Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Low-frequency "adchoice"-like popups


  • This topic is locked This topic is locked
19 replies to this topic

#1 mcduck

mcduck

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 25 August 2014 - 01:22 PM

Good evening, I am getting occasional advert pop-ups from both IE and Chrome. They are rather infrequent and irregular: one or two per day. Their arrival seemed to coincide with a spell when my laptop's WiFi gave intermittent connection problems, though that may have been unrelated. I am attaching those logs you suggest. Thanks in advance for any assistance. 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 26 August 2014 - 06:22 AM

:welcome:

Hello mcduck,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 26 August 2014 - 06:56 AM

Hi Jo, thanks for your post. I ran both those tools and am attaching the results. 

Attached Files



#4 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 26 August 2014 - 07:28 AM

Hello mcduck,

from now on please do not attach the logs but but copy and paste them into your message.

---

Did you set this ProxyServer: ocecprisa:8080

---

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 26 August 2014 - 11:09 AM

Hi Jo, thanks for your post. 

 

from now on please do not attach the logs but but copy and paste them into your message.

OK apologies. 

> Did you set this ProxyServer: ocecprisa:8080

No I do not recall this one, though once or twice over the three year life of this laptop I have set a proxy server for certain LANs though I don't now recall exactly which ones. I have not set a proxy server in the last few months. 

 

Malwarebytes said "Scan finished: No malware found!"

 

Below is the Adwcleaner logfiie text. I cannot see anything in there that I want to keep.

 

 

# AdwCleaner v3.308 - Report created 26/08/2014 at 15:10:34

# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Graham - GRAHAM-THINK
# Running from : C:\Users\Graham\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Program Files (x86)\BonanzaDeals
Folder Found : C:\Program Files (x86)\BonanzaDealsLive
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\BonanzaDealsLive
Folder Found : C:\Users\Graham\AppData\Local\BonanzaDealsLive
Folder Found : C:\Users\Graham\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Graham\AppData\Roaming\0D0S1L2Z1P1B
Folder Found : C:\Users\Graham\AppData\Roaming\digitalsite
Folder Found : C:\Users\Graham\AppData\Roaming\DigitalSites
Folder Found : C:\Users\Graham\AppData\Roaming\OpenCandy
 
***** [ Scheduled Tasks ] *****
 
Task Found : Digital Sites
Task Found : DigitalSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\BonanzaDealsLive
Key Found : HKCU\Software\dsiteproducts
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Package Packages
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Key Found : [x64] HKCU\Software\BonanzaDealsLive
Key Found : [x64] HKCU\Software\dsiteproducts
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\BonanzaDealsLive
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=876d0d93-54bd-497d-9a8a-28f66cc8c285&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=876d0d93-54bd-497d-9a8a-28f66cc8c285&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=876d0d93-54bd-497d-9a8a-28f66cc8c285&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=876d0d93-54bd-497d-9a8a-28f66cc8c285&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=876d0d93-54bd-497d-9a8a-28f66cc8c285&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=GB&userid=876d0d93-54bd-497d-9a8a-28f66cc8c285&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [5235 octets] - [26/08/2014 15:10:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5295 octets] ##########


#6 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 26 August 2014 - 11:50 AM

Hello mcduck,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 26 August 2014 - 02:43 PM

Hi Jo, thanks for your post. 

 

Adwcleaner logfile

 

# AdwCleaner v3.308 - Report created 26/08/2014 at 20:07:05
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Graham - GRAHAM-THINK
# Running from : C:\Users\Graham\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\BonanzaDealsLive
Folder Deleted : C:\Program Files (x86)\BonanzaDeals
Folder Deleted : C:\Program Files (x86)\BonanzaDealsLive
Folder Deleted : C:\Users\Graham\AppData\Local\BonanzaDealsLive
Folder Deleted : C:\Users\Graham\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Graham\AppData\Roaming\0D0S1L2Z1P1B
Folder Deleted : C:\Users\Graham\AppData\Roaming\digitalsite
Folder Deleted : C:\Users\Graham\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\Graham\AppData\Roaming\OpenCandy
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : Digital Sites
Task Deleted : DigitalSite
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieadcoanfjloocmfafkebdnfefmohngj
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\BonanzaDealsLive
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKLM\SOFTWARE\BonanzaDealsLive
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Codec Package Packages
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\DigitalSite
Key Deleted : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17239
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://www.studentloanrepayment.co.uk/pls/portal/url/page/rpipg001/rpips035/?ms={searchTerms}&submit.x=0&submit.y=0&submit=Go&osf=&mo=containsall&sepg=93&pao=equal&pav=1&pat=SF+Searchable&pan=GUTAI001&pas=0&pad=boolean&p_action=SUBMIT&ll=
 
*************************
 
AdwCleaner[R0].txt - [5411 octets] - [26/08/2014 15:10:34]
AdwCleaner[R1].txt - [5471 octets] - [26/08/2014 20:03:25]
AdwCleaner[S0].txt - [4498 octets] - [26/08/2014 20:07:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4558 octets] ##########
 
