 09:34 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI <br/>2014-04-10 09:28 - 2014-04-10 09:28 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>2014-04-10 09:28 - 2014-04-08 11:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys <br/>2014-04-10 09:26 - 2013-10-21 16:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>2014-04-10 09:26 - 2013-10-20 11:58 - 00000268 _____ () C:\Windows\system32\config\afw_hm.conf <br/>2014-04-10 09:26 - 2013-10-20 11:58 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf <br/>2014-04-10 09:25 - 2014-04-05 08:27 - 00001018 _____ () C:\Windows\setupact.log <br/>2014-04-10 09:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT <br/>2014-04-09 22:21 - 2013-10-21 16:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job <br/>2014-04-09 20:53 - 2013-10-23 19:14 - 00000000 ____D () C:\Users\Titchard\Documents\Audible <br/>2014-04-09 04:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache <br/>2014-04-09 03:04 - 2013-10-25 13:05 - 00000000 ____D () C:\Windows\system32\MRT <br/>2014-04-09 03:04 - 2013-10-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft Help <br/>2014-04-09 03:02 - 2013-10-25 13:05 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe <br/>2014-04-08 14:07 - 2014-04-08 14:07 - 00212849 _____ () C:\Users\Titchard\Downloads\hijackthis.zip <br/>2014-04-08 13:42 - 2014-04-08 13:42 - 04118841 _____ () C:\Users\Titchard\Downloads\tdsskiller.zip <br/>2014-04-08 11:37 - 2014-04-05 08:29 - 00018304 _____ () C:\Windows\PFRO.log <br/>2014-04-08 11:37 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins <br/>2014-04-08 11:35 - 2014-04-08 11:03 - 00000000 ____D () C:\Users\Titchard\AppData\Roaming\systweak <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware <br/>2014-04-08 11:09 - 2014-04-08 11:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Titchard\Downloads\mbam-setup-2.0.1.1004.exe <br/>2014-04-08 11:03 - 2014-04-08 11:03 - 00003108 _____ () C:\Windows\System32\Tasks\RegClean Pro <br/>2014-04-08 11:03 - 2014-04-08 11:03 - 00001054 _____ () C:\Users\Public\Desktop\RegClean Pro.lnk <br/>2014-04-05 08:27 - 2014-04-05 08:27 - 00000000 _____ () C:\Windows\setuperr.log <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll <br/>2014-04-03 11:43 - 2013-10-14 10:44 - 00034896 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\BdNet.sys <br/>2014-04-03 09:51 - 2014-04-08 11:11 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys <br/>2014-04-03 09:51 - 2014-04-08 11:11 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys <br/>2014-04-03 09:50 - 2014-04-08 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys <br/>2014-04-01 16:31 - 2013-10-21 16:24 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA <br/>2014-04-01 16:31 - 2013-10-21 16:24 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore <br/>2014-03-31 02:16 - 2014-04-09 02:52 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll <br/>2014-03-31 02:13 - 2014-04-09 02:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb <br/>2014-03-31 01:13 - 2014-04-09 02:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb <br/>2014-03-31 00:57 - 2014-04-09 02:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll <br/>2014-03-30 20:30 - 2013-12-31 18:52 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys <br/>2014-03-28 21:19 - 2013-10-20 15:00 - 00000000 ____D () C:\Users\Titchard\Documents\Sharons Clerk stuff <br/>2014-03-15 18:37 - 2013-10-21 16:25 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk <br/>2014-03-13 04:25 - 2009-07-14 05:45 - 00310976 _____ () C:\Windows\system32\FNTCACHE.DAT <br/>2014-03-13 04:23 - 2013-12-27 16:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight <br/>2014-03-13 04:23 - 2013-12-27 16:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight <br/>2014-03-12 03:51 - 2013-10-21 16:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater <br/>2014-03-12 03:51 - 2013-10-21 16:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe <br/>2014-03-12 03:51 - 2013-10-21 16:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl <br/> <br/>Some content of TEMP: <br/>==================== <br/>C:\Users\Titchard\AppData\Local\Temp\ose00000.exe <br/> <br/> <br/>==================== Bamital & volsnap Check ================= <br/> <br/>C:\Windows\System32\winlogon.exe => MD5 is legit <br/>C:\Windows\System32\wininit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\wininit.exe => MD5 is legit <br/>C:\Windows\explorer.exe => MD5 is legit <br/>C:\Windows\SysWOW64\explorer.exe => MD5 is legit <br/>C:\Windows\System32\svchost.exe => MD5 is legit <br/>C:\Windows\SysWOW64\svchost.exe => MD5 is legit <br/>C:\Windows\System32\services.exe => MD5 is legit <br/>C:\Windows\System32\User32.dll => MD5 is legit <br/>C:\Windows\SysWOW64\User32.dll => MD5 is legit <br/>C:\Windows\System32\userinit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\userinit.exe => MD5 is legit <br/>C:\Windows\System32\rpcss.dll => MD5 is legit <br/>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit <br/> <br/> <br/>LastRegBack: 2014-04-09 00:10 <br/> <br/>==================== End Of Log ============================ <br/> <br/>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 <br/>Ran by Titchard at 2014-04-10 10:12:36 <br/>Running from C:\Users\Titchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1690YZ6H <br/>Boot Mode: Normal <br/>========================================================== <br/> <br/> <br/>==================== Security Center ======================== <br/> <br/>AV: BullGuard Antivirus (Enabled - Up to date) {C3CCAC61-52F7-A056-1860-6406566E2578} <br/>AS: BullGuard Antispyware (Enabled - Up to date) {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5} <br/>AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>FW: BullGuard Firewall (Enabled) {FBF72D44-1898-A10E-333F-CD33A8BD6203} <br/> <br/>==================== Installed Programs ====================== <br/> <br/>64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden <br/>Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) <br/>Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) <br/>Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) <br/>Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.) <br/>Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) <br/>Audible Download Manager (HKLM-x32\...\AudibleDownloadManager) (Version: 6.6.0.15 - Audible, Inc.) <br/>BBC iPlayer Downloads (HKLM-x32\...\{476A047B-BDA1-4B37-BB40-0710C7E9EB61}) (Version: 1.4.1 - BBC) <br/>Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) <br/>BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden <br/>BullGuard (HKLM\...\BullGuard) (Version: 14.0 - BullGuard Ltd.) <br/>C4500 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden <br/>Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden <br/>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden <br/>Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.) <br/>Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden <br/>DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden <br/>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) <br/>Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) <br/>Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden <br/>Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden <br/>GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden <br/>HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) <br/>HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) <br/>HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) <br/>HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 (HKLM\...\{AA6F009F-0CCD-4DD6-A462-28419C101D54}) (Version: 13.0 - HP) <br/>HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) <br/>HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) <br/>HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) <br/>HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) <br/>HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden <br/>HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden <br/>HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden <br/>HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden <br/>HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden <br/>iTunes (HKLM\...\{A535111D-95C8-487F-869E-CE4C239972D2}) (Version: 11.1.1.11 - Apple Inc.) <br/>Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation) <br/>MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden <br/>Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) <br/>Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden <br/>Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden <br/>Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) <br/>Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden <br/>Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) <br/>Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation) <br/>Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden <br/>Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden <br/>Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden <br/>Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation) <br/>Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) <br/>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) <br/>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) <br/>Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) <br/>Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) <br/>Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden <br/>Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden <br/>Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden <br/>Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden <br/>Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden <br/>MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden <br/>MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden <br/>MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden <br/>MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) <br/>MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) <br/>Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden <br/>Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden <br/>Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>PS_AIO_04_C4500_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden <br/>Rapport (x32 Version: 3.5.1304.66 - Trusteer) Hidden <br/>Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden <br/>Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) <br/>SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden <br/>SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden <br/>Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden <br/>Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden <br/>TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden <br/>Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.66 - Trusteer) <br/>UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden <br/>Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) <br/>Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) <br/>Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) <br/>Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft) <br/>Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft) <br/>Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft) <br/>Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft) <br/>Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft) <br/>WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden <br/>Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation) <br/>Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Family Safety (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden <br/>Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden <br/>Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version: - ) <br/> <br/>==================== Restore Points ========================= <br/> <br/>13-03-2014 03:00:17 Windows Update <br/>19-03-2014 03:00:14 Windows Update <br/>26-03-2014 20:48:23 Scheduled Checkpoint <br/>03-04-2014 06:59:29 Scheduled Checkpoint <br/>08-04-2014 10:06:48 RegClean Pro Tue, Apr 08, 14 11:06 <br/>09-04-2014 02:00:14 Windows Update <br/> <br/>==================== Hosts content: ========================== <br/> <br/>2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts <br/> <br/>==================== Scheduled Tasks (whitelisted) ============= <br/> <br/>Task: {0BC26A2A-F408-400C-8B01-9F3355D2CC9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.) <br/>Task: {12EFFB2E-1CD7-4866-B993-B3003A07DE19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) <br/>Task: {8F141F2F-40FA-451F-85D3-46D828E6BB8B} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] () <br/>Task: {C97DD4F5-9F10-46D8-89E6-F962E5129A4F} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION <br/>Task: {CD56EEDA-EEDA-4486-A4D3-3594BB56AB6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.) <br/>Task: {F84840CC-AA10-4858-9922-F30A49E55248} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe <br/> <br/>==================== Loaded Modules (whitelisted) ============= <br/> <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00613728 _____ () c:\program files\bullguard ltd\bullguard\SQLite.dll <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00084832 _____ () c:\program files\bullguard ltd\bullguard\zlib1.dll <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00653664 _____ () c:\program files\bullguard ltd\bullguard\LibXml2.dll <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00653664 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll <br/>2013-10-07 10:06 - 2013-10-07 10:06 - 00022368 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00613728 _____ () C:\Program Files\BullGuard Ltd\BullGuard\SQLite.dll <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00084832 _____ () C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00272712 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpBackupRes.dll <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00013128 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpInspectorRes.dll <br/>2014-01-30 16:46 - 2014-01-30 16:45 - 00031048 _____ () C:\Program Files\BullGuard Ltd\BullGuard\res\en\BpMainRes.dll <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00065376 _____ () C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll <br/>2013-12-31 18:52 - 2014-02-13 08:49 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll <br/>2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll <br/>2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll <br/>2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll <br/>2013-10-02 16:48 - 2013-10-02 16:48 - 00491872 _____ () C:\Program Files\BullGuard Ltd\BullGuard\files32\SQLite.dll <br/>2014-01-10 14:33 - 2014-01-10 14:33 - 00270024 _____ () C:\Program Files (x86)\Windows Live\Writer\en\WindowsLive.Writer.Localization.resources.dll <br/>2014-01-10 14:33 - 2014-01-10 14:33 - 00270016 _____ () C:\Program Files (x86)\Windows Live\Writer\en-GB\WindowsLive.Writer.Localization.resources.dll <br/> <br/>==================== Alternate Data Streams (whitelisted) ========= <br/> <br/> <br/>==================== Safe Mode (whitelisted) =================== <br/> <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsMain => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" <br/>HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsUpdate => ""="Service" <br/> <br/>==================== Disabled items from MSCONFIG ============== <br/> <br/> <br/>==================== Faulty Device Manager Devices ============= <br/> <br/>Name: Photosmart C4500 series <br/>Description: Photosmart C4500 series <br/>Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318} <br/>Manufacturer: HP <br/>Service: <br/>Problem: : This device is disabled. (Code 22) <br/>Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. <br/> <br/> <br/>==================== Event log errors: ========================= <br/> <br/>Application errors: <br/>================== <br/>Error: (04/08/2014 00:32:57 PM) (Source: System Restore) (User: ) <br/>Description: Failed to create restore point (Process = C:\Windows\syswow64\MsiExec.exe -Embedding 49D7BBC0D096B276CF12B7A38C24F5E9 M Global\MSI0000; Description = Installed Rapport; Error = 0x81000101). <br/> <br/>Error: (04/07/2014 01:53:44 PM) (Source: Application Error) (User: ) <br/>Description: Faulting application name: WINWORD.EXE, version: 12.0.6690.5000, time stamp: 0x52881869 <br/>Faulting module name: wwlib.dll, version: 12.0.6690.5000, time stamp: 0x52881938 <br/>Exception code: 0xc0000005 <br/>Fault offset: 0x00025b64 <br/>Faulting process id: 0x13f8 <br/>Faulting application start time: 0xWINWORD.EXE0 <br/>Faulting application path: WINWORD.EXE1 <br/>Faulting module path: WINWORD.EXE2 <br/>Report Id: WINWORD.EXE3 <br/> <br/>Error: (04/06/2014 11:07:48 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: m->NextScheduledSPRetry 17479959 <br/> <br/>Error: (04/06/2014 11:07:48 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: m->NextScheduledEvent 17479959 <br/> <br/>Error: (04/06/2014 11:07:48 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error: (04/06/2014 06:16:37 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: m->NextScheduledSPRetry 9438 <br/> <br/>Error: (04/06/2014 06:16:37 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: m->NextScheduledEvent 9438 <br/> <br/>Error: (04/06/2014 06:16:37 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error: (04/06/2014 06:16:36 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: m->NextScheduledSPRetry 7628 <br/> <br/>Error: (04/06/2014 06:16:36 AM) (Source: Bonjour Service) (User: ) <br/>Description: Task Scheduling Error: m->NextScheduledEvent 7628 <br/> <br/> <br/>System errors: <br/>============= <br/>Error: (04/10/2014 09:55:33 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:32 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:32 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:32 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:32 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:32 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:11 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:08 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:07 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/>Error: (04/10/2014 09:55:07 AM) (Source: Schannel) (User: NT AUTHORITY) <br/>Description: The following fatal alert was generated: 10. The internal error state is 10. <br/> <br/> <br/>Microsoft Office Sessions: <br/>========================= <br/>Error: (01/23/2014 10:33:49 PM) (Source: Microsoft Office 12 Sessions)(User: ) <br/>Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1179 seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/> <br/>==================== Memory info =========================== <br/> <br/>Percentage of memory in use: 60% <br/>Total physical RAM: 3032.36 MB <br/>Available physical RAM: 1184.17 MB <br/>Total Pagefile: 6062.91 MB <br/>Available Pagefile: 3925.91 MB <br/>Total Virtual: 8192 MB <br/>Available Virtual: 8191.82 MB <br/> <br/>==================== Drives ================================ <br/> <br/>Drive c: () (Fixed) (Total:218.2 GB) (Free:169.84 GB) NTFS <br/>Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:2.28 GB) NTFS ==>[System with boot components (obtained from reading drive)] <br/> <br/>==================== MBR & Partition Table ================== <br/> <br/>======================================================== <br/>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: CF5ACF27) <br/> <br/>Partition: GPT Partition Type. <br/> <br/>==================== End Of Log ============================
Posted 4/10/2014 12:47 PM
#96876
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Please download - AdwCleaner <br/>by Xplode and save to your Desktop. <br/> <br/>Double click on AdwCleaner.exe to run the tool. <br/>• Click on the Scan button. <br/>• After the scan has finished click on the Clean button. <br/>Press OK when asked to close all programs and follow the onscreen prompts. <br/>Press OK again to allow AdwCleaner to restart the computer and complete the removal process. <br/>• After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. <br/> <br/>• Post logfile will also be saved in the C:\AdwCleaner folder. <br/> <br/> <br/>Please post the log and tell how things are running now ?

