Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC unable to boot after virus removal in either normal or safe mode


  • This topic is locked This topic is locked
23 replies to this topic

#1 Sleaford Engineering

Sleaford Engineering

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 August 2014 - 09:51 AM

Hi

 

Our works PC was infected with a trojan virus, I'm sorry but I'm not able to remember the name. This came to light when we were unable to do a windows update and found various services turned off (Defender/Firewall etc.) We also had several popups appearing. Only when my boss asked me to investigate did the true nature of the horrors come to light. Sadly this had been left far too long in this state.

 

After managing to get Security Essentials to run it identified a trojan. Removing option didn't seem to work so on "Offline" full scan was performed. Upon completion the PC now refuses to boot in either Safe Mode or Normally.

 

Following a Google search I found a similar thread and got as far as running FRST.exe before realising that any fix would be specific to that problem

 

I have run both FRST.exe and DDS.com in repair mode command prompt and although I may have jumped the gun I attach both log files 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 18 August 2014 - 12:05 PM

Hi there,

the "offline" scan seems to have removed a bootkit but it wasn't thorough enough to delete all parts of it. There is still a remnant present that renders a machine unbootable. Let's try to fix this.
Can you boot into normal mode again after the following fix with FRST in Recovery Environment?


Please download this attached Attached File  fixlist.txt   424bytes   6 downloads and save it on the same flash drive as FRST.
  • Plug in the flash drive to the infected computer, enter the System Recovery Options and open FRST.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) is saved on the flash drive.
    Please copy and paste its contents in your next reply.


#3 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 August 2014 - 12:15 PM

Yes I can now boot into the system normally

 

Fixlog.txt below

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:17-08-2014 01
Ran by SYSTEM at 2014-08-18 18:11:14 Run:1
Running from H:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$bf44136b306c2dfe8312ee64d0eff8a4\n. ATTENTION! ====> ZeroAccess?
C:\$Recycle.Bin\S-1-5-21-80276221-805935237-1155498301-1000\$bf44136b306c2dfe8312ee64d0eff8a4
C:\$Recycle.Bin\S-1-5-18\$bf44136b306c2dfe8312ee64d0eff8a4
C:\Users\Pete\AppData\Local\Temp\*.dll
C:\Users\Pete\AppData\Local\Temp\*.exe
TDL4: custom:26000022 <===== ATTENTION!
 
*****************
 
HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
C:\$Recycle.Bin\S-1-5-21-80276221-805935237-1155498301-1000\$bf44136b306c2dfe8312ee64d0eff8a4 => Moved successfully.
C:\$Recycle.Bin\S-1-5-18\$bf44136b306c2dfe8312ee64d0eff8a4 => Moved successfully.
C:\Users\Pete\AppData\Local\Temp\*.dll => Moved successfully.
C:\Users\Pete\AppData\Local\Temp\*.exe => Moved successfully.
 
The operation completed successfully.
The operation completed successfully.
 
==== End of Fixlog ====


#4 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 August 2014 - 12:21 PM

Just an addendum to the above post

 

Microsoft Security Client "popup"

 

An error occurred in the program during initialization. If this problem .....

 

Error code 0x80073b01

 

Oh and some strange popup that says it has free backup software on this PC ?? 



#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 18 August 2014 - 12:28 PM

Very good. But we're not done yet.
As this seems to be a computer used for work and not a private pc let me first ask you if you consider to format the hard drive and to reinstall the operating system and the software from scratch? This is always the safest option when a system has been compromised by malware like the one we're dealing here. Especially when the computer is used for any sensitive transactions or comes in touch with sensitive data. Please let me know.
Of course there is also a good chance that we can clean the computer. If you choose this option then please continue with the following:


Move FRST from your flash drive to your Desktop.
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Edited by aharonov, 18 August 2014 - 12:29 PM.


#6 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 18 August 2014 - 02:30 PM

I want to format as a last resort, the PC contains certain sage templates that I'm not sure Pete wishes to lose (He's away on holiday and left me with this hot potato).

 

As we are just a small (3 man band) there is really nothing mission critical.

 

I do wish sometimes though that they would think a little before letting kids/ wives/ girlfriends etc loose on the PC, perhaps after this a lesson may be learnt.

 

Files as requested

 

FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by Pete (administrator) on SES-PC on 18-08-2014 19:51:00
Running from C:\Users\Pete\Desktop
Platform: Microsoft Windows 7 Professional  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(Just Develop It) C:\Program Files\MyPC Backup\BackupStack.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files\Knowhow Cloud\VSSService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft) C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\Program Files\SupTab\HpUI.exe
() C:\Program Files\SupTab\Loader32.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(Alcatel-Lucent) C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(DSG Retail Limited) C:\Program Files\Knowhow Cloud\KnowhowCloud.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(MyPCBackup.com) C:\Program Files\MyPC Backup\MyPC Backup.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-04] (Microsoft Corporation)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1804648 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [GoogleChromeAutoLaunch_24B0F4EE2862E0610F79592F0F87280E] => C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [Google Update] => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-01-31] (Google Inc.)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Pete\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [Livedrive] => C:\Program Files\Knowhow Cloud\KnowhowCloud.exe [3497632 2013-11-29] (DSG Retail Limited)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\MountPoints2: {5f680019-a82e-11e3-ad89-90fba6e5b5d7} - H:\Autorun.exe
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\MountPoints2: {75bee2de-96a3-11df-8995-806e6f6e6963} - E:\Autorun.exe
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-80276221-805935237-1155498301-1000\$bf44136b306c2dfe8312ee64d0eff8a4\n. ATTENTION! ====> ZeroAccess?
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: LivedriveDownloadOverlay -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSharedOverlay -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSyncedOverlay -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveUploadOverlay -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} -  No File
URLSearchHook: HKCU - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} -  No File
URLSearchHook: HKCU - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} -  No File
SearchScopes: HKLM - DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {110a9ea2-8810-4c04-b916-cfd4e9427fec} URL = 
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2001} URL = 
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
BHO: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} -  No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} -  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found ()
Winsock: Catalog9 02 mswsock.dll File Not found ()
Winsock: Catalog9 03 mswsock.dll File Not found ()
Winsock: Catalog9 04 mswsock.dll File Not found ()
Winsock: Catalog9 05 mswsock.dll File Not found ()
Winsock: Catalog9 06 mswsock.dll File Not found ()
Winsock: Catalog9 07 mswsock.dll File Not found ()
Winsock: Catalog9 08 mswsock.dll File Not found ()
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF -> C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultSuggestURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Pete\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pete\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Pete\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-16]
CHR Extension: (Google Search) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-16]
CHR Extension: (Google Wallet) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (MySearchDial) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-16]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Pete\AppData\Local\mysearchdial-speeddial.crx [2013-12-30]
CHR HKCU\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Pete\AppData\Local\mysearchdial-speeddial.crx [2013-12-30]
CHR StartMenuInternet: Google Chrome - C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [417792 2009-05-13] (Acer Incorporated) [File not signed]
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-16] (AuthenTec, Inc.)
R2 BackupStack; C:\Program Files\MyPC Backup\BackupStack.exe [36424 2014-07-22] (Just Develop It)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30016 2010-06-03] (Acer Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-18] () [File not signed]
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
R2 HPSLPSVC; C:\Users\Pete\AppData\Local\Temp\7zS15C0\hpslpsvc32.dll [701288 2013-02-06] (Hewlett-Packard Co.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [694784 2014-08-08] (Cherished Technololgy LIMITED) [File not signed]
R2 LivedriveVSSService; C:\Program Files\Knowhow Cloud\VSSService.exe [156320 2013-11-29] ()
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2011-10-19] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2009-11-17] (NewTech Infosystems, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe [53248 2013-01-30] (Sage (UK) Limited) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-03-31] (Wave Systems Corp.) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
S2 Update Jump Flip; "C:\Program Files\Jump Flip\updateJumpFlip.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299144 2012-11-10] (EldoS Corporation)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
R0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [22560 2008-03-12] (Acer, Inc.)
R2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [87072 2008-03-11] (Acer, Inc.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-10-10] (Hewlett Packard)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-12-30] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2010-07-21] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2010-07-21] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-07-21] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2010-07-21] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [237840 2010-04-16] (Wave Systems Corp.)
R1 {55dce8ba-9dec-4013-937e-adbf9317d990}w; C:\Windows\System32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys [52880 2014-08-07] (StdLib)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [X]
S2 zntport; \??\C:\Windows\system32\drivers\zntport.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-19 00:10 - 2014-08-18 19:51 - 00000000 ____D () C:\FRST
2014-08-18 23:05 - 2014-08-18 23:07 - 00000000 _____ () C:\Recovery.txt
2014-08-18 19:51 - 2014-08-18 19:51 - 00026143 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-08-18 19:50 - 2014-08-18 15:06 - 01093632 _____ (Farbar) C:\Users\Pete\Desktop\FRST.exe
2014-08-18 19:47 - 2014-08-18 19:47 - 00001024 _____ () C:\.rnd
2014-08-18 18:17 - 2014-08-18 22:55 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-18 08:35 - 2014-08-18 08:35 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-18 08:35 - 2014-08-18 08:35 - 00000000 ____D () C:\Windows\system32\config\x86
2014-08-18 08:35 - 2014-03-11 12:21 - 00186688 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2014-08-18 08:35 - 2014-03-11 10:13 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2014-08-15 13:56 - 2014-08-15 14:11 - 11241816 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\mseinstall.exe
2014-08-15 13:50 - 2014-08-15 13:50 - 00000000 ____D () C:\Windows\TempC0E21C66-0AEC-725D-B7E0-EDC8A393AEAF-Signatures
2014-08-15 13:38 - 2014-08-15 13:38 - 00302011 _____ () C:\Users\Pete\Downloads\WindowsUpdateDiagnostic.diagcab
2014-08-15 13:34 - 2014-08-15 13:34 - 00001429 _____ () C:\Windows\IE11_main.log
2014-08-15 13:31 - 2014-08-15 13:34 - 31894664 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\EIE11_EN-GB_MCM_WIN7.EXE
2014-08-15 13:24 - 2014-08-15 13:24 - 00000000 ____D () C:\ProgramData\2308189059
2014-08-08 18:03 - 2014-08-07 14:09 - 00052880 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-08-08 17:00 - 2014-08-08 17:02 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 17:00 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-08 16:59 - 2014-08-08 17:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-08 16:59 - 2014-08-08 17:00 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-08 16:59 - 2014-08-08 17:00 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\Users\Pete\Documents\Optimizer Pro
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-08 16:58 - 2014-08-08 16:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-08-08 16:57 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-08 16:57 - 2014-08-08 16:58 - 00000000 ____D () C:\ProgramData\Apple
2014-08-08 16:57 - 2014-08-08 16:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-08 16:55 - 2014-08-08 16:55 - 89111376 _____ (Apple Inc.) C:\Users\Pete\Downloads\iTunesSetup.exe
2014-08-08 16:54 - 2014-08-18 22:55 - 00000000 ____D () C:\Program Files\SupTab
2014-08-08 16:54 - 2014-08-08 16:55 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-08 16:54 - 2014-08-08 16:54 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\v9
2014-08-08 16:52 - 2014-08-08 16:52 - 00838296 _____ ( ) C:\Users\Pete\Downloads\iTunes_Setup.exe
2014-08-08 14:57 - 2014-08-11 08:54 - 00000000 ____D () C:\ProgramData\Datamngr
2014-08-08 14:57 - 2014-08-08 14:57 - 00000000 ____D () C:\Program Files\Movies App
2014-08-08 14:56 - 2014-08-15 13:27 - 00000000 ____D () C:\Users\Pete\AppData\Local\Torch
2014-08-06 17:46 - 2014-08-06 17:46 - 00001875 _____ () C:\Users\Pete\Desktop\Sync Folder.lnk
2014-08-06 17:46 - 2014-08-06 17:46 - 00001005 _____ () C:\Users\Pete\Desktop\MyPC Backup.lnk
2014-08-06 17:46 - 2014-08-06 17:46 - 00000000 ____D () C:\Users\Pete\Documents\My Received Files
2014-08-06 17:46 - 2014-08-06 17:46 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-06 17:44 - 2014-08-06 17:44 - 00000000 ____D () C:\Users\Pete\AppData\Local\imeshmusicboxtoolbarnew
2014-08-06 17:43 - 2014-08-06 17:43 - 00000000 ____D () C:\Program Files\Music App
2014-07-23 18:33 - 2014-07-23 18:33 - 04014321 _____ () C:\Users\Pete\Documents\SageAccts Sleaford Engineering Services 2014-07-23 18-33-21.001
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-18 23:07 - 2014-08-18 23:05 - 00000000 _____ () C:\Recovery.txt
2014-08-18 23:05 - 2011-05-05 08:53 - 00000000 __SHD () C:\Recovery
2014-08-18 22:55 - 2014-08-18 18:17 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-18 22:55 - 2014-08-08 16:54 - 00000000 ____D () C:\Program Files\SupTab
2014-08-18 22:55 - 2011-05-05 10:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-18 22:55 - 2011-05-05 08:54 - 00000000 ____D () C:\Users\Pete
2014-08-18 22:55 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-08-18 21:28 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\LogFiles
2014-08-18 19:51 - 2014-08-19 00:10 - 00000000 ____D () C:\FRST
2014-08-18 19:51 - 2014-08-18 19:51 - 00026143 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-08-18 19:51 - 2011-05-17 10:49 - 00000000 ___HD () C:\Users\Pete\Documents\Outlook Files
2014-08-18 19:49 - 2013-12-30 13:25 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-08-18 19:49 - 2009-07-14 05:39 - 00119519 _____ () C:\Windows\setupact.log
2014-08-18 19:48 - 2011-10-07 13:32 - 00000404 _____ () C:\Windows\Tasks\PC Optimizer Pro startups.job
2014-08-18 19:48 - 2011-07-14 13:43 - 00159836 _____ () C:\Windows\error.log
2014-08-18 19:48 - 2011-05-06 08:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-18 19:48 - 2011-05-05 08:56 - 00000000 _____ () C:\Users\Pete\AppData\Local\WavXMapDrive.bat
2014-08-18 19:47 - 2014-08-18 19:47 - 00001024 _____ () C:\.rnd
2014-08-18 19:47 - 2011-07-14 13:43 - 00036214 _____ () C:\Windows\errord.log
2014-08-18 19:47 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-18 18:22 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:22 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-18 18:16 - 2012-11-27 15:35 - 00000000 ____D () C:\Users\Pete\AppData\Local\Livedrive
2014-08-18 15:06 - 2014-08-18 19:50 - 01093632 _____ (Farbar) C:\Users\Pete\Desktop\FRST.exe
2014-08-18 09:10 - 2010-07-23 22:49 - 01264019 _____ () C:\Windows\WindowsUpdate.log
2014-08-18 09:05 - 2010-07-23 22:44 - 00869928 _____ () C:\Windows\PFRO.log
2014-08-18 08:45 - 2012-02-16 14:54 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000UA.job
2014-08-18 08:45 - 2012-02-16 14:54 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000Core.job
2014-08-18 08:38 - 2011-05-06 08:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-18 08:38 - 2011-05-05 10:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-18 08:37 - 2012-12-27 14:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 08:35 - 2014-08-18 08:35 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-18 08:35 - 2014-08-18 08:35 - 00000000 ____D () C:\Windows\system32\config\x86
2014-08-15 14:11 - 2014-08-15 13:56 - 11241816 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\mseinstall.exe
2014-08-15 14:09 - 2013-07-05 11:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 13:50 - 2014-08-15 13:50 - 00000000 ____D () C:\Windows\TempC0E21C66-0AEC-725D-B7E0-EDC8A393AEAF-Signatures
2014-08-15 13:38 - 2014-08-15 13:38 - 00302011 _____ () C:\Users\Pete\Downloads\WindowsUpdateDiagnostic.diagcab
2014-08-15 13:34 - 2014-08-15 13:34 - 00001429 _____ () C:\Windows\IE11_main.log
2014-08-15 13:34 - 2014-08-15 13:31 - 31894664 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\EIE11_EN-GB_MCM_WIN7.EXE
2014-08-15 13:27 - 2014-08-08 14:56 - 00000000 ____D () C:\Users\Pete\AppData\Local\Torch
2014-08-15 13:24 - 2014-08-15 13:24 - 00000000 ____D () C:\ProgramData\2308189059
2014-08-15 12:20 - 2009-07-14 03:04 - 00002091 _____ () C:\Windows\win.ini
2014-08-15 08:36 - 2011-05-20 15:14 - 00001268 _____ () C:\Windows\system32\SGLCH32.USR
2014-08-11 09:21 - 2012-03-13 11:01 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\12Pay
2014-08-11 08:54 - 2014-08-08 14:57 - 00000000 ____D () C:\ProgramData\Datamngr
2014-08-08 17:10 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-08 17:02 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 17:00 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-08 17:00 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\Users\Pete\Documents\Optimizer Pro
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-08 16:59 - 2014-08-08 16:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-08 16:58 - 2014-08-08 16:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-08-08 16:58 - 2014-08-08 16:57 - 00000000 ____D () C:\ProgramData\Apple
2014-08-08 16:57 - 2014-08-08 16:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-08 16:55 - 2014-08-08 16:55 - 89111376 _____ (Apple Inc.) C:\Users\Pete\Downloads\iTunesSetup.exe
2014-08-08 16:55 - 2014-08-08 16:54 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-08-08 16:54 - 2014-08-08 16:54 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\v9
2014-08-08 16:52 - 2014-08-08 16:52 - 00838296 _____ ( ) C:\Users\Pete\Downloads\iTunes_Setup.exe
2014-08-08 14:57 - 2014-08-08 14:57 - 00000000 ____D () C:\Program Files\Movies App
2014-08-07 14:09 - 2014-08-08 18:03 - 00052880 _____ (StdLib) C:\Windows\system32\Drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
2014-08-07 11:33 - 2010-06-09 04:21 - 00786508 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-06 17:46 - 2014-08-06 17:46 - 00001875 _____ () C:\Users\Pete\Desktop\Sync Folder.lnk
2014-08-06 17:46 - 2014-08-06 17:46 - 00001005 _____ () C:\Users\Pete\Desktop\MyPC Backup.lnk
2014-08-06 17:46 - 2014-08-06 17:46 - 00000000 ____D () C:\Users\Pete\Documents\My Received Files
2014-08-06 17:46 - 2014-08-06 17:46 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-08-06 17:44 - 2014-08-06 17:44 - 00000000 ____D () C:\Users\Pete\AppData\Local\imeshmusicboxtoolbarnew
2014-08-06 17:43 - 2014-08-06 17:43 - 00000000 ____D () C:\Program Files\Music App
2014-08-01 16:28 - 2012-03-13 11:00 - 00000000 ____D () C:\Users\Pete\Documents\12Pay
2014-07-31 17:54 - 2011-09-19 13:45 - 00016151 ____H () C:\Users\Pete\Documents\output to date.xlsx
2014-07-24 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-23 18:33 - 2014-07-23 18:33 - 04014321 _____ () C:\Users\Pete\Documents\SageAccts Sleaford Engineering Services 2014-07-23 18-33-21.001
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-07-18 10:28
 