JRT logfile
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Graham on 26/08/2014 at 20:19:45.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A61C06D3-2F42-4CB9-9118-A0E9EDC1F48F}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{03272847-8645-424B-AE41-1F07388C686F}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{03569DA2-1FC9-4CC9-B0C8-C0A305B3F38F}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{0578B668-4C3B-4D06-91D2-BBF01DB52459}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{0AF40B75-6E3F-445D-89C8-D08F3AF93272}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{0EFC928F-A3C3-4EB0-BD60-67A01391F696}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{242AF32C-7ED0-4000-BDB5-369B1A8DE62D}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{2656D003-84EC-484C-9449-89BF6866A2EE}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{2D3FF34C-0596-40FD-AEF0-A929101CEFC7}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{36DE2EBB-103C-41B1-932E-DF94EC719AEC}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{37F23113-8658-4351-92D1-0904D01A944F}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{3FF5BB3F-4358-4C34-9841-9DFC310E4BD1}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{42B0C1DD-B6F1-4A40-B3B1-3419A978409A}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{435761A8-E6F6-4003-9EBC-BE8512C56510}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{48BB433A-0C64-4187-AA25-913FAED4FA8B}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{496EE794-77CA-404E-9615-40FB5D2CAFE5}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{4F4E01EE-BE1B-47C5-BB37-FB0F3D1ADBEC}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{530C68AB-F2D3-43A0-9B7F-6C8DC6279CBA}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{59331A7A-F184-4252-A1BB-CA48A01F31E5}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{59443DBA-FC5B-4F67-B490-A19AC5DCF7D6}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{5BB0C9AD-4D4E-4AC1-93D3-8FF23DE7B76D}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{66D0F24D-E681-4555-99F8-BED4CF783A36}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{6E227201-FB26-4582-96E6-103E45607009}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{70C86DAD-C912-499B-A437-6E1962CC061C}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{7CB17626-1862-4AD9-84FC-C2BF84544A39}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{800510DB-60AB-4BE9-BFE0-23350A1328F1}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{82A92B3E-C058-492E-B7F7-7FFEB4C818A5}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{83CA7B0B-F7E9-447F-AF2E-9BC746B23C2B}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{860DC1E0-181A-4EC2-B275-AF2B95A7769D}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{96593A3C-FDAC-4F91-8439-300ED06FE3D7}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{96EE956D-E235-45EF-9621-8B379DB4A5B5}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{A3A55AF9-656E-4F35-BB49-3DD7A82F1A81}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{A5DA4CDA-F749-4BEB-9B7B-B184A499046D}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{A79E9676-63DB-4194-BC98-892334223459}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{A83B661F-1969-4FAA-82EB-0DF36A02345F}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{B6A5C91D-E98A-4F0C-BB31-13403228186F}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{BE0440F8-E165-4F69-8447-E3F243AD82EF}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{C849F4A5-B868-4ED7-85A1-B3E7365F5561}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{D2584D1D-1259-497F-9590-5341DE9E5AF7}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{D4FB8B20-1A78-4D0A-A94B-4AB6E1197C4E}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{E44A3753-99C9-4439-996F-89D4DC7DD132}
Successfully deleted: [Empty Folder] C:\Users\Graham\appdata\local\{ECB69325-DD7C-4712-A878-607C778614FF}
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/08/2014 at 20:27:27.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FSRT logfile
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Graham (administrator) on GRAHAM-THINK on 26-08-2014 20:32:48
Running from C:\Users\Graham\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
() C:\Windows\SysWOW64\ChgService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
() C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe
() C:\Program Files (x86)\Egnyte Local Cloud\egnyte_local_cloud_client.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Spotify Ltd) C:\Users\Graham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Graham\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password\Agile1pAgent.exe [2246416 2014-06-04] (AgileBits)
HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155424 2012-07-10] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [Google Update] => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-12] (Google Inc.)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [OfficeSyncProcess] => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [Spotify Web Helper] => C:\Users\Graham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-13] (Spotify Ltd)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2012-06-11] (TrueCrypt Foundation)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {72f1516c-361b-11e1-91ca-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {8b9fe3d5-f0c2-11e0-b833-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {e63f15e6-2521-11e4-b0c5-028037ec0200} - D:\.\Windows_ShowModem.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {e97de2ec-3133-11e1-ab65-8ca982b8bf8c} - D:\AutoRun.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {ed8e526c-ae10-11e0-8ba7-806e6f6e6963} - D:\AutoRun.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Agile1pAgent.exe.lnk
ShortcutTarget: Agile1pAgent.exe.lnk -> C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  _001EgnyteOk -> {3A87EE91-AED7-46E9-B8A3-5360628BA718} => C:\Program Files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll (Egnyte, Inc)
ShellIconOverlayIdentifiers:  _002EgnytePending -> {32C0A1F2-A6AA-41FB-906A-C8FB4436B2B3} => C:\Program Files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll (Egnyte, Inc)
ShellIconOverlayIdentifiers:  _003EgnyteError -> {6C86A3CE-0F44-4C8A-8A3E-34B68ECD30A7} => C:\Program Files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll (Egnyte, Inc)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: ocecprisa:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aethaconsulting.sharepoint.com/teamsite/SitePages/Home.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1Password -> {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} -> C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www2.agenciatributaria.gob.es/ES13/h/CACTIVEX.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP7EP2-4/webex/ieatgpc1.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 102.112.2O7.net
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{342DA295-2F22-4C6D-9872-98291766A469}: [NameServer] 195.230.105.134 195.230.105.135
Tcpip\..\Interfaces\{D8CD24B1-1649-48B8-A42A-21DE3500E3F0}: [NameServer] 195.230.105.134 195.230.105.135
Tcpip\..\Interfaces\{E4B7B52D-C74B-402E-A0FD-B10B2E042BE8}: [NameServer] 195.230.105.134 195.230.105.135
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Graham\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-02-05]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-09]
CHR Extension: (Google Drive) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-22]
CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09]
CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09]
CHR Extension: (1Password) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmbinomkfhmgknkoicejolfdfjeajmk [2014-08-22]
CHR Extension: (Google Wallet) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2014-06-04] (AgileBits)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2010-03-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-06-24] (Lenovo.)
R2 egnyteMon; C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe [28264 2014-02-25] ()
R2 egnyteSync; C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe [28264 2014-02-25] ()
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [29472 2012-07-10] (Macheen)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-08-18] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2009-12-17] (QUALCOMM Incorporated)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-04-20] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-04-20] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-06-26] ()
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-01] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-26] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-26] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-26] (Acronis International GmbH)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [38368 2012-12-12] (The OpenVPN Project)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-22] (Ericsson AB)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 20:31 - 2014-08-26 20:31 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT (1).exe
2014-08-26 20:27 - 2014-08-26 20:27 - 00005162 _____ () C:\Users\Graham\Desktop\JRT.txt
2014-08-26 20:19 - 2014-08-26 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 20:18 - 2014-08-26 20:19 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT.exe
2014-08-26 18:20 - 2014-08-26 18:20 - 04123795 _____ () C:\Users\Graham\Downloads\NBP.zip
2014-08-26 15:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-26 15:10 - 2014-08-26 20:07 - 00000000 ____D () C:\AdwCleaner
2014-08-26 15:10 - 2014-08-26 15:09 - 01364531 _____ () C:\Users\Graham\Desktop\AdwCleaner.exe
2014-08-26 15:09 - 2014-08-26 15:09 - 01364531 _____ () C:\Users\Graham\Downloads\AdwCleaner.exe
2014-08-26 13:54 - 2014-08-26 17:07 - 00000000 ____D () C:\Users\Graham\Desktop\mbar
2014-08-26 13:54 - 2014-08-26 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 13:54 - 2014-08-26 13:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 13:51 - 2014-08-26 13:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Graham\Downloads\mbar-1.07.0.1012.exe