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/10/2014 2:35 PM
#96877
User avatar

Sha2009 Valued member

Date Joined Nov 2016
Total Posts: 11
Still being re-directed. <br/> <br/># AdwCleaner v3.023 - Report created 10/04/2014 at 15:15:12 <br/># Updated 01/04/2014 by Xplode <br/># Operating System : Windows 7 Home Premium Service Pack 1 (64 bits) <br/># Username : Titchard - TITCHARD-PC <br/># Running from : C:\Users\Titchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\709PUYZC\adwcleaner.exe <br/># Option : Clean <br/> <br/>***** [ Services ] ***** <br/> <br/> <br/>***** [ Files / Folders ] ***** <br/> <br/>Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro <br/>Folder Deleted : C:\Users\Titchard\AppData\Roaming\Systweak <br/>File Deleted : C:\Users\Public\Desktop\RegClean Pro.lnk <br/>File Deleted : C:\Windows\System32\Tasks\RegClean Pro <br/> <br/>***** [ Shortcuts ] ***** <br/> <br/> <br/>***** [ Registry ] ***** <br/> <br/>Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho <br/>Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 <br/>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670} <br/>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670} <br/>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} <br/>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} <br/>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] <br/>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}] <br/>Key Deleted : HKCU\Software\systweak <br/>Key Deleted : HKLM\Software\systweak <br/> <br/>***** [ Browsers ] ***** <br/> <br/>-\\ Internet Explorer v11.0.9600.16521 <br/> <br/> <br/>-\\ Google Chrome v33.0.1750.154 <br/> <br/>[ File : C:\Users\Titchard\AppData\Local\Google\Chrome\User Data\Default\preferences ] <br/> <br/> <br/>************************* <br/> <br/>AdwCleaner[R0].txt - [2592 octets] - [10/04/2014 15:13:40] <br/>AdwCleaner[S0].txt - [2515 octets] - [10/04/2014 15:15:12] <br/> <br/>########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2575 octets] ##########
Posted 4/11/2014 8:44 AM
#96886
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Open notepad and copy/paste the text present inside the code box below. <br/>To do this highlight the contents of the box and right click on it. Paste this into the open notepad. <br/> <br/> <br/> <br/>[code] <br/> start <br/>reboot: <br/>HKLM-x32\...\Run: [] - [X] <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb <br/>C:\Users\Titchard\AppData\Local\Temp\ose00000.exe <br/>Task: {0BC26A2A-F408-400C-8B01-9F3355D2CC9A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.) <br/>Task: {12EFFB2E-1CD7-4866-B993-B3003A07DE19} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) <br/>Task: {8F141F2F-40FA-451F-85D3-46D828E6BB8B} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] () <br/>Task: {C97DD4F5-9F10-46D8-89E6-F962E5129A4F} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION <br/>Task: {CD56EEDA-EEDA-4486-A4D3-3594BB56AB6D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21] (Google Inc.) <br/>Task: {F84840CC-AA10-4858-9922-F30A49E55248} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) <br/>Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <br/>Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe <br/>C:\Program Files (x86)\RegClean Pro <br/>end <br/>[/code] <br/> <br/> <br/> <br/>NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system <br/> <br/>Save notepad as fixlist.txt <br/>NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. <br/> <br/> <br/>Run FRST/FRST64 and press the Fix button just once and wait. <br/>If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart. <br/>The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply. <br/> <br/>Note: If the tool warned you about the outdated version please download and run the updated version. <br/> <br/> <br/> <br/> <br/>Download OTL by OldTimer, saving it to your desktop: OTL.exe <br/> <br/>Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. <br/>Select All Users <br/>• <br/>Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. <br/>When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. <br/>Post both logs

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/11/2014 2:01 PM
#96889
User avatar