==================== End Of Log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version:17-08-2014 01
Ran by Pete at 2014-08-18 19:53:08
Running from C:\Users\Pete\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
12Pay Payroll (HKLM\...\{A38F941C-7431-443F-BBB6-F5934144C6A0}) (Version: 1.15.5 - 12Pay Ltd)
32 Bit HP CIO Components Installer (Version: 8.1.1 - Hewlett-Packard) Hidden
Accounts (Version: 16.0.14.147 - Sage (UK) Ltd) Hidden
Accounts (Version: 20.0.9.320 - Sage (UK) Ltd) Hidden
Acer Backup Manager (HKLM\...\InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}) (Version: 2.0.2.39 - NewTech Infosystems)
Acer eLock Management (HKLM\...\{5CC23DEB-D22A-4345-9CFF-F8C602BCE792}) (Version: 3.00.5002 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.00.5006 - Acer Incorporated)
Acer Framework (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5000 - Acer Incorporated)
Acer PowerSaver (HKLM\...\{A1FFD720-0806-40E9-9554-DB22D593FDEF}) (Version: 1.00.3005 - Acer Incorporated)
Acer QuickMigration (HKLM\...\{D38FA7FF-84E7-42F7-ACAC-E85DF086F008}) (Version: 1.00.3005 - Acer Incorporated)
Acer Registration (HKLM\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM\...\Acer Screensaver) (Version: 1.1.0304.2010 - Acer Incorporated)
Acer SmartBoot (HKLM\...\{9E65215B-9DE9-401A-8541-C82FE2D2BC66}) (Version: 1.00.3006 - Acer Incorporated)
Acer Updater (HKLM\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.01.3017 - Acer Incorporated)
Acrobat.com (HKLM\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.0.7220 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.0.7220 - Adobe Systems Inc.) Hidden
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar Updater (HKCU\...\{79A765E1-C399-405B-85AF-466F52E918B0}) (Version: 1.2.2.23821 - Ask.com) <==== ATTENTION
Autodesk Design Review 2013 (HKLM\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Design Review Browser Add-on v1.2  (HKLM\...\{CD49E43B-88B1-48AD-A3AF-43FAAAB41CB8}) (Version: 1.2.0 - Autodesk)
Backup Manager Advance (Version: 2.0.2.39 - NewTech Infosystems) Hidden
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BT Business Broadband Desktop Help (HKLM\...\BT Business Broadband Desktop Help) (Version:  - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A3AD381D-848C-4478-80DC-228E37309308}) (Version:  - Microsoft)
Document Manager Lite (Version: 06.09.00.177 - Wave Systems Corp.) Hidden
DWG TrueView 2013 (HKLM\...\DWG TrueView 2013) (Version: 19.0.55.0 - Autodesk)
DWG TrueView 2013 (Version: 19.0.55.0 - Autodesk) Hidden
EMBASSY Security Center Lite (Version: 04.00.00.108 - Wave Systems Corp) Hidden
EMBASSY Security Setup (Version: 04.00.00.103 - Wave Systems Corp) Hidden
Embassy Trust Suite - Acer Edition (HKLM\...\{ABBA2EA4-740E-4052-902B-9CA70B081E3F}) (Version: 07.03.04.007 - Wave Systems Corp)
ESC Home Page Plugin (Version: 04.00.00.018 - Wave Systems Corp) Hidden
Fingerprint Sensor Minimum Install (Version: 8.4.2.5 - AuthenTec, Inc.) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{AE47EB5B-1789-4480-AD6D-7753473E9DDE}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP Deskjet 3050A J611 series Help (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
HP Deskjet 3050A J611 series Product Improvement Study (HKLM\...\{E9652A2B-6547-4CA7-A06B-1365FE264B7D}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
HP LaserJet 100 color MFP M175 (HKLM\...\{965D0289-10E1-45ec-B11F-A60AC9AE8D4D}) (Version:  - Hewlett-Packard)
HP LJ100 M175 HP Scan (Version: 1.0.302.0 - Hewlett-Packard Co.) Hidden
HP Update (HKLM\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
hpbDSService (Version: 001.001.05133 - Hewlett-Packard) Hidden
hpbM175DSService (Version: 001.001.05133 - Hewlett-Packard) Hidden
HPLaserJet100ColorMFPM175_HelpLearnCenter_SI (HKLM\...\{19542156-285B-458C-994D-2A21889001DF}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUT (Version: 1.00.0012 - HP) Hidden
hppLaserJetService (Version: 002.015.00602 - Hewlett-Packard) Hidden
hppM175LaserJetService (Version: 001.014.00480 - Hewlett-Packard) Hidden
Identity Card (HKLM\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
InstanceFinder (Version: 1.00.0001 - HP) Hidden
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
Intel® TV Wizard (HKLM\...\TVWiz) (Version:  - Intel Corporation)
iTunes (HKLM\...\{91FD46D2-4FB7-4A51-8637-556E1BE1DB7C}) (Version: 11.0.4.4 - Apple Inc.)
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
Java Auto Updater (Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden
Knowhow Cloud (HKLM\...\{FE24E834-46AF-4B4C-B09B-921784B4EE45}) (Version: 2.0.6 - DSG Retail Limited)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Easy Assist v2 (HKLM\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office 2010 Service Pack 1 (SP1) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Nero 9 Essentials (HKLM\...\{6f21b547-98f5-4c50-97e2-c5729918e684}) (Version:  - Nero AG)
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.6.2.101 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.33.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Norton Online Backup (HKLM\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.36 - Symantec)
Private Information Manager (Version: 06.04.00.066 - Wave Systems Corp.) Hidden
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
Sage 50 Accounts 2014 (HKLM\...\InstallShield_{2F43F76F-8108-4F39-8DB5-C2C0FA215889}) (Version: 20.0.9.320 - Sage (UK) Ltd)
ToolboxProxy (Version: 1.00.0001 - HP) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{A8686D24-1E89-43A1-973E-05A258D2B3F8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{48E1B6C2-7299-4F3F-AA63-42F0ACE55AA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM\...\{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{73E67A3A-8D61-44EF-90C2-1697C3DBE668}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{14B7142F-D7E2-4FB0-9E3B-7CAA8D7FFC56}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{C4F26A9B-B121-4135-8084-A0D9C780C7C8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{460FF681-BC66-4C38-99DF-7012E03F1EBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (HKLM\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{C633216E-FF30-45B6-B2AB-21922A9353EF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B1FA5E8C-2342-45AF-8A62-5E860042F8DF}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{1CBEDB37-C438-473F-8BA0-2535B0D237E2}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9CFD026D-EB1C-48C2-9DD2-8E8875F251B2}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM\...\{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{9865DC3A-2898-48D9-B96A-46397571C934}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1CBE095-403D-466D-BB13-B185A5F33231}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{47894754-0FEC-4920-9A65-6C1E732587AC}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{1EEFF749-6F29-4F0B-AB08-4C6EA52AA110}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{6B6DDDCE-B456-4FE1-9A07-DBC1708E4158}) (Version:  - Microsoft)
upekmsi (Version: 03.00.04.0000 - Wave Systems Corp) Hidden
v9 uninstall (HKLM\...\v9 uninstall) (Version:  - v9)
Vardex TT Generator 5.0.7 (HKLM\...\Vardex TT Generator 5.0.7_is1) (Version:  - Vargus LTD.)
Veriton ControlCenter (HKLM\...\{A78190D6-A513-4C5D-BC20-CFE14F1CD5E3}) (Version: 1.00.3004 - Acer Incorporated)
Wave Infrastructure Installer (Version: 07.01.30.0031 - Wave Systems Corp) Hidden
Wave Support Software (Version: 05.10.00.088 - Wave Systems Corp) Hidden
Welcome Center (HKLM\...\Acer Welcome Center) (Version: 1.01.3002 - Acer Incorporated)
Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric  (05/13/2009 8.4.2.0) (HKLM\...\D3F88C3864C8C031A7C5D5E63A76571EC1B047DF) (Version: 05/13/2009 8.4.2.0 - AuthenTec Inc.)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{095A2EEC-F7FE-42E8-96FB-C20E53081908}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.99\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{3faa4380-a399-11cf-a466-00805fe418f6}\InprocServer32 -> C:\Program Files\Autodesk\DWG TrueView 2013\en-US\dwgviewrficn.dll (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{5C65F4B0-3651-4514-B207-D10CB699B14B}\localserver32 -> C:\Users\Pete\AppData\Local\Google\Chrome\Application\36.0.1985.143\delegate_execute.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.21.111\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 -> C:\$Recycle.Bin ()
CustomCLSID: HKU\S-1-5-21-80276221-805935237-1155498301-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
18-07-2014 09:35:28 Scheduled Checkpoint
06-08-2014 15:47:28 avast! antivirus system restore point
08-08-2014 15:58:31 Installed iTunes
15-08-2014 12:44:23 Installed Microsoft Fix it 50123
15-08-2014 12:57:48 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {01A470C2-5705-4D96-8232-98A5BE6C56FF} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000UA => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31] (Google Inc.)
Task: {0A2B0A1F-A34A-4AA6-8CF1-0307CDFA26AF} - System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe [2011-06-08] (Hewlett-Packard Co.)
Task: {10A54364-9647-487E-8A68-7A5F005098CD} - System32\Tasks\{913A5093-FAF7-41AB-B969-7664C05BB837} => C:\Program Files\HP\HP LJ100 M175\bin\HPScan.exe [2010-10-20] (Hewlett-Packard Co.)
Task: {23FA6AB0-2669-4CA1-92DC-3900D222E791} - System32\Tasks\{F2CAE6DC-A65F-41A8-ABDF-A2B81556A102} => C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [2012-11-08] (Microsoft Corporation)
Task: {478C90A3-A8E1-44F5-9E76-5DB552E27ADD} - System32\Tasks\0 => Iexplore.exe 
Task: {4ABF6B7F-AF74-40F3-8A76-34B7E7DC1FBB} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe [2014-07-22] (MyPC Backup) <==== ATTENTION
Task: {4FC9F467-DF87-4A21-9686-64B3ED7E7D59} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000Core => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-31] (Google Inc.)
Task: {5A6CB346-2053-4162-A249-FEFF03F481AE} - System32\Tasks\{32340141-B436-43AB-9530-97A7B7980A62} => C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [2012-11-08] (Microsoft Corporation)
Task: {5B802155-1594-4109-8EE1-D53B98F956E5} - System32\Tasks\Regwork => C:\Program Files\RegWork\RegWork.exe
Task: {6671270F-1A07-4053-9DCE-BDB77B0258CA} - System32\Tasks\HPLJCustParticipation => C:\Program Files\HP\HPLJUT\HPLJUTSCH.exe [2010-09-22] (Hewlett Packard)
Task: {7B6AF99E-5E58-4C3B-AC47-A9516CAC0204} - System32\Tasks\PC Optimizer Pro startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {9E663ABB-D204-4E2A-B0D0-0BB4A47791B3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-06] (Google Inc.)
Task: {A48FF343-3BC9-43A8-A03E-3A016A093E16} - System32\Tasks\{9234BA22-E893-406B-A110-E317FE88C13B} => C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [2012-11-08] (Microsoft Corporation)
Task: {A871FF5B-27D9-4A2D-BB54-747385C9585D} - System32\Tasks\{B73BD871-840A-42DB-9F0F-2611659A938D} => C:\Program Files\HP\HP LJ100 M175\bin\HPScan.exe [2010-10-20] (Hewlett-Packard Co.)
Task: {ADDDAF29-648B-40ED-B415-3BEC21B5F6B5} - System32\Tasks\{99E30454-356F-4C31-B92A-8486E0A08112} => C:\Program Files\HP\HP LJ100 M175\bin\HPScan.exe [2010-10-20] (Hewlett-Packard Co.)
Task: {B47906E8-1992-4236-B6AD-ED41573D7591} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {BA35EAA4-172F-49CA-9C42-96891C36D01C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-05-06] (Google Inc.)
Task: {C80CA96E-4972-4D8E-B0E6-52AE28B53F57} - System32\Tasks\4579 => Wscript.exe C:\Users\Pete\AppData\Local\Temp\launchie.vbs //B
Task: {DBAB4636-5C7D-49B4-BABD-4A40847980F0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E365823F-6010-4F09-B0AD-465899C66E0F} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {E5443CBE-69C0-4072-8092-97D82B089FC6} - System32\Tasks\{40CBB11A-8D91-4E4E-9A77-8E5830D07A49} => C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [2012-11-08] (Microsoft Corporation)
Task: {FED95F3A-2404-44F0-81B3-B96BB59615D9} - System32\Tasks\{E252A170-8126-4506-B304-DA34DB26F989} => C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE [2012-11-08] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000Core.job => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000UA.job => C:\Users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\PC Optimizer Pro startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\Windows\Tasks\Regwork.job => C:\Program Files\RegWork\RegWork.exe
 