2014-08-26 12:46 - 2014-08-26 12:47 - 00054861 _____ () C:\Users\Graham\Downloads\Addition.txt
2014-08-26 12:45 - 2014-08-26 20:32 - 00031307 _____ () C:\Users\Graham\Downloads\FRST.txt
2014-08-26 12:45 - 2014-08-26 20:32 - 00000000 ____D () C:\FRST
2014-08-26 12:41 - 2014-08-26 12:41 - 02103296 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe
2014-08-26 12:37 - 2014-08-26 12:37 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck (1).exe
2014-08-26 12:34 - 2014-08-26 12:34 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck.exe
2014-08-25 19:17 - 2014-08-25 19:17 - 00017090 _____ () C:\Users\Graham\Downloads\Attach.txt
2014-08-25 19:16 - 2014-08-25 19:16 - 00009861 _____ () C:\Users\Graham\Desktop\dds.zip
2014-08-25 19:16 - 2014-08-25 19:16 - 00005582 _____ () C:\Users\Graham\Downloads\ark.txt
2014-08-25 19:16 - 2014-08-25 19:16 - 00003588 _____ () C:\Users\Graham\Desktop\attach.zip
2014-08-25 18:25 - 2014-08-25 18:26 - 00008424 _____ () C:\Users\Graham\Desktop\attach.txt
2014-08-25 18:23 - 2014-08-25 18:23 - 00688992 ____R (Swearware) C:\Users\Graham\Downloads\dds.com
2014-08-25 17:31 - 2014-08-25 17:31 - 00458231 _____ () C:\Users\Graham\Downloads\Aetha NZD Templates.zip
2014-08-24 11:01 - 2014-08-24 11:01 - 00000000 __SHD () C:\found.004
2014-08-23 11:10 - 2014-08-23 11:10 - 00002438 _____ () C:\Users\Graham\Downloads\booking_MAD _Flights1408788626997.ics
2014-08-22 13:50 - 2014-08-22 13:50 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 10:58 - 2014-08-22 10:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 10:58 - 2014-08-22 10:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 10:58 - 2014-08-22 10:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 10:58 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-22 09:38 - 2014-08-22 09:38 - 02881881 _____ () C:\Users\Graham\Downloads\MOBILY WHOLESALE 2014 08 21 2130.xlsm
2014-08-21 20:29 - 2014-08-21 20:29 - 00000414 __RSH () C:\ProgramData\ntuser.pol
2014-08-20 19:14 - 2014-08-20 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 19:14 - 2014-08-20 19:13 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-20 19:14 - 2014-08-20 19:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-20 19:14 - 2014-08-20 19:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-20 19:14 - 2014-08-20 19:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-20 19:13 - 2014-08-20 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-20 19:08 - 2014-08-20 19:08 - 00918440 _____ (Oracle Corporation) C:\Users\Graham\Downloads\chromeinstall-7u67.exe
2014-08-20 19:05 - 2014-08-20 19:05 - 01057176 _____ (Adobe) C:\Users\Graham\Downloads\install_flashplayer14x32axau_mssd_aaa_aih.exe
2014-08-19 23:55 - 2014-08-20 00:05 - 30293168 _____ () C:\Users\Graham\Downloads\NOS_Tplss-Flamenco.avi.crdownload
2014-08-19 23:49 - 2014-08-19 23:49 - 00000000 __SHD () C:\found.003
2014-08-18 13:54 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-18 13:54 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-18 13:54 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-18 13:54 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-18 13:54 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-18 13:54 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 13:52 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 13:52 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 13:44 - 2014-08-18 13:44 - 00000000 __SHD () C:\found.002
2014-08-17 16:37 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 16:37 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 16:37 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 16:37 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 16:37 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 16:37 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 16:37 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 16:37 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 16:37 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 16:37 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 16:37 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 16:37 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 16:37 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 16:37 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 16:37 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 16:37 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 16:37 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 16:37 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 16:37 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 16:37 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 16:37 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 16:37 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 16:37 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 16:37 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 16:37 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 16:37 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 16:37 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 16:37 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 16:37 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 16:37 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 16:37 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 16:37 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 16:37 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 16:37 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 16:37 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 16:37 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 16:37 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 16:37 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 16:37 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 16:37 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 16:37 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 16:37 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 16:37 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 16:37 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 16:37 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 16:37 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 16:37 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 16:37 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 16:37 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 16:37 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 16:37 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 16:37 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 16:37 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 16:37 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 16:37 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 16:37 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 16:59 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 16:59 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 16:59 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 16:59 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 16:59 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 16:58 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 16:58 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 16:58 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 16:53 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 16:53 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 16:48 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 16:48 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-16 09:50 - 2014-08-16 09:50 - 00001086 _____ () C:\Users\Public\Desktop\Banda Ancha Móvil .lnk
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banda Ancha Móvil
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\Program Files (x86)\Banda Ancha Móvil
2014-08-16 09:50 - 2010-03-26 20:02 - 00135168 _____ () C:\Windows\SysWOW64\ChgService.exe
2014-08-16 09:50 - 2009-12-17 10:56 - 00126080 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\cmnsusbser.sys
2014-08-16 09:50 - 2009-12-17 10:56 - 00103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
2014-08-10 08:59 - 2014-08-10 08:59 - 00000000 __SHD () C:\found.001
2014-08-06 20:19 - 2014-05-08 10:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-06 20:19 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-06 20:19 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-06 20:19 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-05 07:42 - 2014-08-05 07:42 - 00002005 _____ () C:\Users\Public\Desktop\Lenovo SHAREit.lnk
2014-08-05 07:42 - 2014-08-05 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-05 07:21 - 2014-08-05 07:21 - 00000000 __SHD () C:\found.000
2014-08-05 00:47 - 2014-08-05 00:47 - 00622584 _____ () C:\Windows\Minidump\080514-8236-01.dmp
2014-08-04 23:53 - 2013-07-31 00:47 - 00442656 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn155.dll
2014-08-04 23:53 - 2013-07-31 00:43 - 00441632 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3155.DLL
2014-08-04 23:52 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-04 23:52 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-04 23:52 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-04 23:52 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-04 23:52 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-04 23:52 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-04 23:52 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-04 23:52 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-04 23:52 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-04 23:52 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-04 23:52 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-04 23:52 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-04 23:52 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-04 23:52 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-04 23:52 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-04 23:52 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-04 23:51 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-04 23:51 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-04 23:51 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-04 23:51 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-04 23:51 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-04 23:50 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-04 23:50 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-04 23:50 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-04 23:50 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 09:08 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 09:08 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 09:08 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 09:08 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 09:08 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 09:08 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 09:08 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 09:08 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 20:33 - 2014-08-26 12:45 - 00031307 _____ () C:\Users\Graham\Downloads\FRST.txt