Sha2009 Valued member

Date Joined Nov 2016
Total Posts: 11
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 ([color=red]ATTENTION: ====> FRST version is 29 days old and could be outdated[/color]) <br/>Ran by Titchard (administrator) on TITCHARD-PC on 11-04-2014 14:30:00 <br/>Running from C:\Users\Titchard\Downloads <br/>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) <br/>Internet Explorer Version 11 <br/>Boot Mode: Normal <br/> <br/>The only official download link for FRST: <br/>Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ <br/>Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ <br/>Download link from any site other than Bleeping Computer is unpermitted or outdated. <br/>See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ <br/> <br/>==================== Processes (Whitelisted) ================= <br/> <br/>(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe <br/>(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe <br/>(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe <br/>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe <br/>(Audible, Inc.) C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe <br/>(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe <br/>(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\files32\spamfilter\LittleHook.exe <br/>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe <br/>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe <br/>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE <br/>(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe <br/>(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe <br/>(BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe <br/>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe <br/>(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe <br/>(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe <br/>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE <br/>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe <br/>(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe <br/> <br/> <br/>==================== Registry (Whitelisted) ================== <br/> <br/>HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [1082368 2014-04-03] (BullGuard Ltd.) <br/>HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2913104 2014-04-03] (BullGuard Ltd.) <br/>HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) <br/>HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) <br/>HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.) <br/>HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) <br/>HKLM-x32\...\Run: [] - [X] <br/>HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2013-10-24] (Microsoft Corporation) <br/>HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\...\RunOnce: [Uninstall C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" <br/>Startup: C:\Users\Titchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk <br/>ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) <br/> <br/>==================== Internet (Whitelisted) ==================== <br/> <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xFB2205037FCDCE01 <br/>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb <br/>BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) <br/>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) <br/>BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) <br/>BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) <br/>BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) <br/>BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) <br/>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) <br/>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab <br/>Tcpip\Parameters: [DhcpNameServer] 50.63.128.135 8.8.8.8 <br/> <br/>Chrome: <br/>======= <br/>CHR HomePage: hxxp://www.google.com/ <br/>CHR Extension: (Docs) - C:\Users\Titchard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-21] <br/> <br/>==================== Services (Whitelisted) ================= <br/> <br/>R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [658768 2014-04-03] (BullGuard Ltd.) <br/>R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [507728 2014-04-03] (BullGuard Ltd.) <br/>R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [114512 2014-04-03] (BullGuard Ltd.) <br/>R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [394576 2014-04-03] (BullGuard Ltd.) <br/>R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [699216 2014-04-03] (BullGuard Ltd.) <br/>R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [741712 2014-04-03] (BullGuard Ltd.) <br/>R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [419664 2014-04-03] (BullGuard Ltd.) <br/>R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [245584 2014-04-03] (BullGuard Ltd.) <br/>R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [363344 2014-04-03] (BullGuard Ltd.) <br/>R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) <br/>R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) <br/>R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-30] (Trusteer Ltd.) <br/> <br/>==================== Drivers (Whitelisted) ==================== <br/> <br/>R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [42760 2013-10-14] (Agnitum Ltd.) <br/>R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469256 2013-10-14] (Agnitum Ltd.) <br/>R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117192 2013-10-14] (BullGuard Ltd.) <br/>R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-04-03] (BullGuard Ltd.) <br/>R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2013-10-25] (BullGuard Ltd.) <br/>R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) <br/>R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-11] (Malwarebytes Corporation) <br/>R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) <br/>R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [296368 2013-11-29] (BullGuard Ltd.) <br/>R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2013-11-29] (BullGuard Ltd.) <br/>R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-12-31] () <br/>R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282968 2014-03-30] (Trusteer Ltd.) <br/>R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-03-30] (Trusteer Ltd.) <br/>R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-30] (Trusteer Ltd.) <br/>S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) <br/>R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2013-10-14] (BitDefender S.R.L.) <br/> <br/>==================== NetSvcs (Whitelisted) =================== <br/> <br/> <br/>==================== One Month Created Files and Folders ======== <br/> <br/>2014-04-11 14:30 - 2014-04-11 14:30 - 00010459 _____ () C:\Users\Titchard\Downloads\FRST.txt <br/>2014-04-11 14:28 - 2014-04-11 14:28 - 02157056 _____ (Farbar) C:\Users\Titchard\Downloads\FRST64.exe <br/>2014-04-11 14:09 - 2014-04-11 14:09 - 00000000 ____D () C:\Users\Titchard\Documents\OneNote Notebooks <br/>2014-04-10 18:07 - 2014-04-10 18:07 - 00278703 _____ () C:\Users\Titchard\Documents\Vax guarantee.xps <br/>2014-04-10 17:29 - 2014-04-10 17:29 - 00300093 _____ () C:\Users\Titchard\Documents\Vax receipt.xps <br/>2014-04-10 17:28 - 2014-04-10 17:28 - 00225220 _____ () C:\Users\Titchard\Documents\Vax registration.xps <br/>2014-04-10 15:23 - 2014-04-10 15:23 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>2014-04-10 15:13 - 2014-04-10 15:15 - 00000000 ____D () C:\AdwCleaner <br/>2014-04-10 10:08 - 2014-04-11 14:30 - 00000000 ____D () C:\FRST <br/>2014-04-09 02:52 - 2014-03-31 02:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll <br/>2014-04-09 02:52 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb <br/>2014-04-09 02:52 - 2014-03-31 01:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb <br/>2014-04-09 02:52 - 2014-03-31 00:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll <br/>2014-04-09 02:51 - 2014-03-04 10:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll <br/>2014-04-09 02:51 - 2014-03-04 10:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll <br/>2014-04-09 02:51 - 2014-03-04 10:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll <br/>2014-04-09 02:51 - 2014-03-04 10:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe <br/>2014-04-09 02:51 - 2014-03-04 10:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll <br/>2014-04-09 02:51 - 2014-03-04 09:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe <br/>2014-04-09 02:51 - 2014-03-04 09:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe <br/>2014-04-09 02:51 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys <br/>2014-04-09 02:51 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys <br/>2014-04-09 02:51 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys <br/>2014-04-09 02:51 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll <br/>2014-04-09 02:51 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll <br/>2014-04-09 02:51 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys <br/>2014-04-08 14:07 - 2014-04-08 14:07 - 00212849 _____ () C:\Users\Titchard\Downloads\hijackthis.zip <br/>2014-04-08 13:42 - 2014-04-08 13:42 - 04118841 _____ () C:\Users\Titchard\Downloads\tdsskiller.zip <br/>2014-04-08 11:13 - 2014-04-11 06:59 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware <br/>2014-04-08 11:11 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys <br/>2014-04-08 11:11 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys <br/>2014-04-08 11:11 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys <br/>2014-04-08 11:09 - 2014-04-08 11:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Titchard\Downloads\mbam-setup-2.0.1.1004.exe <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll <br/>2014-03-12 13:25 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll <br/>2014-03-12 13:24 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll <br/>2014-03-12 13:24 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll <br/>2014-03-12 13:24 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll <br/>2014-03-12 13:24 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll <br/>2014-03-12 13:24 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll <br/>2014-03-12 13:24 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll <br/>2014-03-12 13:24 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll <br/>2014-03-12 13:24 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe <br/>2014-03-12 13:24 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe <br/>2014-03-12 13:24 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll <br/>2014-03-12 13:24 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe <br/>2014-03-12 13:24 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe <br/>2014-03-12 13:24 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll <br/>2014-03-12 13:24 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll <br/>2014-03-12 13:24 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll <br/>2014-03-12 13:24 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll <br/>2014-03-12 13:24 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll <br/>2014-03-12 13:24 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll <br/>2014-03-12 13:24 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll <br/>2014-03-12 13:24 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll <br/>2014-03-12 13:24 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll <br/>2014-03-12 13:24 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe <br/>2014-03-12 13:24 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll <br/>2014-03-12 13:24 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl <br/>2014-03-12 13:24 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll <br/>2014-03-12 13:24 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll <br/>2014-03-12 13:24 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll <br/>2014-03-12 13:24 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll <br/>2014-03-12 13:24 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll <br/>2014-03-12 13:24 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl <br/>2014-03-12 13:24 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll <br/>2014-03-12 13:24 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll <br/>2014-03-12 13:24 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll <br/>2014-03-12 13:24 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll <br/>2014-03-12 13:24 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll <br/>2014-03-12 13:24 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll <br/>2014-03-12 13:24 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys <br/>2014-03-12 13:24 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll <br/>2014-03-12 13:24 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll <br/>2014-03-12 13:22 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll <br/>2014-03-12 13:22 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll <br/>2014-03-12 13:22 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll <br/>2014-03-12 13:22 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll <br/> <br/>==================== One Month Modified Files and Folders ======= <br/> <br/>2014-04-11 14:30 - 2014-04-11 14:30 - 00010459 _____ () C:\Users\Titchard\Downloads\FRST.txt <br/>2014-04-11 14:30 - 2014-04-10 10:08 - 00000000 ____D () C:\FRST <br/>2014-04-11 14:29 - 2013-10-20 11:31 - 00000000 ____D () C:\ProgramData\BullGuard <br/>2014-04-11 14:28 - 2014-04-11 14:28 - 02157056 _____ (Farbar) C:\Users\Titchard\Downloads\FRST64.exe <br/>2014-04-11 14:21 - 2013-10-21 16:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job <br/>2014-04-11 14:09 - 2014-04-11 14:09 - 00000000 ____D () C:\Users\Titchard\Documents\OneNote Notebooks <br/>2014-04-11 14:09 - 2013-10-20 10:38 - 00000000 ___RD () C:\Users\Titchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup <br/>2014-04-11 14:07 - 2013-10-21 16:24 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>2014-04-11 14:05 - 2013-12-11 16:14 - 00000344 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job <br/>2014-04-11 14:04 - 2013-10-20 10:25 - 01448475 _____ () C:\Windows\WindowsUpdate.log <br/>2014-04-11 06:59 - 2014-04-08 11:13 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys <br/>2014-04-10 18:07 - 2014-04-10 18:07 - 00278703 _____ () C:\Users\Titchard\Documents\Vax guarantee.xps <br/>2014-04-10 17:29 - 2014-04-10 17:29 - 00300093 _____ () C:\Users\Titchard\Documents\Vax receipt.xps <br/>2014-04-10 17:28 - 2014-04-10 17:28 - 00225220 _____ () C:\Users\Titchard\Documents\Vax registration.xps <br/>2014-04-10 16:36 - 2013-10-21 16:24 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>2014-04-10 15:31 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>2014-04-10 15:31 - 2009-07-14 05:45 - 00014240 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>2014-04-10 15:28 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI <br/>2014-04-10 15:23 - 2014-04-10 15:23 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>2014-04-10 15:22 - 2013-10-20 11:58 - 00000268 _____ () C:\Windows\system32\config\afw_hm.conf <br/>2014-04-10 15:22 - 2013-10-20 11:58 - 00000004 _____ () C:\Windows\system32\config\afw_db.conf <br/>2014-04-10 15:21 