==================== Loaded Modules (whitelisted) =============
 
2006-12-12 07:36 - 2006-12-12 07:36 - 00022723 _____ () C:\Windows\System32\sugo2l3.dll
2006-12-04 01:25 - 2006-12-04 01:25 - 00022723 _____ () C:\Windows\System32\sugo3l3.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-22 14:02 - 2014-07-22 14:02 - 00904704 _____ () C:\Program Files\MyPC Backup\x86\System.Data.SQLite.dll
2014-07-22 14:07 - 2014-07-22 14:07 - 00012288 _____ () C:\Program Files\MyPC Backup\GetText.dll
2010-06-09 04:41 - 2009-02-18 01:01 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2010-06-09 04:41 - 2010-06-09 04:41 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5000.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2010-06-09 04:41 - 2010-06-09 04:41 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5000.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2010-06-09 04:41 - 2010-06-09 04:41 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5000.0__3036420f80dd6947\Framework.Library.dll
2010-06-09 04:41 - 2010-06-09 04:41 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5000.0__672b450de5a7e94a\Framework.Host.dll
2010-06-09 04:41 - 2010-06-09 04:41 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5000.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2010-06-09 04:45 - 2010-02-01 22:53 - 00021848 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2010-06-09 04:45 - 2010-02-01 22:54 - 00021840 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2010-06-09 04:45 - 2010-02-01 22:52 - 00144736 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2010-06-09 04:45 - 2010-02-01 22:54 - 00042352 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2013-11-29 17:20 - 2013-11-29 17:20 - 00156320 _____ () C:\Program Files\Knowhow Cloud\VSSService.exe
2009-11-17 23:16 - 2009-11-17 23:16 - 00465576 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\sqlite3.dll
2009-11-17 23:12 - 2009-11-17 23:12 - 01081600 _____ () C:\Program Files\NewTech Infosystems\Acer Backup Manager\ACE.dll
2011-06-08 22:57 - 2011-06-08 22:57 - 01929576 _____ () C:\Windows\system32\HPScanTRDrv_DJ3050A_J611.dll
2014-07-28 18:17 - 2014-08-08 16:54 - 00086016 _____ () C:\Program Files\SupTab\WindowsSupportDll32.dll
2010-04-16 04:33 - 2010-04-16 04:33 - 00249856 _____ () C:\Windows\system32\wxvault.dll
2014-07-28 18:17 - 2014-08-08 16:54 - 00724480 _____ () C:\Program Files\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files\SupTab\Loader32.exe
2013-11-29 17:20 - 2013-11-29 17:20 - 00072352 _____ () C:\Program Files\Knowhow Cloud\Native.dll
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Deskjet 3050A J611 series
Description: Deskjet 3050A J611 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP LaserJet 100 colorMFP M175nw
Description: HP LaserJet 100 colorMFP M175nw
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: Hewlett-Packard
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/18/2014 07:52:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7369eecf-f5e1-4c4f-b28f-3414b8553dfe}
 
Error: (08/18/2014 07:50:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7369eecf-f5e1-4c4f-b28f-3414b8553dfe}
 
Error: (08/18/2014 06:18:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8296cfe4-2394-4e60-bb42-3d6b04561e52}
 
Error: (08/18/2014 06:16:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8296cfe4-2394-4e60-bb42-3d6b04561e52}
 
Error: (08/18/2014 06:15:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8296cfe4-2394-4e60-bb42-3d6b04561e52}
 
Error: (08/18/2014 06:14:43 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (avast! antivirus system restore point). Additional information: 0x80070091.
 
Error: (08/18/2014 09:11:26 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
Error: (08/18/2014 09:10:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
Error: (08/18/2014 09:08:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
Error: (08/18/2014 09:07:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
 
System errors:
=============
Error: (08/18/2014 07:48:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zntport service failed to start due to the following error: 
%%2
 
Error: (08/18/2014 07:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Jump Flip service failed to start due to the following error: 
%%2
 
Error: (08/18/2014 07:48:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tvicport service failed to start due to the following error: 
%%2
 
Error: (08/18/2014 07:48:21 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
 
Error: (08/18/2014 07:48:11 PM) (Source: Service Control Manager) (EventID: 7003) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
 
Error: (08/18/2014 07:48:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error: 
%%-2147024891
 
Error: (08/18/2014 07:47:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (08/18/2014 06:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The zntport service failed to start due to the following error: 
%%2
 
Error: (08/18/2014 06:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Jump Flip service failed to start due to the following error: 
%%2
 
Error: (08/18/2014 06:14:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The tvicport service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (08/18/2014 07:52:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7369eecf-f5e1-4c4f-b28f-3414b8553dfe}
 
Error: (08/18/2014 07:50:54 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {7369eecf-f5e1-4c4f-b28f-3414b8553dfe}
 
Error: (08/18/2014 06:18:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8296cfe4-2394-4e60-bb42-3d6b04561e52}
 
Error: (08/18/2014 06:16:52 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8296cfe4-2394-4e60-bb42-3d6b04561e52}
 
Error: (08/18/2014 06:15:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {8296cfe4-2394-4e60-bb42-3d6b04561e52}
 
Error: (08/18/2014 06:14:43 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: avast! antivirus system restore point0x80070091
 
Error: (08/18/2014 09:11:26 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
Error: (08/18/2014 09:10:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
Error: (08/18/2014 09:08:51 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
Error: (08/18/2014 09:07:52 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {af36d19a-362f-4d6a-8915-facdf5ea3166}
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 42%
Total physical RAM: 2013.24 MB
Available physical RAM: 1166.61 MB
Total Pagefile: 4026.48 MB
Available Pagefile: 2775.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.13 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:134.95 GB) (Free:76.1 GB) NTFS
Drive d: (DATA) (Fixed) (Total:135.04 GB) (Free:131.85 GB) NTFS
Drive h: () (Fixed) (Total:7.43 GB) (Free:5.69 GB) FAT32
Drive l: (Knowhow Cloud Briefcase) (Fixed) (Total:134.95 GB) (Free:76.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: B1E33BE4)
Partition 1: (Not Active) - (Size=28 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=135 GB) - (Type=07 NTFS)
 
========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 7.5 GB) (Disk ID: 27F98091)
Partition 1: (Active) - (Size=7.4 GB) - (Type=0B)
Partition 2: (Not Active) - (Size=32 KB) - (Type=21)
 
==================== End Of Log ============================

Edited by Sleaford Engineering, 18 August 2014 - 02:33 PM.


#7 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 18 August 2014 - 03:04 PM

Alright, let's continue:


Step 1

Please uninstall some programs:
  • Click on the Start Menu button, open Control Panel and click Uninstall a program.
  • Search and select the following programs one by one and click on Uninstall:

    Ask Toolbar Updater
    MyPC Backup
    v9 uninstall

  • Reboot your computer.


Step 2

Please download AdwCleaner (by Xplode) and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.


Step 3

Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)



Step 4

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#8 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 19 August 2014 - 04:47 AM

Done the above, reports below

 

# AdwCleaner v3.307 - Report created 19/08/2014 at 09:51:48
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Professional  (32 bits)
# Username : Pete - SES-PC
# Running from : C:\Users\Pete\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : IePluginServices
[#] Service Deleted : Update Jump Flip
Service Deleted : {55dce8ba-9dec-4013-937e-adbf9317d990}w
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\2308189059
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\DataMngr
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Registry Helper
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\Free Offers from Freeze.com
Folder Deleted : C:\Program Files\Movies App
Folder Deleted : C:\Users\Pete\AppData\Local\Conduit
Folder Deleted : C:\Users\Pete\AppData\Local\DVDVideoSoftTB
Folder Deleted : C:\Users\Pete\AppData\Local\genienext
Folder Deleted : C:\Users\Pete\AppData\Local\iac
Folder Deleted : C:\Users\Pete\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Pete\AppData\Local\torch
Folder Deleted : C:\Users\Pete\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Pete\AppData\Local\Temp\jZip
Folder Deleted : C:\Users\Pete\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pete\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Pete\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Pete\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Pete\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Pete\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Pete\AppData\Roaming\jziptoolbar
Folder Deleted : C:\Users\Pete\AppData\Roaming\Mysearchdial
Folder Deleted : C:\Users\Pete\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Pete\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Pete\AppData\Roaming\PriceGong
Folder Deleted : C:\Users\Pete\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Pete\Documents\Mobogenie
Folder Deleted : C:\Users\Pete\Documents\Optimizer Pro
Folder Deleted : C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
File Deleted : C:\Users\Pete\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx
File Deleted : C:\END
File Deleted : C:\Windows\system32\RegistryHelperLM.ocx
File Deleted : C:\Windows\system32\roboot.exe
File Deleted : C:\Windows\system32\drivers\{55dce8ba-9dec-4013-937e-adbf9317d990}w.sys
File Deleted : C:\Users\Pete\daemonprocess.txt
File Deleted : C:\Users\Pete\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Pete\Desktop\MySearchDial.url
File Deleted : C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
Task Deleted : Optimizer Pro Schedule
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector
Key Deleted : HKLM\SOFTWARE\Classes\RadioRage_4j.ToolbarProtector.1
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Deleted : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DealKeeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\jZip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MYSEAR~1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MySearchDial_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateDealKeeper_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateJumpFlip_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10273591-D084-4328-A7D0-49E051FCDE7B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{395C94B1-59E6-4C65-8AF2-0F6763BC70A6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9638B7D6-11F5-4406-B387-327642A11FFB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A25AA6E2-1CDE-4D0F-A5D4-4898D7FB3C86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{110A9EA2-8810-4C04-B916-CFD4E9427FEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2001}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Key Deleted : HKCU\Software\ClickConnect
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\mysearchdial
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\Surf Canyon
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\Freeze.com
Key Deleted : HKLM\SOFTWARE\mysearchdial
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\V9Software
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16455
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=102&q={searchTerms}
Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=BCPA&o=16145&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=QK&apn_dtid=YYYYYYYYGB&apn_uid=E84FB702-7948-4829-8F35-E30FD992D907&apn_sauid=6198E800-60E0-49D4-BCC1-44429DC315E9
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2269050
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1202&cd=2XzuyEtN2Y1L1QzuzytD0F0B0AyC0EyD0ByD0DyByC0EzzzytN0D0Tzu0SyBtAtDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=977811190&ir=
Deleted [Extension] : pflphaooapbgpeakohlggbpidpppgdff
 