2014-08-26 20:32 - 2014-08-26 12:45 - 00000000 ____D () C:\FRST
2014-08-26 20:31 - 2014-08-26 20:31 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT (1).exe
2014-08-26 20:31 - 2014-03-13 17:00 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\EgnyteLocalCloud
2014-08-26 20:27 - 2014-08-26 20:27 - 00005162 _____ () C:\Users\Graham\Desktop\JRT.txt
2014-08-26 20:20 - 2009-07-14 05:51 - 00337613 _____ () C:\Windows\setupact.log
2014-08-26 20:19 - 2014-08-26 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 20:19 - 2014-08-26 20:18 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT.exe
2014-08-26 20:16 - 2014-04-14 18:19 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-677832004-1690524382-748576713-1001.job
2014-08-26 20:15 - 2009-07-14 06:13 - 00791252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 20:15 - 2009-07-14 05:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-26 20:15 - 2009-07-14 05:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-26 20:11 - 2011-06-26 02:23 - 01595121 _____ () C:\Windows\WindowsUpdate.log
2014-08-26 20:10 - 2011-08-19 14:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-26 20:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-26 20:07 - 2014-08-26 15:10 - 00000000 ____D () C:\AdwCleaner
2014-08-26 20:07 - 2010-11-21 04:47 - 00274514 _____ () C:\Windows\PFRO.log
2014-08-26 19:56 - 2011-07-04 07:36 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-26 19:27 - 2011-07-12 17:53 - 00000000 ___RD () C:\Users\Graham\Dropbox
2014-08-26 19:09 - 2011-07-14 09:13 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Skype
2014-08-26 18:51 - 2012-04-01 08:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-26 18:35 - 2011-08-19 14:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-26 18:35 - 2011-07-12 17:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677832004-1690524382-748576713-1001UA.job
2014-08-26 18:20 - 2014-08-26 18:20 - 04123795 _____ () C:\Users\Graham\Downloads\NBP.zip
2014-08-26 17:07 - 2014-08-26 13:54 - 00000000 ____D () C:\Users\Graham\Desktop\mbar
2014-08-26 17:07 - 2014-08-26 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 15:09 - 2014-08-26 15:10 - 01364531 _____ () C:\Users\Graham\Desktop\AdwCleaner.exe
2014-08-26 15:09 - 2014-08-26 15:09 - 01364531 _____ () C:\Users\Graham\Downloads\AdwCleaner.exe
2014-08-26 14:35 - 2011-07-12 17:30 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677832004-1690524382-748576713-1001Core.job
2014-08-26 13:54 - 2014-08-26 13:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 13:52 - 2014-08-26 13:51 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Graham\Downloads\mbar-1.07.0.1012.exe
2014-08-26 12:47 - 2014-08-26 12:46 - 00054861 _____ () C:\Users\Graham\Downloads\Addition.txt
2014-08-26 12:41 - 2014-08-26 12:41 - 02103296 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe
2014-08-26 12:37 - 2014-08-26 12:37 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck (1).exe
2014-08-26 12:34 - 2014-08-26 12:34 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck.exe
2014-08-26 12:00 - 2011-07-04 07:36 - 00003502 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-26 12:00 - 2011-07-04 07:36 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-26 09:55 - 2011-07-12 17:51 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Dropbox
2014-08-26 09:31 - 2014-04-14 18:19 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-677832004-1690524382-748576713-1001
2014-08-26 09:05 - 2011-07-04 07:36 - 00000000 ____D () C:\Users\Graham
2014-08-26 07:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-26 07:42 - 2013-10-20 10:42 - 00000205 _____ () C:\Users\Graham\AppData\Roaming\WB.CFG
2014-08-26 06:57 - 2011-07-04 07:36 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 19:17 - 2014-08-25 19:17 - 00017090 _____ () C:\Users\Graham\Downloads\Attach.txt
2014-08-25 19:16 - 2014-08-25 19:16 - 00009861 _____ () C:\Users\Graham\Desktop\dds.zip
2014-08-25 19:16 - 2014-08-25 19:16 - 00005582 _____ () C:\Users\Graham\Downloads\ark.txt
2014-08-25 19:16 - 2014-08-25 19:16 - 00003588 _____ () C:\Users\Graham\Desktop\attach.zip
2014-08-25 18:26 - 2014-08-25 18:25 - 00008424 _____ () C:\Users\Graham\Desktop\attach.txt
2014-08-25 18:23 - 2014-08-25 18:23 - 00688992 ____R (Swearware) C:\Users\Graham\Downloads\dds.com
2014-08-25 17:36 - 2011-07-04 07:36 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 17:31 - 2014-08-25 17:31 - 00458231 _____ () C:\Users\Graham\Downloads\Aetha NZD Templates.zip
2014-08-24 11:01 - 2014-08-24 11:01 - 00000000 __SHD () C:\found.004
2014-08-24 03:30 - 2014-04-07 13:57 - 00000000 ____D () C:\Users\Graham\AppData\Local\MobileAccess
2014-08-23 11:10 - 2014-08-23 11:10 - 00002438 _____ () C:\Users\Graham\Downloads\booking_MAD _Flights1408788626997.ics
2014-08-22 18:36 - 2011-07-12 17:52 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-22 13:50 - 2014-08-22 13:50 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 10:59 - 2014-08-22 10:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 10:59 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 10:59 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 10:58 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-22 09:38 - 2014-08-22 09:38 - 02881881 _____ () C:\Users\Graham\Downloads\MOBILY WHOLESALE 2014 08 21 2130.xlsm
2014-08-21 20:29 - 2014-08-21 20:29 - 00000414 __RSH () C:\ProgramData\ntuser.pol
2014-08-21 20:27 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-21 11:18 - 2014-04-21 12:13 - 00000000 ____D () C:\Users\Graham\AppData\Local\CrashDumps
2014-08-20 19:15 - 2013-10-18 10:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-20 19:14 - 2014-08-20 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 19:13 - 2014-08-20 19:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-20 19:13 - 2014-08-20 19:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-20 19:13 - 2014-08-20 19:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-20 19:13 - 2014-08-20 19:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-20 19:13 - 2014-08-20 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-20 19:08 - 2014-08-20 19:08 - 00918440 _____ (Oracle Corporation) C:\Users\Graham\Downloads\chromeinstall-7u67.exe
2014-08-20 19:05 - 2014-08-20 19:05 - 01057176 _____ (Adobe) C:\Users\Graham\Downloads\install_flashplayer14x32axau_mssd_aaa_aih.exe
2014-08-20 00:05 - 2014-08-19 23:55 - 30293168 _____ () C:\Users\Graham\Downloads\NOS_Tplss-Flamenco.avi.crdownload
2014-08-19 23:49 - 2014-08-19 23:49 - 00000000 __SHD () C:\found.003
2014-08-18 19:29 - 2011-06-26 02:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-18 14:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-18 14:11 - 2013-09-07 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-18 14:06 - 2011-07-16 10:45 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-18 13:44 - 2014-08-18 13:44 - 00000000 __SHD () C:\found.002
2014-08-17 22:40 - 2012-06-11 10:32 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\TrueCrypt
2014-08-16 17:07 - 2014-04-30 22:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 09:50 - 2014-08-16 09:50 - 00001086 _____ () C:\Users\Public\Desktop\Banda Ancha Móvil .lnk
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banda Ancha Móvil
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\Program Files (x86)\Banda Ancha Móvil
2014-08-12 17:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-10 08:59 - 2014-08-10 08:59 - 00000000 __SHD () C:\found.001
2014-08-09 23:18 - 2014-06-27 20:08 - 00004994 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Graham-THINK-Graham Graham-THINK
2014-08-07 03:06 - 2014-08-16 16:48 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-16 16:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 07:43 - 2011-06-26 02:22 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-08-05 07:43 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2014-08-05 07:42 - 2014-08-05 07:42 - 00002005 _____ () C:\Users\Public\Desktop\Lenovo SHAREit.lnk
2014-08-05 07:42 - 2014-08-05 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-05 07:42 - 2011-06-26 02:23 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-05 07:42 - 2011-06-26 02:14 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-08-05 07:42 - 2011-06-26 02:14 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-05 07:31 - 2011-06-26 01:53 - 00000000 ____D () C:\ProgramData\Lenovo
2014-08-05 07:29 - 2014-04-07 10:53 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-08-05 07:29 - 2011-06-26 02:15 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-08-05 07:21 - 2014-08-05 07:21 - 00000000 __SHD () C:\found.000
2014-08-05 00:47 - 2014-08-05 00:47 - 00622584 _____ () C:\Windows\Minidump\080514-8236-01.dmp
2014-08-05 00:47 - 2012-01-18 16:29 - 885536577 _____ () C:\Windows\MEMORY.DMP
2014-08-05 00:47 - 2012-01-18 16:29 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 00:12 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 00:41 - 2014-08-17 16:37 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 00:16 - 2014-08-17 16:37 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 11:52 - 2014-07-22 09:54 - 00038522 _____ () C:\Users\Graham\AppData\Roaming\Comma Separated Values.ADR
2014-07-30 17:39 - 2013-03-13 13:33 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\webex
 