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT <br/>2014-04-10 15:15 - 2014-04-10 15:13 - 00000000 ____D () C:\AdwCleaner <br/>2014-04-09 20:53 - 2013-10-23 19:14 - 00000000 ____D () C:\Users\Titchard\Documents\Audible <br/>2014-04-09 04:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache <br/>2014-04-09 03:04 - 2013-10-25 13:05 - 00000000 ____D () C:\Windows\system32\MRT <br/>2014-04-09 03:04 - 2013-10-20 12:34 - 00000000 ____D () C:\ProgramData\Microsoft Help <br/>2014-04-09 03:02 - 2013-10-25 13:05 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe <br/>2014-04-08 14:07 - 2014-04-08 14:07 - 00212849 _____ () C:\Users\Titchard\Downloads\hijackthis.zip <br/>2014-04-08 13:42 - 2014-04-08 13:42 - 04118841 _____ () C:\Users\Titchard\Downloads\tdsskiller.zip <br/>2014-04-08 11:37 - 2009-07-14 06:32 - 00000000 ____D () C:\Windows\addins <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes <br/>2014-04-08 11:11 - 2014-04-08 11:11 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware <br/>2014-04-08 11:09 - 2014-04-08 11:09 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Titchard\Downloads\mbam-setup-2.0.1.1004.exe <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll <br/>2014-04-03 11:43 - 2014-04-03 11:43 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll <br/>2014-04-03 11:43 - 2013-10-14 10:44 - 00034896 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\BdNet.sys <br/>2014-04-03 09:51 - 2014-04-08 11:11 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys <br/>2014-04-03 09:51 - 2014-04-08 11:11 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys <br/>2014-04-03 09:50 - 2014-04-08 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys <br/>2014-04-01 16:31 - 2013-10-21 16:24 - 00003898 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA <br/>2014-04-01 16:31 - 2013-10-21 16:24 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore <br/>2014-03-31 02:16 - 2014-04-09 02:52 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll <br/>2014-03-31 02:13 - 2014-04-09 02:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb <br/>2014-03-31 01:13 - 2014-04-09 02:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb <br/>2014-03-31 00:57 - 2014-04-09 02:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll <br/>2014-03-30 20:30 - 2013-12-31 18:52 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys <br/>2014-03-28 21:19 - 2013-10-20 15:00 - 00000000 ____D () C:\Users\Titchard\Documents\Sharons Clerk stuff <br/>2014-03-15 18:37 - 2013-10-21 16:25 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk <br/>2014-03-13 04:25 - 2009-07-14 05:45 - 00310976 _____ () C:\Windows\system32\FNTCACHE.DAT <br/>2014-03-13 04:23 - 2013-12-27 16:21 - 00000000 ____D () C:\Program Files\Microsoft Silverlight <br/>2014-03-13 04:23 - 2013-12-27 16:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight <br/>2014-03-12 03:51 - 2013-10-21 16:24 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater <br/>2014-03-12 03:51 - 2013-10-21 16:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe <br/>2014-03-12 03:51 - 2013-10-21 16:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl <br/> <br/>Some content of TEMP: <br/>==================== <br/>C:\Users\Titchard\AppData\Local\Temp\ose00000.exe <br/>C:\Users\Titchard\AppData\Local\Temp\Quarantine.exe <br/> <br/> <br/>==================== Bamital & volsnap Check ================= <br/> <br/>C:\Windows\System32\winlogon.exe => MD5 is legit <br/>C:\Windows\System32\wininit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\wininit.exe => MD5 is legit <br/>C:\Windows\explorer.exe => MD5 is legit <br/>C:\Windows\SysWOW64\explorer.exe => MD5 is legit <br/>C:\Windows\System32\svchost.exe => MD5 is legit <br/>C:\Windows\SysWOW64\svchost.exe => MD5 is legit <br/>C:\Windows\System32\services.exe => MD5 is legit <br/>C:\Windows\System32\User32.dll => MD5 is legit <br/>C:\Windows\SysWOW64\User32.dll => MD5 is legit <br/>C:\Windows\System32\userinit.exe => MD5 is legit <br/>C:\Windows\SysWOW64\userinit.exe => MD5 is legit <br/>C:\Windows\System32\rpcss.dll => MD5 is legit <br/>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit <br/> <br/> <br/>LastRegBack: 2014-04-09 00:10 <br/> <br/>==================== End Of Log ============================ <br/> <br/>OTL logfile created on: 11/04/2014 14:34:59 - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Titchard\Downloads <br/>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.11.9600.16521) <br/>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy <br/> <br/>2.96 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.37% Memory free <br/>5.92 Gb Paging File | 4.02 Gb Available in Paging File | 67.83% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 218.20 Gb Total Space | 169.63 Gb Free Space | 77.74% Space Free | Partition Type: NTFS <br/>Drive D: | 14.65 Gb Total Space | 2.28 Gb Free Space | 15.58% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: TITCHARD-PC | User Name: Titchard | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Processes (SafeList) ==========[/color] <br/> <br/>PRC - [2014/04/11 14:34:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Titchard\Downloads\OTL.exe <br/>PRC - [2014/04/03 11:43:21 | 000,228,688 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe <br/>PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe <br/>PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe <br/>PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe <br/>PRC - [2014/03/30 20:30:08 | 002,484,504 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe <br/>PRC - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe <br/>PRC - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe <br/>PRC - [2011/03/14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe <br/> <br/> <br/>[color=#E56717]========== Modules (No Company Name) ==========[/color] <br/> <br/>MOD - [2014/02/13 08:49:11 | 001,125,592 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll <br/>MOD - [2013/09/13 19:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll <br/>MOD - [2013/09/13 19:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll <br/>MOD - [2012/06/27 15:09:06 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll <br/> <br/> <br/>[color=#E56717]========== Services (SafeList) ==========[/color] <br/> <br/>SRV:64bit: - [2014/04/03 11:43:23 | 000,394,576 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) <br/>SRV:64bit: - [2014/04/03 11:43:23 | 000,114,512 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll -- (BsCache) <br/>SRV:64bit: - [2014/04/03 11:43:20 | 000,245,584 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) <br/>SRV:64bit: - [2014/04/03 11:43:19 | 000,507,728 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan) <br/>SRV:64bit: - [2014/04/03 11:43:17 | 000,419,664 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) <br/>SRV:64bit: - [2014/04/03 11:43:16 | 000,699,216 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire) <br/>SRV:64bit: - [2014/04/03 11:43:16 | 000,658,768 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup) <br/>SRV:64bit: - [2014/04/03 11:43:14 | 000,741,712 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) <br/>SRV:64bit: - [2014/04/03 11:40:00 | 000,363,344 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) <br/>SRV:64bit: - [2014/03/01 05:33:34 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService) <br/>SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) <br/>SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) <br/>SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService) <br/>SRV - [2014/03/30 20:30:08 | 001,444,120 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService) <br/>SRV - [2014/03/12 03:51:15 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) <br/>SRV - [2013/12/21 07:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) <br/>SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) <br/>SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) <br/>SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) <br/> <br/> <br/>[color=#E56717]========== Driver Services (SafeList) ==========[/color] <br/> <br/>DRV:64bit: - [2014/04/11 06:59:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy) <br/>DRV:64bit: - [2014/04/03 11:43:21 | 000,034,896 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BdNet.sys -- (BdNet) <br/>DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl) <br/>DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) <br/>DRV:64bit: - [2014/03/30 20:30:24 | 000,316,312 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64) <br/>DRV:64bit: - [2013/11/29 16:16:58 | 000,027,544 | ---- | M] (BullGuard Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver) <br/>DRV:64bit: - [2013/11/29 16:16:52 | 000,296,368 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver) <br/>DRV:64bit: - [2013/10/25 10:19:02 | 000,067,680 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy) <br/>DRV:64bit: - [2013/10/14 10:44:58 | 000,469,256 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\afwcore.sys -- (afwcore) <br/>DRV:64bit: - [2013/10/14 10:44:58 | 000,042,760 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\afw.sys -- (AFW) <br/>DRV:64bit: - [2013/10/14 10:44:56 | 000,350,160 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos) <br/>DRV:64bit: - [2013/10/14 10:44:56 | 000,117,192 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdAgent.sys -- (BdAgent) <br/>DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) <br/>DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) <br/>DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) <br/>DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) <br/>DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) <br/>DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) <br/>DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) <br/>DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) <br/>DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) <br/>DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) <br/>DRV:64bit: - [2009/07/14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) <br/>DRV:64bit: - [2009/07/14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan) <br/>DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) <br/>DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) <br/>DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) <br/>DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) <br/>DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) <br/>DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) <br/>DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) <br/>DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) <br/>DRV - [2014/03/30 20:30:24 | 000,282,968 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64) <br/>DRV - [2014/03/30 20:30:22 | 000,397,848 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64) <br/>DRV - [2013/12/31 18:52:36 | 000,606,672 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys -- (RapportCerberus_59849) <br/>DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) <br/> <br/> <br/>[color=#E56717]========== Standard Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Internet Explorer ==========[/color] <br/> <br/>IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} <br/>IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC <br/>IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 <br/>IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm <br/>IE - HKLM\..\SearchScopes,DefaultScope = <br/>IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC <br/>IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 <br/> <br/> <br/>IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = <br/>IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = <br/>IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/> <br/>IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = <br/> <br/>IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = <br/> <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/ <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 22 05 03 7F CD CE 01 [binary data] <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 <br/>IE - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local <br/> <br/> <br/>[color=#E56717]========== FireFox ==========[/color] <br/> <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found <br/>FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found <br/>FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found <br/>FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3522.0110: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) <br/>FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) <br/>FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) <br/> <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2013/10/20 11:31:16 | 000,000,000 | ---D | M] <br/>FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/27 10:00:18 | 000,000,000 | ---D | M] <br/>FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/10/27 10:00:18 | 000,000,000 | ---D | M] <br/> <br/> <br/>[color=#E56717]========== Chrome ==========[/color] <br/> <br/>CHR - homepage: http://www.google.com/ <br/>CHR - plugin: Error reading preferences file <br/>CHR - Extension: Docs = C:\Users\Titchard\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ <br/> <br/>O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts <br/>O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) <br/>O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>O3:64bit: - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) <br/>O4:64bit: - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) <br/>O4:64bit: - HKLM..\Run: [BullGuardUpdate2] c:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.) <br/>O4 - HKLM..\Run: [] File not found <br/>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) <br/>O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) <br/>O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found <br/>O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found <br/>O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found <br/>O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found <br/>O4 - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002..