*************************
 
AdwCleaner[R0].txt - [18142 octets] - [19/08/2014 09:48:29]
AdwCleaner[S0].txt - [18065 octets] - [19/08/2014 09:51:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18126 octets] ##########
 
 
 
ComboFix 14-08-19.01 - Pete 19/08/2014  10:16:04.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.44.1033.18.2013.1190 [GMT 1:00]
Running from: c:\users\Pete\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Deal Keeper_iels
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\dwgviewr.err
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\Jump Flip_iels
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc10E4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1452.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc15B4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc173A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc18C1.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1986.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1A27.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1AB3.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B39.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B6F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1B89.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1CF5.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1D39.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc1F17.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2010.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc20BC.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2197.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc21E4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc232C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc23F0.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc24D1.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2ACA.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2B62.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C5A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2C71.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D0C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2D89.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2E06.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2EC0.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc2FF8.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc319D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3451.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc368D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3719.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3813.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3851.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc38EE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3C09.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc3E3B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc43.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4481.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc44CF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc450E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc48A6.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc48E4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc49FE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4A6.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4AD8.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4CAC.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4EBE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4EDE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc4F3C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5092.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc51CA.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5599.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc55FE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5631.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5756.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5840.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc58F3.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5AEE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5DAD.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5E49.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5E86.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc5FAF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc603C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc606F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc671F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc678D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc68A4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6929.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6A2B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C3D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6C7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6D89.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6ED3.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6EDC.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F68.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F69.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc6F6A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7032.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70AA.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc70DE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7199.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7235.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc739C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc75DE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7715.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7773.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc77B1.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc781E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc785D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7A21.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B1B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B3B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7B5A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C14.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7C35.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7CC0.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7CC1.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7CDF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D0E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7D85.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7E6F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7E75.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F01.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7F6E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc7FFB.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8058.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8181.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc824C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc824D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc83E2.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc84BC.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc85F4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc863C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8680.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc86B0.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc86BE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc86ED.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc876A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc876B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc87CF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc87E7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8816.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc88A2.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc88B2.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc890F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc893E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc895D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc89B7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc89DA.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A19.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8A47.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8B80.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8C79.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8D06.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DE0.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DE1.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8DFF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8E47.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8F46.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc8FFA.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc906F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc90CC.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc910B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9149.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9159.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9188.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc92FF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9305.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9366.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc958E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc960A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9688.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc96E8.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc983E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9964.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9DC7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9E73.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F2E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mcc9F7C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA033.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA140.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA289.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA2E6.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA49A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA556.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA611.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA6E5.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA716.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA778.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA8F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA8FE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccA9E8.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAB5E.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAC48.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAD4C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccADBE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccADED.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccAEE7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB038.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB2AE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB3B7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB43C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB474.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB49.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4F0.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB4FF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB81B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB8C6.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB8C7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccB981.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBA9A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBB88.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC43.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBC8A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBCDB.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBD0A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE33.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE5.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBE5B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBECF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEFD.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBEFE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccBF9F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC007.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC13F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC15.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC19C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC286.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC28F.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC33.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC3DD.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC479.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC4F7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC592.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC6AB.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC787.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC822.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC87A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccC969.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCA92.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCC57.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCCB4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE78.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCE87.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCEE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF34.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF43.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccCF99.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD1BA.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD1C2.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD220.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD5C.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD86A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccD8A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA6A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDA98.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDABF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDC8B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD57.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD66.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDD75.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccDE50.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE024.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE0DF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE1EE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2A4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE2F1.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5BF.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5DE.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE5F3.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE6E7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE785.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE923.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccE9D4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEA61.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB6A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEB6B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccECA3.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccEEE4.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF01.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF02B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF168.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF20.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF308.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF351.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF3C3.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF434.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF459.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF4CD.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF52A.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF598.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF5E5.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF614.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6D.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF6DA.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF8A3.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF8C6.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9AC.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccF9E7.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFAC5.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB51.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB71.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFB84.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC05.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFC3B.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFD64.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF09.tmp