Some content of TEMP:
====================
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.295.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.296.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.299.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.304.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.305.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.314.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.319.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.326.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.327.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.328.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.330.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.331.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.332.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.333.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.335.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.336.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.337.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.338.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.339.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.340.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.341.exe
C:\Users\Graham\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Graham\AppData\Local\Temp\cryptoapi4java.dll
C:\Users\Graham\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Graham\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4kqv_q.dll
C:\Users\Graham\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.1.exe
C:\Users\Graham\AppData\Local\Temp\GomAudDnInstaller.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Graham\AppData\Local\Temp\nativecall.dll
C:\Users\Graham\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Graham\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Graham\AppData\Local\Temp\Quarantine.exe
C:\Users\Graham\AppData\Local\Temp\ResetDevice.exe
C:\Users\Graham\AppData\Local\Temp\setuplyncentryretail.x64.en-us_.exe
C:\Users\Graham\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Graham\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Graham\AppData\Local\Temp\WiTopia%20Installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-21 11:46
 
==================== End Of Log ============================
 
How the computer is running now?
 
Thank you very much for your help. It is good to see AdwCleaner remove those items it listed, even if they were not the problem.
 
My laptop was running well before. I was not looking for a speed increase. I wanted to stop that AdWare, which was very infrequent, one or two a day. I would not like to reboot, leave it running and see whether any pop-ups arrive in the next 24h. 


#8 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 26 August 2014 - 02:44 PM

Apologies for typo above. I said " I would not like to reboot...", I meant " I would now like to reboot..."



#9 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 26 August 2014 - 03:05 PM

ok reboot now.

And tomorrow we remove the ProxyServer: ocecprisa:8080

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 27 August 2014 - 03:28 AM

Good morning Jo

There were no new popups during the night, which is a good sign. 

Thanks & regards



#11 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 27 August 2014 - 03:53 AM

Hello mcduck,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
ProxyServer: ocecprisa:8080
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.



***


Use the fixlist.txt that I've attached to this message.
Save it in the same location as FRST (usually your desktop) as fixlist.txt

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST again like we did before - Run FRST again with right-click and select run as administrator! - but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.
Also boot the computer into normal mode and let me know how things are looking.
 

***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 27 August 2014 - 05:10 AM

Thanks Jo. Log files below. the last two times I rebooted I had to manually connect to WiFi -- it did not automatically pick up, as it usually does. Another unusual thing: the system tray Icon was not the usual 'five bar' WiFi icon, but a wired LAN symbol. After connecting, it turned into a 'five bar' WiFi icon and is now working fine. 

 

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-08-2014
Ran by Graham at 2014-08-27 10:51:28 Run:1
Running from C:\Users\Graham\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
ProxyServer: ocecprisa:8080
end
*****************
 