\RunOnce: [Uninstall C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 <br/>O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 <br/>O9:64bit: - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.) <br/>O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.) <br/>O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) <br/>O1364bit: - gopher Prefix: missing <br/>O13 - gopher Prefix: missing <br/>O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 50.63.128.135 8.8.8.8 <br/>O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0F5B89A-707F-4259-929D-749EE79B73CC}: DhcpNameServer = 50.63.128.135 8.8.8.8 <br/>O18:64bit: - Protocol\Handler\livecall - No CLSID value found <br/>O18:64bit: - Protocol\Handler\ms-help - No CLSID value found <br/>O18:64bit: - Protocol\Handler\msnim - No CLSID value found <br/>O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found <br/>O18:64bit: - Protocol\Handler\wlpg - No CLSID value found <br/>O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) <br/>O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) <br/>O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) <br/>O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. <br/>O32 - HKLM CDRom: AutoRun - 1 <br/>O32 - AutoRun File - [2004/05/01 00:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ] <br/>O34 - HKLM BootExecute: (autocheck autochk *) <br/>O35:64bit: - HKLM\..comfile [open] -- "%1" %* <br/>O35:64bit: - HKLM\..exefile [open] -- "%1" %* <br/>O35 - HKLM\..comfile [open] -- "%1" %* <br/>O35 - HKLM\..exefile [open] -- "%1" %* <br/>O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O37 - HKLM\...com [@ = comfile] -- "%1" %* <br/>O37 - HKLM\...exe [@ = exefile] -- "%1" %* <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) <br/>O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) <br/>O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) <br/> <br/>[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] <br/> <br/>[2014/04/11 14:09:14 | 000,000,000 | ---D | C] -- C:\Users\Titchard\Documents\OneNote Notebooks <br/>[2014/04/10 15:13:23 | 000,000,000 | ---D | C] -- C:\AdwCleaner <br/>[2014/04/10 10:08:31 | 000,000,000 | ---D | C] -- C:\FRST <br/>[2014/04/08 11:13:03 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys <br/>[2014/04/08 11:11:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware <br/>[2014/04/08 11:11:51 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys <br/>[2014/04/08 11:11:51 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys <br/>[2014/04/08 11:11:51 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys <br/>[2014/04/08 11:11:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware <br/>[2014/04/08 11:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes <br/>[2014/04/08 11:02:48 | 000,000,000 | ---D | C] -- C:\Users\Titchard\AppData\Local\Programs <br/>[2014/04/03 11:43:41 | 000,153,712 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll <br/>[2014/04/03 11:43:41 | 000,140,280 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll <br/> <br/>[color=#E56717]========== Files - Modified Within 30 Days ==========[/color] <br/> <br/>[2014/04/11 14:37:10 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job <br/>[2014/04/11 14:21:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job <br/>[2014/04/11 14:09:14 | 000,001,310 | ---- | M] () -- C:\Users\Titchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk <br/>[2014/04/11 14:05:40 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job <br/>[2014/04/11 14:04:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat <br/>[2014/04/11 06:59:12 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys <br/>[2014/04/10 18:07:26 | 000,278,703 | ---- | M] () -- C:\Users\Titchard\Documents\Vax guarantee.xps <br/>[2014/04/10 17:29:51 | 000,300,093 | ---- | M] () -- C:\Users\Titchard\Documents\Vax receipt.xps <br/>[2014/04/10 17:28:23 | 000,225,220 | ---- | M] () -- C:\Users\Titchard\Documents\Vax registration.xps <br/>[2014/04/10 16:36:03 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job <br/>[2014/04/10 15:31:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 <br/>[2014/04/10 15:31:44 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 <br/>[2014/04/10 15:28:59 | 000,782,470 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI <br/>[2014/04/10 15:28:59 | 000,667,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat <br/>[2014/04/10 15:28:59 | 000,126,740 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat <br/>[2014/04/10 15:23:52 | 000,000,512 | ---- | M] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>[2014/04/10 15:21:06 | 2384,744,448 | -HS- | M] () -- C:\hiberfil.sys <br/>[2014/04/08 11:11:57 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>[2014/04/03 11:43:21 | 000,153,712 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll <br/>[2014/04/03 11:43:21 | 000,140,280 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll <br/>[2014/04/03 11:43:21 | 000,034,896 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\drivers\BdNet.sys <br/>[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys <br/>[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys <br/>[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys <br/>[2014/03/30 20:30:24 | 000,316,312 | ---- | M] (Trusteer Ltd.) -- C:\Windows\SysNative\drivers\RapportKE64.sys <br/>[2014/03/15 18:37:50 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk <br/>[2014/03/13 04:25:05 | 000,310,976 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT <br/> <br/>[color=#E56717]========== Files Created - No Company Name ==========[/color] <br/> <br/>[2014/04/11 14:09:14 | 000,001,310 | ---- | C] () -- C:\Users\Titchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk <br/>[2014/04/10 18:07:26 | 000,278,703 | ---- | C] () -- C:\Users\Titchard\Documents\Vax guarantee.xps <br/>[2014/04/10 17:29:48 | 000,300,093 | ---- | C] () -- C:\Users\Titchard\Documents\Vax receipt.xps <br/>[2014/04/10 17:28:20 | 000,225,220 | ---- | C] () -- C:\Users\Titchard\Documents\Vax registration.xps <br/>[2014/04/10 15:23:51 | 000,000,512 | ---- | C] () -- C:\Windows\SysNative\F39D4DE6-98B8-4E05-91BD-549E8A8248BD <br/>[2014/04/08 11:11:57 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk <br/>[2013/10/27 09:53:18 | 000,197,476 | ---- | C] () -- C:\Windows\hpoins30.dat <br/>[2013/10/27 09:53:18 | 000,000,587 | ---- | C] () -- C:\Windows\hpomdl30.dat <br/>[2013/10/20 13:29:17 | 000,766,780 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI <br/> <br/>[color=#E56717]========== ZeroAccess Check ==========[/color] <br/> <br/>[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 <br/> <br/>[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] <br/>"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Apartment <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] <br/>"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Free <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 <br/>"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) <br/>"ThreadingModel" = Both <br/> <br/>[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] <br/> <br/>[color=#E56717]========== LOP Check ==========[/color] <br/> <br/>[2014/02/23 21:37:15 | 000,000,000 | ---D | M] -- C:\Users\Titchard\AppData\Roaming\BBCiPlayerDownloads <br/>[2013/12/15 01:28:24 | 000,000,000 | ---D | M] -- C:\Users\Titchard\AppData\Roaming\BullGuard <br/>[2013/10/20 11:29:50 | 000,000,000 | ---D | M] -- C:\Users\Titchard\AppData\Roaming\QuickScan <br/>[2013/12/11 16:15:19 | 000,000,000 | ---D | M] -- C:\Users\Titchard\AppData\Roaming\Visan <br/>[2013/10/20 15:46:50 | 000,000,000 | ---D | M] -- C:\Users\Titchard\AppData\Roaming\Windows Live Writer <br/> <br/>[color=#E56717]========== Purity Check ==========[/color] <br/> <br/> <br/> <br/>< End of report > <br/> <br/>OTL Extras logfile created on: 11/04/2014 14:34:59 - Run 1 <br/>OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Titchard\Downloads <br/>64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation <br/>Internet Explorer (Version = 9.11.9600.16521) <br/>Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy <br/> <br/>2.96 Gb Total Physical Memory | 1.49 Gb Available Physical Memory | 50.37% Memory free <br/>5.92 Gb Paging File | 4.02 Gb Available in Paging File | 67.83% Paging File free <br/>Paging file location(s): ?:\pagefile.sys [binary data] <br/> <br/>%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) <br/>Drive C: | 218.20 Gb Total Space | 169.63 Gb Free Space | 77.74% Space Free | Partition Type: NTFS <br/>Drive D: | 14.65 Gb Total Space | 2.28 Gb Free Space | 15.58% Space Free | Partition Type: NTFS <br/> <br/>Computer Name: TITCHARD-PC | User Name: Titchard | Logged in as Administrator. <br/>Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans <br/>Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days <br/> <br/>[color=#E56717]========== Extra Registry (SafeList) ==========[/color] <br/> <br/> <br/>[color=#E56717]========== File Associations ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <br/>.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] <br/>.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) <br/>.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) <br/> <br/>[HKEY_USERS\S-1-5-21-1021160361-3849089875-2879670586-1002\SOFTWARE\Classes\<extension>] <br/>.html [@ = ChromeHTML] -- Reg Error: Key error. File not found <br/> <br/>[color=#E56717]========== Shell Spawning ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" <br/>http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) <br/>https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) <br/>InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [explore] -- Reg Error: Value error. <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] <br/>batfile [open] -- "%1" %* <br/>cmdfile [open] -- "%1" %* <br/>comfile [open] -- "%1" %* <br/>cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) <br/>exefile [open] -- "%1" %* <br/>helpfile [open] -- Reg Error: Key error. <br/>htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" <br/>http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) <br/>https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) <br/>inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) <br/>piffile [open] -- "%1" %* <br/>regfile [merge] -- Reg Error: Key error. <br/>scrfile [config] -- "%1" <br/>scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l <br/>scrfile [open] -- "%1" /S <br/>txtfile [edit] -- Reg Error: Key error. <br/>Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 <br/>Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) <br/>Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Folder [explore] -- Reg Error: Value error. <br/>Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) <br/>Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) <br/>CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. <br/> <br/>[color=#E56717]========== Security Center Settings ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/>"cval" = 1 <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/>"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] <br/>"AntiVirusOverride" = 0 <br/>"AntiSpywareOverride" = 0 <br/>"FirewallOverride" = 0 <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] <br/> <br/>[color=#E56717]========== Firewall Settings ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] <br/>"DisableNotifications" = 0 <br/>"EnableFirewall" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] <br/>"DisableNotifications" = 0 <br/>"EnableFirewall" = 1 <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] <br/>"DisableNotifications" = 0 <br/>"EnableFirewall" = 1 <br/> <br/>[color=#E56717]========== Authorized Applications List ==========[/color] <br/> <br/> <br/>[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{0EB1DF7C-D30C-4D3D-984C-8CFDEB503276}" = rport=137 | protocol=17 | dir=out | app=system | <br/>"{14EDE4B9-7693-484E-8436-5E97B913E8AF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{3292EEA4-F522-4FCC-ACA2-BD77D5E6FD2A}" = rport=445 | protocol=6 | dir=out | app=system | <br/>"{3FDF0A16-3756-4CA9-A1AC-C0254A695276}" = lport=2869 | protocol=6 | dir=in | app=system | <br/>"{46942EBC-3DE4-4669-BE2C-F6FA52A97B15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{49E641C6-5CE0-4809-BCAC-55874B4417EC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{552DD676-60AF-4FEA-8E71-1A6358B52D93}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | <br/>"{73C0E21E-36D1-4ABE-9289-1CCF12E3F9AA}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | <br/>"{79AF4A81-CEE9-4E9A-9E01-658AEE8D2CA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{838E46B0-AA21-46DD-9D2B-E1E0BF6737DD}" = lport=10243 | protocol=6 | dir=in | app=system | <br/>"{8626D0FE-06D6-40A2-BC00-A706684D37AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{98BAB569-61B6-455B-953B-44564CE90DB9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/>"{A00D6BEB-F151-4AD2-92C7-C33CC5ECA605}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | <br/>"{A260742A-61B8-47C5-98D3-9B59ECE8741F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | <br/>"{A558ED03-28C4-46B7-8659-2A78B5D7820E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{A5A78D16-7C9B-4AE0-8ADF-559124174BFD}" = lport=137 | protocol=17 | dir=in | app=system | <br/>"{B04ADFB0-AF67-461E-8FBA-07574E2033DD}" = lport=445 | protocol=6 | dir=in | app=system | <br/>"{B0C1F2CE-D94F-4071-8A45-6FA3C04ABE4C}" = rport=139 | protocol=6 | dir=out | app=system | <br/>"{BE761392-4B1A-4037-9B39-9CDDA522EF48}" = rport=10243 | protocol=6 | dir=out | app=system | <br/>"{C006A3BE-7643-4A32-9EAF-42A485EE6B09}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | <br/>"{CDDF34DB-E8EB-4400-B619-38C6C83E5C34}" = lport=139 | protocol=6 | dir=in | app=system | <br/>"{D2A15BF7-9384-4F7A-B19F-B88ED86DC6BF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | <br/>"{D4A7259B-D668-40AB-97A8-A1B03C5D9904}" = rport=138 | protocol=17 | dir=out | app=system | <br/>"{D834256F-4653-4393-BED3-AB0513B32270}" = lport=138 | protocol=17 | dir=in | app=system | <br/>"{E3B0A5B3-9042-47D1-B9B7-FC93EEF966BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | <br/>"{E7E3C78B-51D0-40D0-8467-660B138088D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | <br/> <br/>[color=#E56717]========== Vista Active Application Exception List ==========[/color] <br/> <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] <br/>"{002C0C1B-A450-4263-9332-B2537CE4754E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe | <br/>"{057AE954-274A-4D01-BBEA-F519450F7947}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | <br/>"{0F67B001-F15A-42F9-A3FD-D01F4550C9C7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | <br/>"{1A94833B-18DC-4176-95E3-3ECA08ECD185}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | <br/>"{20E7DD38-DCE5-4634-8121-8A63B64BBD8E}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | <br/>"{249AD368-6EEC-4302-ABEB-9B1A0F0A3377}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | <br/>"{2642A70D-3BF2-4F4E-AE8E-CC87725BDA20}" = dir=in | app=c:\users\titchard\appdata\local\microsoft\skydrive\skydrive.exe | <br/>"{277569DD-6C24-4C71-894A-329353708A47}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{2A49D474-4DD2-4D75-BF82-83EB0C3DB697}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | <br/>"{321EFE09-4A20-482E-AD7E-3CAF90D62D54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{36467923-8CBB-4DFF-B299-BAEAB53F8B97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{39A2A2E4-2966-49E6-B3EA-07E727E549AA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | <br/>"{3DAF1E67-58FA-4BF5-93AA-C1D0FE39B8B2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{4030834A-C645-45CF-A522-A812ED75DF0E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | <br/>"{408D9837-C5E0-44A8-9CA2-ED1618ABE0D5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{435DA739-B942-4BC1-8159-0AE6846004FE}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | <br/>"{4811720C-6C78-4AFF-B11E-4B59A3AFF711}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | <br/>"{48D20324-F6ED-4F86-8F14-C206340F7BF1}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | <br/>"{48E342C2-2839-40B4-A74D-07EE939B07C7}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | <br/>"{4954EAB7-ED60-4E18-90CE-E7452C0759A7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{4A2349E6-C01A-4238-B7D1-092FAA0033F0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | <br/>"{4CDFA6D0-CC7E-44EE-AA22-523F43FA60FC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | <br/>"{4F07DB1F-C930-47B3-B0A3-5CE82CB081CC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe | <br/>"{4FFAB8E6-8E77-4372-B86B-40CA3CC134C6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | <br/>"{56AB9F53-60E5-46ED-8499-BBCC920332DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | <br/>"{5911D15A-9F4D-4982-BF52-B3C87FE0A9B1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | <br/>"{5A538BF3-7231-4F74-8216-A44352EBE0E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | <br/>"{60C0DCFA-1F65-4529-AB42-4EBDCF97EF8B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe | <br/>"{654C2139-2827-41BA-A5C3-B242589EE892}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{7589EAD2-C569-4CE1-958B-E3337488D5DD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{831496F6-1C2A-4670-822A-1DA49EB20F09}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe | <br/>"{83D44DB8-AAA9-41BD-875A-9DB7BFE34583}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{85A4A9A5-F8D9-4AFB-8114-786E83C82AD9}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | <br/>"{87885930-F135-4E73-B316-17FDEA35573B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{95BC2169-EDA7-4374-8A15-74DD9156217B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | <br/>"{95D6D324-4A0C-473C-BF5C-5BBE8BD30810}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | <br/>"{9FF87C22-3FAB-4E15-A5F5-0DFE1DB84E9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{A18DB96A-175B-48DF-950E-E3F04C9049E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | <br/>"{BB108919-1511-439F-982F-E9E7270529B6}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | <br/>"{C7FB8F7E-DF3C-464B-B7F4-8BDC272FE6FF}" = dir=in | app=c:\users\titchard\appdata\local\temp\7zs59c4\setup\hpznui40.exe | <br/>"{D439A8BA-CA3A-4357-B96E-40E7C4E8A8D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | <br/>"{DAA72549-80CE-43BB-9FE4-8551B3E36CF9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | <br/>"{DF7EA34E-EED7-4DD5-A3C0-EB2DBAAE8ECC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | <br/>"{EC9D2429-E89B-4C21-A3D3-8D76E044A7A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | <br/>"{EDEE4763-E4FF-4D2D-AD8A-0E27804FE670}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe | <br/>"{EFC87BC9-E956-4E7C-B254-88BD4C8D5D1A}" = protocol=6 | dir=out | app=system | <br/>"{F18B46AC-7CB6-4087-903E-236F069540DD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | <br/>"{F8CB907D-4210-40BF-A321-D14E621586D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | <br/>"{FE3CB1C8-0A72-4B7E-9BCD-E06CACAE5BAA}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | <br/> <br/>[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] <br/> <br/>64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64 <br/>"{2B1C6CB4-4470-4D57-91E0-83986DCEB5DA}" = Windows Live Family Safety <br/>"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 <br/>"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support <br/>"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64 <br/>"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour <br/>"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 <br/>"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1 <br/>"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight <br/>"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 <br/>"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 <br/>"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 <br/>"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1 <br/>"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting <br/>"{A535111D-95C8-487F-869E-CE4C239972D2}" = iTunes <br/>"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4 <br/>"{C6E57DC0-5699-47D4-9263-CEE00A4BB1FC}" = Windows Live MIME IFilter <br/>"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant <br/>"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 <br/>"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer <br/>"BullGuard" = BullGuard <br/>"HP Imaging Device Functions" = HP Imaging Device Functions 13.0 <br/>"HP Photosmart Essential" = HP Photosmart Essential 3.5 <br/>"HP Smart Web Printing" = HP Smart Web Printing 4.51 <br/>"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 <br/>"HPExtendedCapabilities" = HP Customer Participation Program 13.0 <br/>"Shop for HP Supplies" = Shop for HP Supplies <br/> <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status <br/>"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan <br/>"{12E9A245-6551-450C-9EA9-27CE2DB1BBBD}" = Windows Live Writer Resources <br/>"{16E46BCF-3D36-4353-9BCB-344F7812CEDE}" = Photo Gallery <br/>"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch <br/>"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer <br/>"{1D3C86B3-C272-40BF-8B95-48666D3B04C9}" = Windows Live Mail <br/>"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport <br/>"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp <br/>"{1F9E8447-9B82-45D5-A6D7-2A4CB874111F}" = Windows Live Mail <br/>"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer <br/>"{24758B1D-9345-4538-A69A-05660F63A296}" = Junk Mail filter update <br/>"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm <br/>"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery <br/>"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy <br/>"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 <br/>"{3E86F087-6694-450C-A499-4821DA1D3915}" = Photo Gallery <br/>"{4260CAAE-D108-4223-A1C5-96B67062FE86}" = Windows Live Installer <br/>"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD <br/>"{434B008C-FC85-4DE5-B115-8899C7D621A1}" = Windows Live UX Platform Language Pack <br/>"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg <br/>"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support <br/>"{476A047B-BDA1-4B37-BB40-0710C7E9EB61}" = BBC iPlayer Downloads <br/>"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter <br/>"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport <br/>"{59307833-CB98-4440-B644-0CD352F61907}" = Windows Live PIMT Platform <br/>"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 <br/>"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1 <br/>"{68593C1D-5262-433C-85B2-0D0B52597EA7}" = Windows Live Family Safety <br/>"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply <br/>"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox <br/>"{72D9236D-C6EA-4DA6-A18C-CC24521A70D4}" = Windows Live Mail <br/>"{735A7B2E-E7A1-4D01-A3C7-A168686F7713}" = Windows Live Essentials <br/>"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update <br/>"{7C0791D9-F1FB-48DD-B8E4-662BDAE42357}" = Windows Live Messenger <br/>"{80E311AD-3A9C-45C7-A403-8FF3F7609764}" = Windows Live Writer <br/>"{85ED73AB-1B40-47F9-9570-4FEFFA9732E4}" = Windows Live Messenger <br/>"{8C22A294-DBBA-445F-B55C-E26817CCFE69}" = Movie Maker <br/>"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT <br/>"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 <br/>"{8F66BFDE-B213-48E2-93EF-7151277A2916}" = Windows Live SOXE Definitions <br/>"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 <br/>"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 <br/>"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 <br/>"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 <br/>"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 <br/>"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 <br/>"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) <br/>"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 <br/>"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 <br/>"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs <br/>"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 <br/>"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In <br/>"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 <br/>"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) <br/>"{933294E0-FD9F-4ADA-B1B3-ACC7C0E0969D}" = Photo Common <br/>"{94532CD5-C66D-49E3-9131-5FB04D7647A1}" = Windows Live UX Platform <br/>"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 <br/>"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update <br/>"{9797D7BA-A333-4DF1-AF55-AC745D216EDB}" = Windows Live Writer <br/>"{983FA94A-A7DD-40B1-B7F9-F45D2B4FD1DE}" = Windows Live Photo Common <br/>"{99E82553-9654-4FB7-8DB3-900C0FDB1A70}" = Windows Live Writer Resources <br/>"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500 <br/>"{A122962D-0BF9-4AB5-89B3-A490F0D20763}" = Windows Live Writer <br/>"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 <br/>"{A2F4B74E-D722-4D9E-817B-F58F32A55A51}" = Windows Live UX Platform Language Pack <br/>"{A59A15E8-2B9B-490D-916E-D608A9D0D295}" = Windows Live Writer <br/>"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper <br/>"{A9FFEC6C-9C44-4597-8E23-EDD78BF5D0B2}" = Windows Live Communications Platform <br/>"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) <br/>"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations <br/>"{C201BDF9-1C27-46F8-A248-F4469C9FC27C}" = Photo Common <br/>"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant <br/>"{C87DF7BB-4F5C-4BBE-B041-A59FFF4A1D07}" = Windows Live SOXE <br/>"{C95AEB53-7FAE-4257-97AF-7136E8D9F9CA}" = Movie Maker <br/>"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget <br/>"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min <br/>"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 <br/>"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential <br/>"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting <br/>"{DD76542A-5AD9-481C-9CA8-756F84A8FEAF}" = Movie Maker <br/>"{DF7DC45D-8A3C-490C-A70F-8C6A6189EDF9}" = Photo Gallery <br/>"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 <br/>"{E5E83E00-1144-4821-B6B6-7A16C41EFC39}" = Windows Live Messenger <br/>"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 <br/>"{ED58D367-6FB9-4C00-AD81-F5B4CF96845D}" = Windows Live Family Safety <br/>"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] <br/>"{FCEDADE3-1C8A-4858-BE93-360168178BB2}" = Windows Live Essentials <br/>"Adobe Flash Player ActiveX" = Adobe Flash Player 12 ActiveX <br/>"AudibleDownloadManager" = Audible Download Manager <br/>"Google Chrome" = Google Chrome <br/>"HOMESTUDENTR" = Microsoft Office Home and Student 2007 <br/>"HP Photo Creations" = HP Photo Creations <br/>"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.1.1004 <br/>"Rapport_msi" = Trusteer Endpoint Protection <br/>"WinLiveSuite" = Windows Live Essentials <br/>"Yahoo! Companion" = Yahoo! Toolbar <br/> <br/>[color=#E56717]========== HKEY_USERS Uninstall List ==========[/color] <br/> <br/>[HKEY_USERS\S-1-5-21-1021160361-3849089875-2879670586-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] <br/>"OneDriveSetup.exe" = Microsoft OneDrive <br/> <br/>[color=#E56717]========== Last 20 Event Log Errors ==========[/color] <br/> <br/>[ Application Events ] <br/>Error - 07/04/2014 08:53:44 | Computer Name = Titchard-PC | Source = Application Error | ID = 1000 <br/>Description = Faulting application name: WINWORD.EXE, version: 12.0.6690.5000, time <br/> stamp: 0x52881869 Faulting module name: wwlib.dll, version: 12.0.6690.5000, time <br/> stamp: 0x52881938 Exception code: 0xc0000005 Fault offset: 0x00025b64 Faulting process <br/> id: 0x13f8 Faulting application start time: 0x01cf50e6beea3d18 Faulting application <br/> path: C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE Faulting module <br/> path: C:\Program Files (x86)\Microsoft Office\Office12\wwlib.dll Report Id: a69fea7d-be53-11e3-bdc2-a4badb9c05ee <br/> <br/>Error - 08/04/2014 07:32:57 | Computer Name = Titchard-PC | Source = System Restore | ID = 8193 <br/>Description = <br/> <br/>Error - 11/04/2014 09:04:21 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 11/04/2014 09:04:21 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 17840368 <br/> <br/>Error - 11/04/2014 09:04:21 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 17840368 <br/> <br/>Error - 11/04/2014 09:04:39 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 11/04/2014 09:04:39 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 17858246 <br/> <br/>Error - 11/04/2014 09:04:39 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 17858246 <br/> <br/>Error - 11/04/2014 09:04:50 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: Continuously busy for more than a second <br/> <br/>Error - 11/04/2014 09:04:50 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledEvent 17869368 <br/> <br/>Error - 11/04/2014 09:04:50 | Computer Name = Titchard-PC | Source = Bonjour Service | ID = 100 <br/>Description = Task Scheduling Error: m->NextScheduledSPRetry 17869368 <br/> <br/>[ OSession Events ] <br/>Error - 23/01/2014 17:33:49 | Computer Name = Titchard-PC | Source = Microsoft Office 12 Sessions | ID = 7001 <br/>Description = ID: 0, Application Name: Microsoft Office Word, Application Version: <br/> 12.0.6690.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1179 <br/> seconds with 0 seconds of active time. This session ended with a crash. <br/> <br/>[ System Events ] <br/>Error - 10/04/2014 10:34:17 | Computer Name = Titchard-PC | Source = Schannel | ID = 36888 <br/>Description = The following fatal alert was generated: 10. The internal error state <br/> is 10. <br/> <br/>Error - 10/04/2014 10:34:17 | Computer Name = Titchard-PC | Source = Schannel | ID = 36888 <br/>Description = The following fatal alert was generated: 10. The internal error state <br/> is 10. <br/> <br/>Error - 10/04/2014 10:34:58 | Computer Name = Titchard-PC | Source = Schannel | ID = 36888 <br/>Description = The following fatal alert was generated: 10. The internal error state <br/> is 10. <br/> <br/>Error - 10/04/2014 10:34:58 | Computer Name = Titchard-PC | Source = Schannel | ID = 36888 <br/>Description = The following fatal alert was generated: 10. The internal error state <br/> is 10. <br/> <br/>Error - 10/04/2014 10:34:58 | Computer Name = Titchard-PC | Source = Schannel | ID = 36888 <br/>Description = The following fatal alert was generated: 10. The internal error state <br/> is 10. <br/> <br/>Error - 10/04/2014 12:53:16 | Computer Name = Titchard-PC | Source = bowser | ID = 8003 <br/>Description = <br/> <br/>Error - 10/04/2014 13:38:30 | Computer Name = Titchard-PC | Source = bowser | ID = 8003 <br/>Description = <br/> <br/>Error - 10/04/2014 16:14:38 | Computer Name = Titchard-PC | Source = bowser | ID = 8003 <br/>Description = <br/> <br/>Error - 11/04/2014 09:13:05 | Computer Name = Titchard-PC | Source = bowser | ID = 8003 <br/>Description = <br/> <br/>Error - 11/04/2014 09:29:38 | Computer Name = Titchard-PC | Source = Service Control Manager | ID = 7009 <br/>Description = A timeout was reached (30000 milliseconds) while waiting for the Windows <br/> Error Reporting Service service to connect. <br/> <br/> <br/>< End of report >
Posted 4/13/2014 7:35 AM
#96897
User avatar