c:\users\Pete\AppData\Local\Microsoft\Windows\Temporary Internet Files\mccFF28.tmp
c:\users\Pete\AppData\Local\Temp\7zS15C0\HPSLPSVC32.DLL
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Recent\Home.url
c:\users\Pete\GoToAssistDownloadHelper.exe
c:\windows\system32\test
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_HPSLPSVC
.
.
(((((((((((((((((((((((((   Files Created from 2014-07-19 to 2014-08-19  )))))))))))))))))))))))))))))))
.
.
2014-08-19 09:25 . 2014-08-19 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-19 09:13 . 2014-08-19 09:13 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{635572FF-1F98-4649-9656-FAD4D1B92990}\MpKslb0ffc821.sys
2014-08-19 08:49 . 2010-08-30 07:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-08-19 08:48 . 2014-08-19 08:52 -------- d-----w- C:\AdwCleaner
2014-08-19 08:29 . 2014-08-19 08:29 -------- d-----w- c:\users\Administrator
2014-08-19 08:19 . 2014-08-07 09:05 8581864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{635572FF-1F98-4649-9656-FAD4D1B92990}\mpengine.dll
2014-08-18 23:10 . 2014-08-18 18:53 -------- d-----w- C:\FRST
2014-08-18 17:17 . 2014-08-18 21:55 -------- d-----w- c:\windows\Microsoft Antimalware
2014-08-18 07:39 . 2014-07-14 03:12 8217224 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-15 12:50 . 2014-08-15 12:50 -------- d-----w- c:\windows\TempC0E21C66-0AEC-725D-B7E0-EDC8A393AEAF-Signatures
2014-08-08 16:00 . 2014-08-08 16:00 -------- d-----w- c:\users\Pete\AppData\Local\Apple Computer
2014-08-08 16:00 . 2014-08-08 16:02 -------- d-----w- c:\users\Pete\AppData\Roaming\Apple Computer
2014-08-08 16:00 . 2014-08-08 16:00 -------- dc----w- c:\windows\system32\DRVSTORE
2014-08-08 16:00 . 2012-08-21 12:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2014-08-08 15:59 . 2014-08-08 15:59 -------- d-----w- c:\program files\iPod
2014-08-08 15:59 . 2014-08-08 16:00 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-08 15:59 . 2014-08-08 16:00 -------- d-----w- c:\program files\iTunes
2014-08-08 15:59 . 2014-08-08 15:59 -------- d-----w- c:\programdata\Apple Computer
2014-08-08 15:58 . 2014-08-08 15:58 -------- d-----w- c:\users\Pete\AppData\Local\Apple
2014-08-08 15:58 . 2014-08-08 15:58 -------- d-----w- c:\program files\Apple Software Update
2014-08-08 15:57 . 2014-08-08 15:57 -------- d-----w- c:\program files\Bonjour
2014-08-08 15:57 . 2014-08-08 15:59 -------- d-----w- c:\program files\Common Files\Apple
2014-08-08 15:57 . 2014-08-08 15:58 -------- d-----w- c:\programdata\Apple
2014-08-06 16:44 . 2014-08-06 16:44 -------- d-----w- c:\users\Pete\AppData\Local\imeshmusicboxtoolbarnew
2014-08-06 16:43 . 2014-08-06 16:43 -------- d-----w- c:\program files\Music App
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 09:33 . 2011-05-05 07:56 0 ----a-w- c:\users\Pete\AppData\Local\WavXMapDrive.bat
2014-07-09 10:37 . 2012-12-27 13:31 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-07-09 10:37 . 2011-05-18 10:33 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-09 10:37 . 2014-01-08 09:37 11204096 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-11-10 10:55 158056 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveDownloadOverlay]
@="{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}"
[HKEY_CLASSES_ROOT\CLSID\{CBCDB610-6B68-4EE9-B7A2-1282FD0C9292}]
2013-11-29 16:20 573600 ----a-w- c:\program files\Knowhow Cloud\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSharedOverlay]
@="{84CEF1E4-1356-4063-845F-05047F4DD52C}"
[HKEY_CLASSES_ROOT\CLSID\{84CEF1E4-1356-4063-845F-05047F4DD52C}]
2013-11-29 16:20 573600 ----a-w- c:\program files\Knowhow Cloud\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveSyncedOverlay]
@="{42058329-2FBF-4B33-8E52-3BE5754DE0C1}"
[HKEY_CLASSES_ROOT\CLSID\{42058329-2FBF-4B33-8E52-3BE5754DE0C1}]
2013-11-29 16:20 573600 ----a-w- c:\program files\Knowhow Cloud\Extensions.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LivedriveUploadOverlay]
@="{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}"
[HKEY_CLASSES_ROOT\CLSID\{39A1715A-E4CD-4F1E-B5C4-36B5DB80124E}]
2013-11-29 16:20 573600 ----a-w- c:\program files\Knowhow Cloud\Extensions.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3050A J611 series (NET)"="c:\program files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" [2011-06-08 1804648]
"GoogleChromeAutoLaunch_24B0F4EE2862E0610F79592F0F87280E"="c:\users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe" [2014-08-07 860488]
"Livedrive"="c:\program files\Knowhow Cloud\KnowhowCloud.exe" [2013-11-29 3497632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-19 147328]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-17 8092192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 166424]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 175128]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2010-04-19 95616]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-11-17 261888]
"AutoLockProcess"="c:\program files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe" [2010-06-03 451912]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Acer SmartBoot"="c:\program files\Acer\Acer SmartBoot\ASLTray.exe" [2009-05-13 376832]
"Acer PowerSaver"="c:\program files\Acer\Acer PowerSaver\PowerSaverTray.exe" [2009-04-17 434176]
"btbb_McciTrayApp"="c:\program files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe" [2011-11-09 1584640]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-07-04 280576]
.
c:\users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ   msv1_0 wvauth
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2014-03-11 09:13 951576 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
R3 HP DS Service;HP DS Service;c:\program files\HP\HPBDSService\HPBDSService.exe [2010-10-27 13824]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppcbulkio.sys [2011-10-10 20504]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-03-11 104264]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2014-03-11 279776]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [2013-12-30 13464]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-06 1343400]
S0 eLock2BurnerLockDriver;Disk Performance Monitor Filter Driver;c:\windows\system32\DRIVERS\eLock2BurnerLockDriver.sys [2008-03-11 22560]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [2012-11-10 299144]
S1 MpKslb0ffc821;MpKslb0ffc821;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{635572FF-1F98-4649-9656-FAD4D1B92990}\MpKslb0ffc821.sys [2014-08-19 39464]
S2 ASLSvc;Acer SmartBoot Service;c:\program files\Acer\Acer SmartBoot\ASLSvc.exe [2009-05-13 417792]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [2009-05-16 1803512]
S2 eLock2FSCTLDriver;eLock2FSCTLDriver;c:\windows\system32\DRIVERS\eLock2FSCTLDriver.sys [2008-03-11 87072]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2009-02-18 24576]
S2 GREGService;GREGService;c:\program files\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-27 145920]
S2 LivedriveVSSService;Livedrive VSS Service;c:\program files\Knowhow Cloud\VSSService.exe [2013-11-29 156320]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-11-17 255744]
S2 Sage AutoUpdate Manager Service;Sage AutoUpdate Manager Service;c:\program files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [2013-06-04 8192]
S2 Sage SData Service;Sage SData Service;c:\program files\Common Files\Sage SData\Sage.SData.Service.exe [2013-01-30 53248]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService REG_MULTI_SZ   HPSLPSVC
HPZ12 REG_MULTI_SZ   Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-27 10:37]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 07:30]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-05-06 07:30]
.
2014-08-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000Core.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 07:58]
.
2014-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000UA.job
- c:\users\Pete\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-16 07:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Pete\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: keysurvey2.com\sage
TCP: DhcpNameServer = 192.168.1.254
.
.
------- File Associations -------
.
.scr=DWGTrueViewScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
URLSearchHooks-{3bbd3c14-4c16-4989-8366-95bc9179779d} - (no file)
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
WebBrowser-{3BBD3C14-4C16-4989-8366-95BC9179779D} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKCU-Run-Akamai NetSession Interface - c:\users\Pete\AppData\Local\Akamai\netsession_win.exe
HKLM-Run-RegWork - c:\program files\RegWork\RegWork.exe
HKLM-Run-Conime - c:\windows\system32\conime.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(600)
c:\windows\system32\wvauth.DLL
.
- - - - - - - > 'Explorer.exe'(2756)
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\Knowhow Cloud\Extensions.dll
c:\program files\Acer\Acer PowerSaver\SysHook.dll
c:\windows\System32\gameux.dll
c:\program files\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll
c:\program files\Common Files\Autodesk Shared\DWF Common\dwfcore_wt.1.7.0.dll
c:\program files\Common Files\Autodesk Shared\DWF Common\dwftk_wt.7.7.0.dll
c:\program files\Common Files\Autodesk Shared\DWF Common\w3dtk_wt.1.7.1555.dll
c:\program files\Common Files\Autodesk Shared\DWF Common\whiptk_wt.7.13.601.dll
c:\program files\Common Files\Autodesk Shared\DWF Common\en-US\DWFShellExtensionRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\crypserv.exe
c:\program files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Office\Office14\ONENOTEM.EXE
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2014-08-19  10:38:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-08-19 09:38
.
Pre-Run: 81,897,033,728 bytes free
Post-Run: 84,674,580,480 bytes free
.
- - End Of File - - E6DB1FEE8C11A5FB52CCB03D4CC4A51D
A36C5E4F47E84449FF07ED3517B43A31
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:17-08-2014 01
Ran by Pete (administrator) on SES-PC on 19-08-2014 10:40:23
Running from C:\Users\Pete\Desktop
Platform: Microsoft Windows 7 Professional  (X86) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AuthenTec, Inc.) C:\Program Files\Fingerprint Sensor\AtService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
() C:\Program Files\Knowhow Cloud\VSSService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(Microsoft) C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe
(Sage (UK) Limited) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Wave Systems Corp.) C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe
(Acer Incorporated) C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe
(Alcatel-Lucent) C:\Program Files\BT Business Broadband Desktop Help\btbb\BTHelpNotifier.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DSG Retail Limited) C:\Program Files\Knowhow Cloud\KnowhowCloud.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-07-04] (Microsoft Corporation)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [HP Deskjet 3050A J611 series (NET)] => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [1804648 2011-06-08] (Hewlett-Packard Co.)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [GoogleChromeAutoLaunch_24B0F4EE2862E0610F79592F0F87280E] => C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe [860488 2014-08-07] (Google Inc.)
HKU\S-1-5-21-80276221-805935237-1155498301-1000\...\Run: [Livedrive] => C:\Program Files\Knowhow Cloud\KnowhowCloud.exe [3497632 2013-11-29] (DSG Retail Limited)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\Pete\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: LivedriveDownloadOverlay -> {CBCDB610-6B68-4EE9-B7A2-1282FD0C9292} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSharedOverlay -> {84CEF1E4-1356-4063-845F-05047F4DD52C} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveSyncedOverlay -> {42058329-2FBF-4B33-8E52-3BE5754DE0C1} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
ShellIconOverlayIdentifiers: LivedriveUploadOverlay -> {39A1715A-E4CD-4F1E-B5C4-36B5DB80124E} => C:\Program Files\Knowhow Cloud\Extensions.dll (Livedrive Internet Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = https://uk.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://uk.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2448} URL = 
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = 
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 -> C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @autodesk.com/DWF -> C:\Program Files\Autodesk\Autodesk Design Review Browser Add-on v1.2\npADRdwf.dll (Autodesk)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Pete\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: v9
CHR DefaultSearchProvider: v9
CHR DefaultSuggestURL: 
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Pete\AppData\Local\Google\Chrome\Application\36.0.1985.143\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Pete\AppData\Local\Google\Chrome\Application\36.0.1985.143\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Pete\AppData\Local\Google\Chrome\Application\36.0.1985.143\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-16]
CHR Extension: (Google Search) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-16]
CHR Extension: (Google Wallet) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-04]
CHR Extension: (No Name) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2013-12-30]
CHR Extension: (Gmail) - C:\Users\Pete\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-16]