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
 
==== End of Fixlog ====
 
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Graham (administrator) on GRAHAM-THINK on 27-08-2014 11:04:33
Running from C:\Users\Graham\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
() C:\Windows\SysWOW64\ChgService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
() C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Data Perceptions / PowerProgrammer) C:\Windows\SysWOW64\WebUpdateSvc4.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Ericsson AB) C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe
() C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVCM.EXE
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\ZOOM\TpScrex.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\AutoLock\ALCKRESI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Spotify Ltd) C:\Users\Graham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe
(AgileBits) C:\Program Files (x86)\1Password\Agile1pAgent.exe
(Lenovo) C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SRORest.exe
() C:\Program Files (x86)\Egnyte Local Cloud\egnyte_local_cloud_client.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Macheen) C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\outlook.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Egnyte Local Cloud\egnyte_local_cloud_client.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Graham\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [60920 2013-05-29] (Lenovo Group Limited)
HKLM\...\Run: [ALCKRESI.EXE] => C:\Program Files\Lenovo\AutoLock\ALCKRESI.EXE [388600 2013-04-15] (Lenovo Group Limited)
HKLM\...\Run: [AcWin7Hlpr] => C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe [63832 2014-03-14] (Lenovo)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password\Agile1pAgent.exe [2246416 2014-06-04] (AgileBits)
HKLM-x32\...\Run: [MobileAccess] => C:\Program Files (x86)\Lenovo\MobileAccess\MobileAccess.exe [155424 2012-07-10] (Lenovo)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [Google Update] => C:\Users\Graham\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-12] (Google Inc.)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [OfficeSyncProcess] => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [Spotify Web Helper] => C:\Users\Graham\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-13] (Spotify Ltd)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\Run: [TrueCrypt] => C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2012-06-11] (TrueCrypt Foundation)
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {72f1516c-361b-11e1-91ca-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {8b9fe3d5-f0c2-11e0-b833-028037ec0200} - D:\AutoRun.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {e63f15e6-2521-11e4-b0c5-028037ec0200} - D:\.\Windows_ShowModem.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {e97de2ec-3133-11e1-ab65-8ca982b8bf8c} - D:\AutoRun.exe
HKU\S-1-5-21-677832004-1690524382-748576713-1001\...\MountPoints2: {ed8e526c-ae10-11e0-8ba7-806e6f6e6963} - D:\AutoRun.exe
Lsa: [Notification Packages] scecli ACGina
Startup: C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Agile1pAgent.exe.lnk
ShortcutTarget: Agile1pAgent.exe.lnk -> C:\Program Files (x86)\1Password\Agile1pAgent.exe (AgileBits)
ShellIconOverlayIdentifiers:  SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers:  _001EgnyteOk -> {3A87EE91-AED7-46E9-B8A3-5360628BA718} => C:\Program Files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll (Egnyte, Inc)
ShellIconOverlayIdentifiers:  _002EgnytePending -> {32C0A1F2-A6AA-41FB-906A-C8FB4436B2B3} => C:\Program Files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll (Egnyte, Inc)
ShellIconOverlayIdentifiers:  _003EgnyteError -> {6C86A3CE-0F44-4C8A-8A3E-34B68ECD30A7} => C:\Program Files (x86)\Egnyte Local Cloud\Extensions\EgnyteExtensions.dll (Egnyte, Inc)
ShellIconOverlayIdentifiers: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll ()
ShellIconOverlayIdentifiers-x32: "DropboxExt1" -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt2" -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt3" -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt4" -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt5" -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt6" -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt7" -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: "DropboxExt8" -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Graham\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aethaconsulting.sharepoint.com/teamsite/SitePages/Home.aspx
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: 1Password -> {CB1A24DA-7416-4921-A0CF-5AA1160AAE2A} -> C:\Program Files (x86)\1Password\Agile1pIE.dll (AgileBits)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM-x32 {816BE035-1450-40D0-8A3B-BA7825A83A77} http://support.lenovo.com/Resources/Lenovo/AutoDetect/Lenovo_AutoDetect2.cab
DPF: HKLM-x32 {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www2.agenciatributaria.gob.es/ES13/h/CACTIVEX.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T29L10NSP7EP2-4/webex/ieatgpc1.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 102.112.2O7.net
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{342DA295-2F22-4C6D-9872-98291766A469}: [NameServer] 195.230.105.134 195.230.105.135
Tcpip\..\Interfaces\{D8CD24B1-1649-48B8-A42A-21DE3500E3F0}: [NameServer] 195.230.105.134 195.230.105.135
Tcpip\..\Interfaces\{E4B7B52D-C74B-402E-A0FD-B10B2E042BE8}: [NameServer] 195.230.105.134 195.230.105.135
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Services\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Graham\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Graham\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Graham\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Graham\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2013-02-05]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-09]
CHR Extension: (Google Drive) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-22]
CHR Extension: (YouTube) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-09]
CHR Extension: (Google Search) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-09]
CHR Extension: (1Password) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdmbinomkfhmgknkoicejolfdfjeajmk [2014-08-22]
CHR Extension: (Google Wallet) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-09]
CHR Extension: (Gmail) - C:\Users\Graham\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Agile1Password; C:\Program Files (x86)\1Password\Agile1pService.exe [768784 2014-06-04] (AgileBits)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L)
R2 Change Modem Device Service; C:\Windows\SysWOW64\ChgService.exe [135168 2010-03-26] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356912 2014-07-19] (Microsoft Corporation)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-06-24] (Lenovo.)
R2 egnyteMon; C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudDriveMonitor.exe [28264 2014-02-25] ()
R2 egnyteSync; C:\Program Files (x86)\Egnyte Local Cloud\EgnyteLocalCloudSynchronizer.exe [28264 2014-02-25] ()
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [93032 2010-04-07] (Lenovo Group Limited)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1663880 2014-05-06] ()
R2 MacheenService; C:\Program Files (x86)\Lenovo\MobileAccess\MacheenService.exe [29472 2012-07-10] (Macheen)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2078112 2011-09-28] (Microsoft Corp.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-06-23] (Trusteer Ltd.)
R2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-05] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [278800 2010-08-18] (Data Perceptions / PowerProgrammer)
R2 WMCoreService; C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe [648744 2011-08-12] (Ericsson AB)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [126080 2009-12-17] (QUALCOMM Incorporated)
R3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2010-02-24] (Ericsson AB)
R3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [30248 2010-02-24] (Ericsson AB)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [246224 2010-04-20] (Huawei Technologies Co., Ltd.)
S3 hwusbdev; C:\Windows\System32\DRIVERS\ewusbdev.sys [114304 2010-04-20] (Huawei Technologies Co., Ltd.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-16] (Intel Corporation)
R3 l36wgps; C:\Windows\System32\DRIVERS\l36wgps64.sys [101416 2011-07-01] (Ericsson AB)
R3 Mbm3CBus; C:\Windows\System32\DRIVERS\Mbm3CBus.sys [419400 2011-04-29] (MCCI Corporation)
R3 Mbm3DevMt; C:\Windows\System32\DRIVERS\Mbm3DevMt.sys [430664 2011-04-29] (MCCI Corporation)
R3 Mbm3mdfl; C:\Windows\System32\DRIVERS\Mbm3mdfl.sys [19528 2011-04-29] (MCCI Corporation)
R3 Mbm3Mdm; C:\Windows\System32\DRIVERS\Mbm3Mdm.sys [483400 2011-04-29] (MCCI Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-06-26] ()