Touch Advanced member

Date Joined Nov 2016
Total Posts: 12976
Sorry for late response. <br/> <br/> <br/> <br/>We need to run an OTL Fix <br/> <br/>• Please reopen OTL on your desktop. <br/>• Copy and Paste the following code into the Custom Scan textbox. <br/>• Do not include the word "Code" <br/> <br/> <br/>[code] <br/>:OTL  <br/>O4 - HKLM..\Run: [] File not found <br/>O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) <br/>O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found <br/>O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found <br/>O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found <br/>O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found <br/>O4 - HKU\S-1-5-21-1021160361-3849089875-2879670586-1002..\RunOnce: [Uninstall C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found <br/>O18:64bit: - Protocol\Handler\livecall - No CLSID value found <br/>O18:64bit: - Protocol\Handler\ms-help - No CLSID value found <br/>O18:64bit: - Protocol\Handler\msnim - No CLSID value found <br/>O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found <br/>O18:64bit: - Protocol\Handler\wlpg - No CLSID value found <br/>CHR - plugin: Error reading preferences file <br/> <br/>:Files <br/>C:\Program Files (x86)\RegClean Pro <br/>ipconfig /flushdns /c <br/>:Commands <br/>[purity] <br/>[resethosts] <br/>[CreateRestorePoint] <br/>[emptytemp] <br/>[EMPTYFLASH] <br/>[EMPTYJAVA]  <br/>[/code] <br/> <br/> <br/>• Push Run Fix Button <br/>• OTL may ask to reboot the machine. Please do so if asked. <br/>• Click OK. <br/>• A report will open. Copy and Paste that report in your next reply. <br/>• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run. <br/> <br/> <br/> <br/> <br/>Please download Combofix from: <br/>Here <br/> And save to the desktop. <br/> <br/>After the download is complete, perform the following tasks before using the ComboFix tool to scan your PC: <br/>Exit all windows that are currently open on your computer. <br/>To prevent interference, temporarily disable your antivirus, antispyware, firewall and other security tools that may be running on your computer. <br/> <br/>  <br/>Double-click on the combofix icon found on your desktop. <br/>  <br/>Please note, that once you start combofix you should not click anywhere on the combofix window as it can cause the program to stall. <br/>In fact, when combofix is running, do not touch your computer at all and just take a break as it may take a while for it to complete. <br/> <br/> When finished, it will produce a logfile located at C:\combofix.txt. <br/>  <br/> <br/>Post the contents of that log in your next reply <br/> <br/>The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

[color=black face="Courier New" sab="311">[2]Click here: Before-posting-a-log[/2][/url]

<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
[/color]
Do not PM me with logfiles. They will be deleted.