CHR StartMenuInternet: Google Chrome - C:\Users\Pete\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASLSvc; C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe [417792 2009-05-13] (Acer Incorporated) [File not signed]
R2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1803512 2009-05-16] (AuthenTec, Inc.)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-08] (CrypKey (Canada) Ltd.) [File not signed]
R2 eLockService; C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe [30016 2010-06-03] (Acer Inc.)
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-02-18] () [File not signed]
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [23584 2010-01-08] (Acer Incorporated)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2010-10-27] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-27] (HP) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 LivedriveVSSService; C:\Program Files\Knowhow Cloud\VSSService.exe [156320 2013-11-29] ()
R2 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [319488 2011-10-19] (Alcatel-Lucent) [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [279776 2014-03-11] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [255744 2009-11-17] (NewTech Infosystems, Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Sage AutoUpdate Manager Service; C:\Program Files\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft) [File not signed]
R2 Sage SData Service; C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe [53248 2013-01-30] (Sage (UK) Limited) [File not signed]
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2010-03-31] (Wave Systems Corp.) [File not signed]
R2 Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [240160 2009-07-04] (Acer)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [299144 2012-11-10] (EldoS Corporation)
R2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [38400 2009-03-02] (Samsung Electronics Co., Ltd.) [File not signed]
R0 eLock2BurnerLockDriver; C:\Windows\System32\DRIVERS\eLock2BurnerLockDriver.sys [22560 2008-03-12] (Acer, Inc.)
R2 eLock2FSCTLDriver; C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys [87072 2008-03-11] (Acer, Inc.)
S3 HPFXBULKLEDM; C:\Windows\System32\drivers\hppcbulkio.sys [20504 2011-10-10] (Hewlett Packard)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl1e722dfc; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{635572FF-1F98-4649-9656-FAD4D1B92990}\MpKsl1e722dfc.sys [39464 2014-08-19] (Microsoft Corporation)
R1 MpKslb0ffc821; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{635572FF-1F98-4649-9656-FAD4D1B92990}\MpKslb0ffc821.sys [39464 2014-08-19] (Microsoft Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-11-09] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R1 NetworkX; C:\Windows\system32\ckldrv.sys [19584 2008-03-17] () [File not signed]
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-03-02] (Samsung Electronics) [File not signed]
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [13464 2013-12-30] ()
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [165376 2010-07-21] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2010-07-21] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-07-21] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [294912 2010-07-21] (Microsoft Corporation)
R2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [237840 2010-04-16] (Wave Systems Corp.)
S3 catchme; \??\C:\Users\Pete\AppData\Local\Temp\catchme.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S2 tvicport; \??\C:\Windows\system32\drivers\tvicport.sys [X]
S2 zntport; \??\C:\Windows\system32\drivers\zntport.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-19 10:38 - 2014-08-19 10:38 - 00041723 _____ () C:\ComboFix.txt
2014-08-19 10:08 - 2014-08-19 10:27 - 00001024 _____ () C:\.rnd
2014-08-19 10:06 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-08-19 10:06 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-08-19 10:06 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-08-19 10:06 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-08-19 10:06 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-08-19 10:06 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-08-19 10:06 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-08-19 10:06 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-08-19 09:58 - 2014-08-19 10:38 - 00000000 ____D () C:\Qoobox
2014-08-19 09:57 - 2014-08-19 10:36 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 09:49 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-08-19 09:48 - 2014-08-19 09:52 - 00000000 ____D () C:\AdwCleaner
2014-08-19 09:47 - 2014-08-19 09:46 - 05572251 ____R (Swearware) C:\Users\Pete\Desktop\ComboFix.exe
2014-08-19 09:47 - 2014-08-19 09:45 - 01361671 _____ () C:\Users\Pete\Desktop\AdwCleaner.exe
2014-08-19 09:29 - 2014-08-19 09:29 - 00001373 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-19 09:29 - 2014-08-19 09:29 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Acer PowerSaver
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 _____ () C:\Users\Administrator\AppData\Local\WavXMapDrive.bat
2014-08-19 09:29 - 2011-12-06 21:34 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-08-19 09:29 - 2011-09-26 18:23 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-08-19 09:29 - 2011-09-26 18:23 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-19 00:10 - 2014-08-19 10:40 - 00000000 ____D () C:\FRST
2014-08-18 23:05 - 2014-08-18 23:07 - 00000000 _____ () C:\Recovery.txt
2014-08-18 21:26 - 2014-08-19 10:26 - 54263808 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-18 19:53 - 2014-08-18 19:53 - 00048053 _____ () C:\Users\Pete\Desktop\Addition.txt
2014-08-18 19:51 - 2014-08-19 10:40 - 00018485 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-08-18 19:50 - 2014-08-18 15:06 - 01093632 _____ (Farbar) C:\Users\Pete\Desktop\FRST.exe
2014-08-18 18:17 - 2014-08-18 22:55 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-18 08:35 - 2014-08-18 08:35 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-18 08:35 - 2014-08-18 08:35 - 00000000 ____D () C:\Windows\system32\config\x86
2014-08-18 08:35 - 2014-03-11 12:21 - 00186688 _____ (Microsoft Corporation) C:\Windows\system32\config\EppManifest.dll
2014-08-18 08:35 - 2014-03-11 10:13 - 00008864 _____ (Microsoft Corporation) C:\Windows\system32\config\setupres.dll
2014-08-15 13:56 - 2014-08-15 14:11 - 11241816 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\mseinstall.exe
2014-08-15 13:50 - 2014-08-15 13:50 - 00000000 ____D () C:\Windows\TempC0E21C66-0AEC-725D-B7E0-EDC8A393AEAF-Signatures
2014-08-15 13:38 - 2014-08-15 13:38 - 00302011 _____ () C:\Users\Pete\Downloads\WindowsUpdateDiagnostic.diagcab
2014-08-15 13:34 - 2014-08-15 13:34 - 00001429 _____ () C:\Windows\IE11_main.log
2014-08-15 13:31 - 2014-08-15 13:34 - 31894664 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\EIE11_EN-GB_MCM_WIN7.EXE
2014-08-08 17:00 - 2014-08-08 17:02 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 17:00 - 2012-08-21 13:01 - 00026840 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2014-08-08 16:59 - 2014-08-08 17:10 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-08 16:59 - 2014-08-08 17:00 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-08 16:59 - 2014-08-08 17:00 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-08 16:58 - 2014-08-08 16:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-08-08 16:57 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-08 16:57 - 2014-08-08 16:58 - 00000000 ____D () C:\ProgramData\Apple
2014-08-08 16:57 - 2014-08-08 16:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-08 16:55 - 2014-08-08 16:55 - 89111376 _____ (Apple Inc.) C:\Users\Pete\Downloads\iTunesSetup.exe
2014-08-08 16:52 - 2014-08-08 16:52 - 00838296 _____ ( ) C:\Users\Pete\Downloads\iTunes_Setup.exe
2014-08-06 17:46 - 2014-08-06 17:46 - 00000000 ____D () C:\Users\Pete\Documents\My Received Files
2014-08-06 17:44 - 2014-08-06 17:44 - 00000000 ____D () C:\Users\Pete\AppData\Local\imeshmusicboxtoolbarnew
2014-08-06 17:43 - 2014-08-06 17:43 - 00000000 ____D () C:\Program Files\Music App
2014-07-23 18:33 - 2014-07-23 18:33 - 04014321 _____ () C:\Users\Pete\Documents\SageAccts Sleaford Engineering Services 2014-07-23 18-33-21.001
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-19 10:40 - 2014-08-19 00:10 - 00000000 ____D () C:\FRST
2014-08-19 10:40 - 2014-08-18 19:51 - 00018485 _____ () C:\Users\Pete\Desktop\FRST.txt
2014-08-19 10:38 - 2014-08-19 10:38 - 00041723 _____ () C:\ComboFix.txt
2014-08-19 10:38 - 2014-08-19 09:58 - 00000000 ____D () C:\Qoobox
2014-08-19 10:38 - 2011-05-06 08:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-19 10:38 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2014-08-19 10:38 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2014-08-19 10:37 - 2012-12-27 14:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-19 10:36 - 2014-08-19 09:57 - 00000000 ____D () C:\Windows\erdnt
2014-08-19 10:35 - 2012-11-27 15:35 - 00000000 ____D () C:\Users\Pete\AppData\Local\Livedrive
2014-08-19 10:34 - 2011-05-17 10:49 - 00000000 ___HD () C:\Users\Pete\Documents\Outlook Files
2014-08-19 10:34 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-19 10:34 - 2009-07-14 05:34 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-19 10:33 - 2011-05-06 08:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-19 10:33 - 2011-05-05 08:56 - 00000000 _____ () C:\Users\Pete\AppData\Local\WavXMapDrive.bat
2014-08-19 10:33 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-08-19 10:30 - 2010-07-23 22:49 - 01327402 _____ () C:\Windows\WindowsUpdate.log
2014-08-19 10:27 - 2014-08-19 10:08 - 00001024 _____ () C:\.rnd
2014-08-19 10:27 - 2011-07-14 13:43 - 00160456 _____ () C:\Windows\error.log
2014-08-19 10:27 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-19 10:27 - 2009-07-14 05:39 - 00119867 _____ () C:\Windows\setupact.log
2014-08-19 10:26 - 2014-08-18 21:26 - 54263808 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-08-19 10:26 - 2011-07-14 13:43 - 00036349 _____ () C:\Windows\errord.log
2014-08-19 10:26 - 2010-07-23 22:44 - 00870790 _____ () C:\Windows\PFRO.log
2014-08-19 10:26 - 2009-07-14 03:03 - 16515072 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-08-19 10:26 - 2009-07-14 03:03 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-08-19 10:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-08-19 10:26 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-08-19 10:24 - 2011-05-05 08:54 - 00000000 ____D () C:\Users\Pete
2014-08-19 09:52 - 2014-08-19 09:48 - 00000000 ____D () C:\AdwCleaner
2014-08-19 09:52 - 2012-09-26 15:16 - 00000000 ____D () C:\Users\Pete\AppData\Local\CRE
2014-08-19 09:48 - 2010-06-09 04:21 - 00783136 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-19 09:46 - 2014-08-19 09:47 - 05572251 ____R (Swearware) C:\Users\Pete\Desktop\ComboFix.exe
2014-08-19 09:45 - 2014-08-19 09:47 - 01361671 _____ () C:\Users\Pete\Desktop\AdwCleaner.exe
2014-08-19 09:45 - 2012-02-16 14:54 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000UA.job
2014-08-19 09:29 - 2014-08-19 09:29 - 00001373 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-08-19 09:29 - 2014-08-19 09:29 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Acer PowerSaver
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 ____D () C:\Users\Administrator
2014-08-19 09:29 - 2014-08-19 09:29 - 00000000 _____ () C:\Users\Administrator\AppData\Local\WavXMapDrive.bat
2014-08-19 09:29 - 2009-07-14 05:46 - 00001515 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-08-18 23:07 - 2014-08-18 23:05 - 00000000 _____ () C:\Recovery.txt
2014-08-18 23:05 - 2011-05-05 08:53 - 00000000 ____D () C:\Recovery
2014-08-18 22:55 - 2014-08-18 18:17 - 00000000 ____D () C:\Windows\Microsoft Antimalware
2014-08-18 22:55 - 2011-05-05 10:47 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-08-18 22:55 - 2009-07-14 05:52 - 00000000 ____D () C:\Program Files\Windows Defender
2014-08-18 21:28 - 2009-07-14 03:37 - 00000000 ___HD () C:\Windows\system32\LogFiles
2014-08-18 19:53 - 2014-08-18 19:53 - 00048053 _____ () C:\Users\Pete\Desktop\Addition.txt
2014-08-18 15:06 - 2014-08-18 19:50 - 01093632 _____ (Farbar) C:\Users\Pete\Desktop\FRST.exe
2014-08-18 08:45 - 2012-02-16 14:54 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-80276221-805935237-1155498301-1000Core.job
2014-08-18 08:38 - 2011-05-05 10:47 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-08-18 08:35 - 2014-08-18 08:35 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-08-18 08:35 - 2014-08-18 08:35 - 00000000 ____D () C:\Windows\system32\config\x86
2014-08-15 14:11 - 2014-08-15 13:56 - 11241816 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\mseinstall.exe
2014-08-15 14:09 - 2013-07-05 11:32 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-15 13:50 - 2014-08-15 13:50 - 00000000 ____D () C:\Windows\TempC0E21C66-0AEC-725D-B7E0-EDC8A393AEAF-Signatures
2014-08-15 13:38 - 2014-08-15 13:38 - 00302011 _____ () C:\Users\Pete\Downloads\WindowsUpdateDiagnostic.diagcab
2014-08-15 13:34 - 2014-08-15 13:34 - 00001429 _____ () C:\Windows\IE11_main.log
2014-08-15 13:34 - 2014-08-15 13:31 - 31894664 _____ (Microsoft Corporation) C:\Users\Pete\Downloads\EIE11_EN-GB_MCM_WIN7.EXE
2014-08-15 12:20 - 2009-07-14 03:04 - 00002091 _____ () C:\Windows\win.ini
2014-08-15 08:36 - 2011-05-20 15:14 - 00001268 _____ () C:\Windows\system32\SGLCH32.USR
2014-08-11 09:21 - 2012-03-13 11:01 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\12Pay
2014-08-08 17:10 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\TEMP
2014-08-08 17:02 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Pete\AppData\Roaming\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple Computer
2014-08-08 17:00 - 2014-08-08 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-08 17:00 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-08-08 17:00 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-08 16:59 - 2014-08-08 16:59 - 00000000 ____D () C:\Program Files\iPod
2014-08-08 16:59 - 2014-08-08 16:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-08-08 16:58 - 2014-08-08 16:58 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Users\Pete\AppData\Local\Apple
2014-08-08 16:58 - 2014-08-08 16:58 - 00000000 ____D () C:\Program Files\Apple Software Update
2014-08-08 16:58 - 2014-08-08 16:57 - 00000000 ____D () C:\ProgramData\Apple
2014-08-08 16:57 - 2014-08-08 16:57 - 00000000 ____D () C:\Program Files\Bonjour
2014-08-08 16:55 - 2014-08-08 16:55 - 89111376 _____ (Apple Inc.) C:\Users\Pete\Downloads\iTunesSetup.exe
2014-08-08 16:52 - 2014-08-08 16:52 - 00838296 _____ ( ) C:\Users\Pete\Downloads\iTunes_Setup.exe
2014-08-06 17:46 - 2014-08-06 17:46 - 00000000 ____D () C:\Users\Pete\Documents\My Received Files
2014-08-06 17:44 - 2014-08-06 17:44 - 00000000 ____D () C:\Users\Pete\AppData\Local\imeshmusicboxtoolbarnew
2014-08-06 17:43 - 2014-08-06 17:43 - 00000000 ____D () C:\Program Files\Music App
2014-08-01 16:28 - 2012-03-13 11:00 - 00000000 ____D () C:\Users\Pete\Documents\12Pay
2014-07-31 17:54 - 2011-09-19 13:45 - 00016151 ____H () C:\Users\Pete\Documents\output to date.xlsx
2014-07-24 15:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-23 18:33 - 2014-07-23 18:33 - 04014321 _____ () C:\Users\Pete\Documents\SageAccts Sleaford Engineering Services 2014-07-23 18-33-21.001
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-18 20:09
 