R1 RapportCerberus_69108; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69108.sys [631128 2014-07-01] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-06-23] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-06-23] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-06-23] (Trusteer Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [45296 2013-11-15] (Synaptics Incorporated)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-01-26] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-01-26] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-01-26] (Acronis International GmbH)
S3 visctap0901; C:\Windows\System32\DRIVERS\visctap0901.sys [38368 2012-12-12] (The OpenVPN Project)
R3 WwanUsbServ; C:\Windows\System32\DRIVERS\WwanUsbMp64.sys [284912 2013-11-22] (Ericsson AB)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-26 20:31 - 2014-08-26 20:31 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT (1).exe
2014-08-26 20:19 - 2014-08-26 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 20:18 - 2014-08-26 20:19 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT.exe
2014-08-26 18:20 - 2014-08-26 18:20 - 04123795 _____ () C:\Users\Graham\Downloads\NBP.zip
2014-08-26 15:11 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-26 15:10 - 2014-08-27 08:30 - 00000000 ____D () C:\AdwCleaner
2014-08-26 15:10 - 2014-08-26 15:09 - 01364531 _____ () C:\Users\Graham\Desktop\AdwCleaner.exe
2014-08-26 15:09 - 2014-08-26 15:09 - 01364531 _____ () C:\Users\Graham\Downloads\AdwCleaner.exe
2014-08-26 13:54 - 2014-08-26 17:07 - 00000000 ____D () C:\Users\Graham\Desktop\mbar
2014-08-26 13:54 - 2014-08-26 17:07 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 13:54 - 2014-08-26 13:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 13:51 - 2014-08-26 13:52 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Graham\Downloads\mbar-1.07.0.1012.exe
2014-08-26 12:46 - 2014-08-26 12:47 - 00054861 _____ () C:\Users\Graham\Downloads\Addition.txt
2014-08-26 12:45 - 2014-08-27 11:04 - 00031473 _____ () C:\Users\Graham\Downloads\FRST.txt
2014-08-26 12:45 - 2014-08-27 11:04 - 00000000 ____D () C:\FRST
2014-08-26 12:41 - 2014-08-26 12:41 - 02103296 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe
2014-08-26 12:37 - 2014-08-26 12:37 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck (1).exe
2014-08-26 12:34 - 2014-08-26 12:34 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck.exe
2014-08-25 19:17 - 2014-08-25 19:17 - 00017090 _____ () C:\Users\Graham\Downloads\Attach.txt
2014-08-25 19:16 - 2014-08-25 19:16 - 00005582 _____ () C:\Users\Graham\Downloads\ark.txt
2014-08-25 18:23 - 2014-08-25 18:23 - 00688992 ____R (Swearware) C:\Users\Graham\Downloads\dds.com
2014-08-25 17:31 - 2014-08-25 17:31 - 00458231 _____ () C:\Users\Graham\Downloads\Aetha NZD Templates.zip
2014-08-24 11:01 - 2014-08-24 11:01 - 00000000 __SHD () C:\found.004
2014-08-23 11:10 - 2014-08-23 11:10 - 00002438 _____ () C:\Users\Graham\Downloads\booking_MAD _Flights1408788626997.ics
2014-08-22 13:50 - 2014-08-22 13:50 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 10:58 - 2014-08-22 10:59 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 10:58 - 2014-08-22 10:59 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 10:58 - 2014-08-22 10:59 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 10:58 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-22 09:38 - 2014-08-22 09:38 - 02881881 _____ () C:\Users\Graham\Downloads\MOBILY WHOLESALE 2014 08 21 2130.xlsm
2014-08-21 20:29 - 2014-08-21 20:29 - 00000414 __RSH () C:\ProgramData\ntuser.pol
2014-08-20 19:14 - 2014-08-20 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 19:14 - 2014-08-20 19:13 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-20 19:14 - 2014-08-20 19:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-20 19:14 - 2014-08-20 19:13 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-20 19:14 - 2014-08-20 19:13 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-20 19:13 - 2014-08-20 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-20 19:08 - 2014-08-20 19:08 - 00918440 _____ (Oracle Corporation) C:\Users\Graham\Downloads\chromeinstall-7u67.exe
2014-08-20 19:05 - 2014-08-20 19:05 - 01057176 _____ (Adobe) C:\Users\Graham\Downloads\install_flashplayer14x32axau_mssd_aaa_aih.exe
2014-08-19 23:55 - 2014-08-20 00:05 - 30293168 _____ () C:\Users\Graham\Downloads\NOS_Tplss-Flamenco.avi.crdownload
2014-08-19 23:49 - 2014-08-19 23:49 - 00000000 __SHD () C:\found.003
2014-08-18 13:54 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-18 13:54 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-18 13:54 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-18 13:54 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-18 13:54 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-18 13:54 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 13:52 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 13:52 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 13:44 - 2014-08-18 13:44 - 00000000 __SHD () C:\found.002
2014-08-17 16:37 - 2014-08-01 00:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 16:37 - 2014-08-01 00:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 16:37 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 16:37 - 2014-07-25 15:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 16:37 - 2014-07-25 15:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 16:37 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 16:37 - 2014-07-25 14:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 16:37 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 16:37 - 2014-07-25 14:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 16:37 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 16:37 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 16:37 - 2014-07-25 14:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 16:37 - 2014-07-25 14:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 16:37 - 2014-07-25 14:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 16:37 - 2014-07-25 14:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 16:37 - 2014-07-25 14:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 16:37 - 2014-07-25 14:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 16:37 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 16:37 - 2014-07-25 13:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 16:37 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 16:37 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 16:37 - 2014-07-25 13:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 16:37 - 2014-07-25 13:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 16:37 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 16:37 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 16:37 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 16:37 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 16:37 - 2014-07-25 13:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 16:37 - 2014-07-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 16:37 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 16:37 - 2014-07-25 13:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 16:37 - 2014-07-25 13:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 16:37 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 16:37 - 2014-07-25 13:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 16:37 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 16:37 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 16:37 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 16:37 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 16:37 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 16:37 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 16:37 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 16:37 - 2014-07-25 12:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 16:37 - 2014-07-25 12:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 16:37 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 16:37 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 16:37 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 16:37 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 16:37 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 16:37 - 2014-07-25 12:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 16:37 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 16:37 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 16:37 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 16:37 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 16:37 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 16:37 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 16:37 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-16 16:59 - 2014-07-16 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 16:59 - 2014-07-16 03:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 16:59 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-16 16:59 - 2014-06-03 10:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-16 16:59 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-16 16:59 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-16 16:58 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-16 16:58 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-16 16:58 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 16:53 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-16 16:53 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-16 16:48 - 2014-08-07 03:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-16 16:48 - 2014-08-07 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banda Ancha Móvil