Posted 4/15/2014 6:48 PM
#96919
User avatar

Sha2009 Valued member

Date Joined Nov 2016
Total Posts: 11
All processes killed <br/>========== OTL ========== <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. <br/>Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\APSDaemon deleted successfully. <br/>C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe moved successfully. <br/>Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview deleted successfully. <br/>Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SPReview not found. <br/>Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. <br/>Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully. <br/>Registry value HKEY_USERS\S-1-5-21-1021160361-3849089875-2879670586-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Titchard\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64 deleted successfully. <br/>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully. <br/>File Protocol\Handler\livecall - No CLSID value found not found. <br/>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully. <br/>File Protocol\Handler\ms-help - No CLSID value found not found. <br/>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully. <br/>File Protocol\Handler\msnim - No CLSID value found not found. <br/>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully. <br/>File Protocol\Handler\wlmailhtml - No CLSID value found not found. <br/>64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully. <br/>File Protocol\Handler\wlpg - No CLSID value found not found. <br/>========== FILES ========== <br/>File\Folder C:\Program Files (x86)\RegClean Pro not found. <br/>[color=#A23BEC]< ipconfig /flushdns /c >[/color] <br/>Windows IP Configuration <br/>Successfully flushed the DNS Resolver Cache. <br/>C:\Users\Titchard\Downloads\cmd.bat deleted successfully. <br/>C:\Users\Titchard\Downloads\cmd.txt deleted successfully. <br/>========== COMMANDS ========== <br/>C:\Windows\System32\drivers\etc\Hosts moved successfully. <br/>HOSTS file reset successfully <br/>Restore point Set: OTL Restore Point <br/> <br/>[EMPTYTEMP] <br/> <br/>User: All Users <br/> <br/>User: Default <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 33170 bytes <br/> <br/>User: Default User <br/>->Temp folder emptied: 0 bytes <br/>->Temporary Internet Files folder emptied: 0 bytes <br/> <br/>User: Public <br/> <br/>User: Titchard <br/>->Temp folder emptied: 1432699 bytes <br/>->Temporary Internet Files folder emptied: 140397768 bytes <br/>->Flash cache emptied: 55966 bytes <br/> <br/>%systemdrive% .tmp files removed: 0 bytes <br/>%systemroot% .tmp files removed: 0 bytes <br/>%systemroot%\System32 .tmp files removed: 0 bytes <br/>%systemroot%\System32 (64bit) .tmp files removed: 0 bytes <br/>%systemroot%\System32\drivers .tmp files removed: 0 bytes <br/>Windows Temp folder emptied: 9570686 bytes <br/>%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46504916 bytes <br/>RecycleBin emptied: 14358520 bytes <br/> <br/>Total Files Cleaned = 203.00 mb <br/> <br/> <br/>[EMPTYFLASH] <br/> <br/>User: All Users <br/> <br/>User: Default <br/> <br/>User: Default User <br/> <br/>User: Public <br/> <br/>User: Titchard <br/>->Flash cache emptied: 0 bytes <br/> <br/>Total Flash Files Cleaned = 0.00 mb <br/> <br/> <br/>[EMPTYJAVA] <br/> <br/>User: All Users <br/> <br/>User: Default <br/> <br/>User: Default User <br/> <br/>User: Public <br/> <br/>User: Titchard <br/> <br/>Total Java Files Cleaned = 0.00 mb <br/> <br/> <br/>OTL by OldTimer - Version 3.2.69.0 log created on 04152014_092047 <br/> <br/>Files\Folders moved on Reboot... <br/>C:\Users\Titchard\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. <br/>C:\Users\Titchard\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. <br/> <br/>PendingFileRenameOperations files... <br/> <br/>Registry entries deleted on Reboot... <br/> <br/> <br/>Combofix.. <br/> <br/>ComboFix 14-04-12.01 - Titchard 15/04/2014 9:51.1.1 - x64 <br/>Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3032.1845 [GMT 1:00] <br/>Running from: c:\users\Titchard\Downloads\ComboFix.exe <br/>AV: BullGuard Antivirus *Disabled/Outdated* {C3CCAC61-52F7-A056-1860-6406566E2578} <br/>FW: BullGuard Firewall *Disabled* {FBF72D44-1898-A10E-333F-CD33A8BD6203} <br/>SP: BullGuard Antispyware *Disabled/Outdated* {78AD4D85-74CD-AFD8-22D0-5F742DE96FC5} <br/>SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>D:\AUTORUN.INF <br/>. <br/>. <br/>((((((((((((((((((((((((( Files Created from 2014-03-15 to 2014-04-15 ))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>2014-04-15 09:09 . 2014-04-15 09:09 -------- d-----w- c:\users\Default\AppData\Local\temp <br/>2014-04-15 08:20 . 2014-04-15 08:20 -------- d-----w- C:\_OTL <br/>2014-04-10 14:13 . 2014-04-10 14:15 -------- d-----w- C:\AdwCleaner <br/>2014-04-10 09:08 . 2014-04-11 13:30 -------- d-----w- C:\FRST <br/>2014-04-09 01:52 . 2014-03-31 01:16 23134208 ----a-w- c:\windows\system32\mshtml.dll <br/>2014-04-09 01:52 . 2014-03-31 01:13 2724864 ----a-w- c:\windows\system32\mshtml.tlb <br/>2014-04-09 01:52 . 2014-03-31 00:13 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb <br/>2014-04-08 10:13 . 2014-04-15 08:33 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys <br/>2014-04-08 10:11 . 2014-04-08 10:11 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware <br/>2014-04-08 10:11 . 2014-04-08 10:11 -------- d-----w- c:\programdata\Malwarebytes <br/>2014-04-08 10:11 . 2014-04-03 08:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys <br/>2014-04-08 10:11 . 2014-04-03 08:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys <br/>2014-04-08 10:11 . 2014-04-03 08:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys <br/>2014-04-08 10:02 . 2014-04-08 10:02 -------- d-----w- c:\users\Titchard\AppData\Local\Programs <br/>2014-04-03 10:43 . 2014-04-03 10:43 153712 ----a-w- c:\windows\system32\BgGamingMonitor.dll <br/>2014-04-03 10:43 . 2014-04-03 10:43 140280 ----a-w- c:\windows\SysWow64\BgGamingMonitor.dll <br/>. <br/>. <br/>. <br/>(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>2014-04-09 02:02 . 2013-10-25 12:05 90655440 ----a-w- c:\windows\system32\MRT.exe <br/>2014-04-03 10:43 . 2013-10-14 09:44 34896 ----a-w- c:\windows\system32\drivers\BdNet.sys <br/>2014-03-30 19:30 . 2013-12-31 17:52 316312 ----a-w- c:\windows\system32\drivers\RapportKE64.sys <br/>2014-03-12 02:51 . 2013-10-21 15:23 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl <br/>2014-03-12 02:51 . 2013-10-21 15:23 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe <br/>2014-03-04 09:17 . 2014-04-09 01:51 44032 ----a-w- c:\windows\apppatch\acwow64.dll <br/>2014-03-01 05:16 . 2014-03-12 12:24 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll <br/>2014-03-01 04:58 . 2014-03-12 12:24 2765824 ----a-w- c:\windows\system32\iertutil.dll <br/>2014-03-01 04:52 . 2014-03-12 12:24 66048 ----a-w- c:\windows\system32\iesetup.dll <br/>2014-03-01 04:51 . 2014-03-12 12:24 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll <br/>2014-03-01 04:42 . 2014-03-12 12:24 53760 ----a-w- c:\windows\system32\jsproxy.dll <br/>2014-03-01 04:40 . 2014-03-12 12:24 33792 ----a-w- c:\windows\system32\iernonce.dll <br/>2014-03-01 04:37 . 2014-03-12 12:24 574976 ----a-w- c:\windows\system32\ieui.dll <br/>2014-03-01 04:33 . 2014-03-12 12:24 139264 ----a-w- c:\windows\system32\ieUnatt.exe <br/>2014-03-01 04:33 . 2014-03-12 12:24 111616 ----a-w- c:\windows\system32\ieetwcollector.exe <br/>2014-03-01 04:32 . 2014-03-12 12:24 708608 ----a-w- c:\windows\system32\jscript9diag.dll <br/>2014-03-01 04:23 . 2014-03-12 12:24 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe <br/>2014-03-01 04:17 . 2014-03-12 12:24 218624 ----a-w- c:\windows\system32\ie4uinit.exe <br/>2014-03-01 04:02 . 2014-03-12 12:24 195584 ----a-w- c:\windows\system32\msrating.dll <br/>2014-03-01 03:54 . 2014-03-12 12:24 5768704 ----a-w- c:\windows\system32\jscript9.dll <br/>2014-03-01 03:52 . 2014-03-12 12:24 61952 ----a-w- c:\windows\SysWow64\iesetup.dll <br/>2014-03-01 03:51 . 2014-03-12 12:24 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll <br/>2014-03-01 03:42 . 2014-03-12 12:24 627200 ----a-w- c:\windows\system32\msfeeds.dll <br/>2014-03-01 03:38 . 2014-03-12 12:24 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe <br/>2014-03-01 03:37 . 2014-03-12 12:24 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll <br/>2014-03-01 03:35 . 2014-03-12 12:24 2041856 ----a-w- c:\windows\system32\inetcpl.cpl <br/>2014-03-01 03:18 . 2014-03-12 12:24 13051904 ----a-w- c:\windows\system32\ieframe.dll <br/>2014-03-01 03:14 . 2014-03-12 12:24 4244480 ----a-w- c:\windows\SysWow64\jscript9.dll <br/>2014-03-01 03:10 . 2014-03-12 12:24 2334208 ----a-w- c:\windows\system32\wininet.dll <br/>2014-03-01 03:00 . 2014-03-12 12:24 1964032 ----a-w- c:\windows\SysWow64\inetcpl.cpl <br/>2014-03-01 02:38 . 2014-03-12 12:24 1393664 ----a-w- c:\windows\system32\urlmon.dll <br/>2014-03-01 02:32 . 2014-03-12 12:24 1820160 ----a-w- c:\windows\SysWow64\wininet.dll <br/>2014-03-01 02:25 . 2014-03-12 12:24 817664 ----a-w- c:\windows\system32\ieapfltr.dll <br/>2014-02-07 01:23 . 2014-03-12 12:24 3156480 ----a-w- c:\windows\system32\win32k.sys <br/>2014-02-04 02:32 . 2014-03-12 12:22 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll <br/>2014-02-04 02:32 . 2014-03-12 12:22 624128 ----a-w- c:\windows\system32\qedit.dll <br/>2014-02-04 02:04 . 2014-03-12 12:22 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll <br/>2014-02-04 02:04 . 2014-03-12 12:22 509440 ----a-w- c:\windows\SysWow64\qedit.dll <br/>2014-01-29 02:32 . 2014-03-12 12:24 484864 ----a-w- c:\windows\system32\wer.dll <br/>2014-01-29 02:06 . 2014-03-12 12:24 381440 ----a-w- c:\windows\SysWow64\wer.dll <br/>2014-01-28 02:32 . 2014-03-12 12:25 228864 ----a-w- c:\windows\system32\wwansvc.dll <br/>. <br/>. <br/>((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) <br/>. <br/>. <br/>*Note* empty entries & legit default entries are not shown <br/>REGEDIT4 <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] <br/>@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" <br/>[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] <br/>2014-03-08 08:28 222920 ----a-w- c:\users\Titchard\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] <br/>@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" <br/>[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] <br/>2014-03-08 08:28 222920 ----a-w- c:\users\Titchard\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] <br/>@="{BBACC218-34EA-4666-9D7A-C78F2274A524}" <br/>[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] <br/>2014-03-08 08:28 222920 ----a-w- c:\users\Titchard\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] <br/>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] <br/>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-10-01 152392] <br/>"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] <br/>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208] <br/>. <br/>c:\users\Titchard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] <br/>. <br/>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ <br/>Audible Download Manager.lnk - c:\program files (x86)\Audible\Bin\AudibleDownloadHelper.exe /Startup [2011-3-14 2125472] <br/>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] <br/>"ConsentPromptBehaviorAdmin"= 5 (0x5) <br/>"ConsentPromptBehaviorUser"= 3 (0x3) <br/>"EnableUIADesktopToggle"= 0 (0x0) <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] <br/>"aux"=wdmaud.drv <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain] <br/>@="Service" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner] <br/>@="Service" <br/>. <br/>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] <br/>R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] <br/>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] <br/>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] <br/>R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x] <br/>S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x] <br/>S1 AFW;Agnitum Firewall Driver;c:\windows\system32\DRIVERS\afw.sys;c:\windows\SYSNATIVE\DRIVERS\afw.sys [x] <br/>S1 BdAgent;BullGuard Security Agent;c:\windows\system32\DRIVERS\BdAgent.sys;c:\windows\SYSNATIVE\DRIVERS\BdAgent.sys [x] <br/>S1 BdSpy;BdSpy;c:\windows\system32\drivers\BdSpy.sys;c:\windows\SYSNATIVE\drivers\BdSpy.sys [x] <br/>S1 NovaShieldFilterDriver;NovaShieldFilterDriver;c:\windows\system32\DRIVERS\NSKernel.sys;c:\windows\SYSNATIVE\DRIVERS\NSKernel.sys [x] <br/>S1 NovaShieldTDIDriver;NovaShieldTDIDriver;c:\windows\system32\DRIVERS\NSNetmon.sys;c:\windows\SYSNATIVE\DRIVERS\NSNetmon.sys [x] <br/>S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x] <br/>S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x] <br/>S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x] <br/>S2 BsBackup;BullGuard backup service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsBhvScan;BullGuard Behavioural Detection;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [x] <br/>S2 BsCache;BullGuard CODS service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsFileScan;BullGuard on-access service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsFire;BullGuard firewall service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsMailProxy;BullGuard e-mail monitoring service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsMain;BullGuard main service;c:\windows\System32\SvcHost.exe;c:\windows\SYSNATIVE\SvcHost.exe [x] <br/>S2 BsScanner;BullGuard scanning service;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [x] <br/>S2 BsUpdate;BullGuard update service;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe;c:\program files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [x] <br/>S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] <br/>S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] <br/>S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x] <br/>S3 afwcore;afwcore;c:\windows\system32\DRIVERS\afwcore.sys;c:\windows\SYSNATIVE\DRIVERS\afwcore.sys [x] <br/>S3 BdNet;BdNet;c:\windows\system32\DRIVERS\BdNet.sys;c:\windows\SYSNATIVE\DRIVERS\BdNet.sys [x] <br/>S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] <br/>S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] <br/>S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] <br/>S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x] <br/>. <br/>. <br/>--- Other Services/Drivers In Memory --- <br/>. <br/>*NewlyCreated* - MBAMSWISSARMY <br/>*NewlyCreated* - MBAMWEBACCESSCONTROL <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] <br/>hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc <br/>. <br/>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] <br/>2014-04-13 18:40 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe <br/>. <br/>Contents of the 'Scheduled Tasks' folder <br/>. <br/>2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job <br/>- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-21 02:51] <br/>. <br/>2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21 15:24] <br/>. <br/>2014-04-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job <br/>- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-21 15:24] <br/>. <br/>2014-04-15 c:\windows\Tasks\HP Photo Creations Communicator.job <br/>- c:\programdata\HP Photo Creations\Communicator.exe [2011-09-20 09:11] <br/>. <br/>. <br/>--------- X64 Entries ----------- <br/>. <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] <br/>@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" <br/>[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] <br/>2014-03-08 08:29 261832 ----a-w- c:\users\Titchard\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] <br/>@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" <br/>[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] <br/>2014-03-08 08:29 261832 ----a-w- c:\users\Titchard\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] <br/>@="{BBACC218-34EA-4666-9D7A-C78F2274A524}" <br/>[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] <br/>2014-03-08 08:29 261832 ----a-w- c:\users\Titchard\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlayErr] <br/>@="{8749448C-D907-45BF-A842-4D3898894AC8}" <br/>[HKEY_CLASSES_ROOT\CLSID\{8749448C-D907-45BF-A842-4D3898894AC8}] <br/>2014-04-03 10:43 292176 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlayInProgress] <br/>@="{3FFBF330-7839-476B-BE14-2C8597CE11B6}" <br/>[HKEY_CLASSES_ROOT\CLSID\{3FFBF330-7839-476B-BE14-2C8597CE11B6}] <br/>2014-04-03 10:43 292176 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupOverlaySynced] <br/>@="{C62CF4DB-48CB-4B03-BFD0-30A29125FA49}" <br/>[HKEY_CLASSES_ROOT\CLSID\{C62CF4DB-48CB-4B03-BFD0-30A29125FA49}] <br/>2014-04-03 10:43 292176 ----a-w- c:\program files\BullGuard Ltd\BullGuard\BackupShellHook.dll <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] <br/>"BullGuard"="c:\program files\BullGuard Ltd\BullGuard\BullGuard.exe" [2014-04-03 1082368] <br/>"BullGuardUpdate2"="c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe" [2014-04-03 2913104] <br/>. <br/>------- Supplementary Scan ------- <br/>. <br/>uLocal Page = c:\windows\system32\blank.htm <br/>uStart Page = hxxp://www.bing.com/ <br/>mLocal Page = c:\windows\SysWOW64\blank.htm <br/>uInternet Settings,ProxyOverride = *.local <br/>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 <br/>TCP: DhcpNameServer = 192.168.0.1 <br/>. <br/>- - - - ORPHANS REMOVED - - - - <br/>. <br/>HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start <br/>. <br/>. <br/>. <br/>--------------------- LOCKED REGISTRY KEYS --------------------- <br/>. <br/>[HKEY_USERS\S-1-5-21-1021160361-3849089875-2879670586-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] <br/>@Denied: (2) (LocalSystem) <br/>"Progid"="WindowsLiveMail.Email.1" <br/>. <br/>[HKEY_USERS\S-1-5-21-1021160361-3849089875-2879670586-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] <br/>@Denied: (2) (LocalSystem) <br/>"Progid"="WindowsLiveMail.VCard.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="FlashBroker" <br/>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] <br/>"Enabled"=dword:00000001 <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Shockwave Flash Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] <br/>@="0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="ShockwaveFlash.ShockwaveFlash.12" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="ShockwaveFlash.ShockwaveFlash" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] <br/>@Denied: (A 2) (Everyone) <br/>@="Macromedia Flash Factory Object" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx" <br/>"ThreadingModel"="Apartment" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] <br/>@="FlashFactory.FlashFactory.1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] <br/>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] <br/>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] <br/>@="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] <br/>@="FlashFactory.FlashFactory" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] <br/>@Denied: (A 2) (Everyone) <br/>@="IFlashBroker5" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] <br/>@="{00020424-0000-0000-C000-000000000046}" <br/>. <br/>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] <br/>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" <br/>"Version"="1.0" <br/>. <br/>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] <br/>@Denied: (Full) (Everyone) <br/>. <br/>Completion time: 2014-04-15 10:15:26 <br/>ComboFix-quarantined-files.txt 2014-04-15 09:15 <br/>. <br/>Pre-Run: 185,101,791,232 bytes free <br/>Post-Run: 184,570,224,640 bytes free <br/>. <br/>- - End Of File - - 61A7629EF4911CFBFE886A4C2238155F <br/>A36C5E4F47E84449FF07ED3517B43A31
Posted 4/15/2014 9:42 PM
#96920
User avatar

Sha2009 Valued member

Date Joined Nov 2016
Total Posts: 11
Things not looking good - can't view my emails in MS Live, and browsing is very slow now - not sure if it's something I've done! Would it be worth re-building the computer and starting afresh? I did it last year when everything was running really slow - solved all my problems!
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Sunday, December 4, 2016, 7:29 PM (GMT +1)
There are a total of 61,160 posts in 13,449 threads.
In the last 3 days there were 3 new threads and 4 reply posts.

Who's online

This forum has 37,968 registered members. Please welcome our newest member, Old shape.
There are currently no users on-line.