==================== End Of Log ============================
 
Kind regards
 
Richard @ Sleaford Engineering


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 19 August 2014 - 06:37 AM

Hello Richard,

this is looking better now. How is the computer running? What problems still persist?
Let's do a check up:


Please download the ESET Online Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!

#10 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 19 August 2014 - 07:12 AM

At a quick glance things do appear better, no popups so far :-). Windows Update is working again as is Windows Firewall. Windows defender is reporting as turned off and MS Security Essentials is still giving the same error on start-up although the service appears to be running.

 

I will report further when I have run the latest above scanner



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 19 August 2014 - 02:51 PM

This is good to hear that things are running better.
Let's wait what ESET brings to the table before we take care of MS Security Essentials.

#12 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 20 August 2014 - 02:41 AM

Sorry for the delayed reply

 

Right, story since running ESET. Windows 7 tried to update to SP1 (Failed error 800F0826). I've stopped it trying to auto update for now as it fails to install anything OS related, it successfully managed to update Office 2010.

 

Log File for ESET

 

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e7a13c21e1cd494dbea61f16ce0daa12
# engine=19730
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-19 03:13:14
# local_time=2014-08-19 04:13:14 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 62277 31441588 0 0
# scanned=209918
# found=42
# cleaned=0
# scan_time=8704
sh=F3148F315DE8C53B65C72E30C4C1BBC24714E935 ft=1 fh=f538dce1e135eab5 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\apcrtldr.dll.vir"
sh=143D3AA2B860424A7203892F0B7ACBE21BBD4432 ft=1 fh=cc8713ad8c2d2311 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\Datamngr.dll.vir"
sh=335AF0DA98642F10A435BD0E731BA01215B5DD7C ft=1 fh=efac95eb842534c5 vn="a variant of Win32/Toolbar.SearchSuite.D potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\DatamngrCoordinator.exe.vir"
sh=A33112379F9667A366EF837747E0844F36828ECD ft=1 fh=b97261705d3aa0de vn="a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\DatamngrUI.exe.vir"
sh=0F8E20FEACC8BC287428CC5BB595A7FBD84F6F8D ft=1 fh=ffe4b718af3529a1 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\Helper.dll.vir"
sh=AB160782216DE556248400007B3F5E795123B0CA ft=1 fh=3a0a3d6832d6613e vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\IEBHO.dll.vir"
sh=7A0D979E2D5732D64FA0C44FFEA34CE6E6CB9E52 ft=1 fh=bd5be9259dd4b3be vn="a variant of Win32/Toolbar.SearchSuite.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\Internet Explorer Settings.exe.vir"
sh=702613145452877941EAE267436801C56CFF45DF ft=1 fh=0dd6dcffdc300cdb vn="a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\mgrldr.dll.vir"
sh=125E36837616DF114F2AC0FE2AF63C9120BEB78D ft=1 fh=2970a93ca8b7ea64 vn="a variant of Win32/AdWare.Bandoo.AG application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Movies App\Datamngr\setmgrc2.cfg.vir"
sh=6148DAB05D76E4FCEF4B394B0F60D9ADB2E2AB1E ft=1 fh=c71c0011346812ac vn="Win32/ELEX.AV potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{DA00D550-BB91-4A26-AAE5-9172D626CAAE}\_Setupx.dll.vir"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\DVDVideoSoftTB\ldrtbDVDV.dll.vir"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\DVDVideoSoftTB\tbDVDV.dll.vir"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\DVDVideoSoftTB\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\genienext\nengine.dll.vir"
sh=9DD0F7453F429A74EDA0C5519D70C91AF1EC6AA2 ft=0 fh=0000000000000000 vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.1.36.zip.vir"
sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir"
sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="a variant of Win32/Mobogenie.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Pete\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=EC042493D5426BC790187AC2662DAE8CDA419234 ft=1 fh=711eded0f2f22a82 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\APNStub.exe.xBAD"
sh=36FA0BF8BDE058C5E2DB3D5E2A37F850B3B9E7DD ft=1 fh=90eaed31b6a77601 vn="Win32/InstallIQ.C potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\iqu_installer.exe.xBAD"
sh=A12355B1649A667CB12C9221D9F289F9BA5E4FE2 ft=1 fh=bf53bc66d2b7ed07 vn="Win32/MyPCBackup.A potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\mpb1115.tmp.exe.xBAD"
sh=2DB3E42A467023E41F19B2B168B431588B4F3815 ft=1 fh=87e9af9778d30ddf vn="a variant of Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\nspADC0.tmp.exe.xBAD"
sh=2DB3E42A467023E41F19B2B168B431588B4F3815 ft=1 fh=87e9af9778d30ddf vn="a variant of Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\nsu1C3B.tmp.exe.xBAD"
sh=22037807DB1D0836C9FB35DF245848D1F940F433 ft=1 fh=44319fdb40f387ef vn="a variant of Win32/Toolbar.SearchSuite potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\SetupDataMngr_jZip.exe.xBAD"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\tbDVDV.dll.xBAD"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\tbedrs.dll.xBAD"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\tbFLV_.dll.xBAD"
sh=990B2809D3373DA63BC0C2869CDBA709CBCA995E ft=1 fh=2d59cbc2cc290803 vn="multiple threats" ac=I fn="C:\FRST\Quarantine\C\Users\Pete\AppData\Local\Temp\YontooSetup-Silent.exe.xBAD"
sh=21A93EF9EFB233C55A2B95ECC9410CBB194E59CA ft=1 fh=c2ad9e95f7b5366d vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\Program Files\Music App\Datamngr\del_DM_DLL_nsq6516.dll"
sh=E504CE64C3832AB6801B91AD0A5F8A56348C59C2 ft=1 fh=ea9bf8bf5ecbce49 vn="a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application" ac=I fn="C:\Program Files\Music App\Datamngr\del_DM_LL_nsq6516.dll"
sh=32EE35866CA9E41FCC9307DE23F8E339D75DF28A ft=1 fh=84201eb90f9bb0f4 vn="a variant of Win32/Toolbar.SearchSuite.S potentially unwanted application" ac=I fn="C:\Program Files\Music App\Datamngr\del_mg_nsq6516.dll"
sh=E4DC21092E714170182BC0EDAEC5CCCBCA825A4D ft=1 fh=0ab9f5ae6f6318b2 vn="a variant of Win32/Toolbar.Visicom.C potentially unwanted application" ac=I fn="C:\Program Files\Music App\Datamngr\SRTOOL~1\IE\dtuser.exe"
sh=AE7F0548BC95A6F474B350965252139621D1ECBA ft=1 fh=6a0369f3591cfd86 vn="a variant of Win32/Toolbar.Visicom.B potentially unwanted application" ac=I fn="C:\Program Files\Music App\Datamngr\SRTOOL~1\IE\searchresultsDx.dll"
sh=585E6E8CE3B8E6BF0020724D9FBBF976838AD2E2 ft=1 fh=9b3c31e4b016bbf1 vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Program Files\Music App\Datamngr\SRTOOL~1\IE\searchresultstb.dll"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="a variant of Win32/Toolbar.Conduit.P potentially unwanted application" ac=I fn="C:\Users\Pete\AppData\Local\FLV_Runner\ldrtbFLV_.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Users\Pete\AppData\Local\FLV_Runner\tbFLV_.dll"
sh=ABF759CA3BFB16DE62197DD7C417AC5039A43AE0 ft=1 fh=1801af74030ebca1 vn="a variant of Win32/PriceGong.A potentially unwanted application" ac=I fn="C:\Users\Pete\AppData\Local\FLV_Runner\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll"
sh=02D7EBD4DF4868E1683185B9598000ADFD2E6FAD ft=1 fh=0140ebeaded44bfc vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Pete\Downloads\iTunes_Setup.exe"
sh=E25CBADED971B7DA78571D45C77F2FC9E24466A7 ft=1 fh=22d73ff867253846 vn="probably a variant of Win32/PCCleaners potentially unwanted application" ac=I fn="C:\Windows\uninst.exe"
 
 
Regard
 
Richard


#13 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 20 August 2014 - 02:52 AM

Whilst I think about it, and I'm probably being a bit dim with this one, any way of stopping IE9 and Outlook 2010 auto starting. They don't appear in the start menu or in Startup in msconfig (that I can see) 

 

Cheers

 

Richard



#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:23 AM

Posted 20 August 2014 - 05:32 AM

Hello Richard,

ESET hasn't found anything that we really need to worry about. Just some adware remnants and a lot of stuff that already has been quarantined.
Now let's focus on Windows updates: Do these instructions help? http://windows.microsoft.com/en-us/windows/windows-update-error-800f0826#1TC=windows-7

#15 Sleaford Engineering

Sleaford Engineering
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:23 AM

Posted 20 August 2014 - 03:09 PM

Not having a lot of success, I have identified the point in time it last managed to install an important windows update (rather than an update to office or MSE) I have followed the instructions from above and the next error code I came across was 80070020 which I then followed to the letter. Still unable to install SP1 but have managed to install some of the failed updates from previous to SP1, decided that was time consuming installing updates one by one and thought I better ask for any further tips here. In the mean time I shall continue to install until something fails

 

Cheers

 

Richard






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users