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\Program Files (x86)\Banda Ancha Móvil
2014-08-16 09:50 - 2010-03-26 20:02 - 00135168 _____ () C:\Windows\SysWOW64\ChgService.exe
2014-08-16 09:50 - 2009-12-17 10:56 - 00126080 _____ (QUALCOMM Incorporated) C:\Windows\system32\Drivers\cmnsusbser.sys
2014-08-16 09:50 - 2009-12-17 10:56 - 00103424 _____ (Thesycon GmbH) C:\Windows\SysWOW64\MyDIT_GenClassCoInst.dll
2014-08-10 08:59 - 2014-08-10 08:59 - 00000000 __SHD () C:\found.001
2014-08-06 20:19 - 2014-05-08 10:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-06 20:19 - 2014-05-08 10:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-08-06 20:19 - 2014-01-09 03:22 - 05694464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-06 20:19 - 2014-01-03 23:44 - 06574592 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-05 07:42 - 2014-08-05 07:42 - 00002005 _____ () C:\Users\Public\Desktop\Lenovo SHAREit.lnk
2014-08-05 07:42 - 2014-08-05 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-05 07:21 - 2014-08-05 07:21 - 00000000 __SHD () C:\found.000
2014-08-05 00:47 - 2014-08-05 00:47 - 00622584 _____ () C:\Windows\Minidump\080514-8236-01.dmp
2014-08-04 23:53 - 2013-07-31 00:47 - 00442656 _____ (Hewlett-Packard Corporation) C:\Windows\system32\hpcpn155.dll
2014-08-04 23:53 - 2013-07-31 00:43 - 00441632 _____ (Hewlett Packard Corporation) C:\Windows\SysWOW64\hpcc3155.DLL
2014-08-04 23:52 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-08-04 23:52 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-08-04 23:52 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-08-04 23:52 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-08-04 23:52 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-08-04 23:52 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-08-04 23:52 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-08-04 23:52 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-04 23:52 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-08-04 23:52 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-08-04 23:52 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-08-04 23:52 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-08-04 23:52 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-08-04 23:52 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-08-04 23:52 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-04 23:52 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-08-04 23:51 - 2012-08-23 15:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-04 23:51 - 2012-08-23 15:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-08-04 23:51 - 2012-08-23 15:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-08-04 23:51 - 2012-08-23 12:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-08-04 23:51 - 2012-08-23 11:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-08-04 23:50 - 2013-09-25 03:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-08-04 23:50 - 2013-09-25 02:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-08-04 23:50 - 2012-05-04 12:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-08-04 23:50 - 2012-05-04 10:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-02 09:08 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-02 09:08 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-02 09:08 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-02 09:08 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-02 09:08 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-02 09:08 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-02 09:08 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-02 09:08 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-02 09:08 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-27 11:04 - 2014-08-26 12:45 - 00031473 _____ () C:\Users\Graham\Downloads\FRST.txt
2014-08-27 11:04 - 2014-08-26 12:45 - 00000000 ____D () C:\FRST
2014-08-27 11:04 - 2014-03-13 17:00 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\EgnyteLocalCloud
2014-08-27 11:02 - 2009-07-14 05:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 11:02 - 2009-07-14 05:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 11:01 - 2009-07-14 06:13 - 00791252 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-27 10:56 - 2011-06-26 02:23 - 01615313 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 10:55 - 2011-08-19 14:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-27 10:55 - 2009-07-14 05:51 - 00338359 _____ () C:\Windows\setupact.log
2014-08-27 10:54 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 10:51 - 2012-04-01 08:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 10:35 - 2011-08-19 14:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-27 10:35 - 2011-07-12 17:30 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677832004-1690524382-748576713-1001UA.job
2014-08-27 10:16 - 2014-04-14 18:19 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-677832004-1690524382-748576713-1001.job
2014-08-27 08:30 - 2014-08-26 15:10 - 00000000 ____D () C:\AdwCleaner
2014-08-27 08:26 - 2011-07-12 17:53 - 00000000 ___RD () C:\Users\Graham\Dropbox
2014-08-27 06:54 - 2011-07-12 17:51 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Dropbox
2014-08-26 23:54 - 2014-04-07 13:57 - 00000000 ____D () C:\Users\Graham\AppData\Local\MobileAccess
2014-08-26 20:31 - 2014-08-26 20:31 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT (1).exe
2014-08-26 20:19 - 2014-08-26 20:19 - 00000000 ____D () C:\Windows\ERUNT
2014-08-26 20:19 - 2014-08-26 20:18 - 01016261 _____ (Thisisu) C:\Users\Graham\Downloads\JRT.exe
2014-08-26 20:07 - 2010-11-21 04:47 - 00274514 _____ () C:\Windows\PFRO.log
2014-08-26 19:56 - 2011-07-04 07:36 - 00000466 _____ () C:\Windows\Tasks\SystemToolsDailyTest.job
2014-08-26 19:09 - 2011-07-14 09:13 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Skype
2014-08-26 18:20 - 2014-08-26 18:20 - 04123795 _____ () C:\Users\Graham\Downloads\NBP.zip
2014-08-26 17:07 - 2014-08-26 13:54 - 00000000 ____D () C:\Users\Graham\Desktop\mbar
2014-08-26 17:07 - 2014-08-26 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-08-26 15:09 - 2014-08-26 15:10 - 01364531 _____ () C:\Users\Graham\Desktop\AdwCleaner.exe
2014-08-26 15:09 - 2014-08-26 15:09 - 01364531 _____ () C:\Users\Graham\Downloads\AdwCleaner.exe
2014-08-26 14:35 - 2011-07-12 17:30 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-677832004-1690524382-748576713-1001Core.job
2014-08-26 13:54 - 2014-08-26 13:54 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-26 13:54 - 2014-08-26 13:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-26 13:52 - 2014-08-26 13:51 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Graham\Downloads\mbar-1.07.0.1012.exe
2014-08-26 12:47 - 2014-08-26 12:46 - 00054861 _____ () C:\Users\Graham\Downloads\Addition.txt
2014-08-26 12:41 - 2014-08-26 12:41 - 02103296 _____ (Farbar) C:\Users\Graham\Downloads\FRST64.exe
2014-08-26 12:37 - 2014-08-26 12:37 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck (1).exe
2014-08-26 12:34 - 2014-08-26 12:34 - 00854417 _____ () C:\Users\Graham\Downloads\SecurityCheck.exe
2014-08-26 12:00 - 2011-07-04 07:36 - 00003502 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-08-26 12:00 - 2011-07-04 07:36 - 00003448 _____ () C:\Windows\System32\Tasks\PCDEventLauncher
2014-08-26 09:31 - 2014-04-14 18:19 - 00003580 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-677832004-1690524382-748576713-1001
2014-08-26 09:05 - 2011-07-04 07:36 - 00000000 ____D () C:\Users\Graham
2014-08-26 07:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-08-26 07:42 - 2013-10-20 10:42 - 00000205 _____ () C:\Users\Graham\AppData\Roaming\WB.CFG
2014-08-26 06:57 - 2011-07-04 07:36 - 00000528 _____ () C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
2014-08-25 19:17 - 2014-08-25 19:17 - 00017090 _____ () C:\Users\Graham\Downloads\Attach.txt
2014-08-25 19:16 - 2014-08-25 19:16 - 00005582 _____ () C:\Users\Graham\Downloads\ark.txt
2014-08-25 18:23 - 2014-08-25 18:23 - 00688992 ____R (Swearware) C:\Users\Graham\Downloads\dds.com
2014-08-25 17:36 - 2011-07-04 07:36 - 00004242 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-08-25 17:31 - 2014-08-25 17:31 - 00458231 _____ () C:\Users\Graham\Downloads\Aetha NZD Templates.zip
2014-08-24 11:01 - 2014-08-24 11:01 - 00000000 __SHD () C:\found.004
2014-08-23 11:10 - 2014-08-23 11:10 - 00002438 _____ () C:\Users\Graham\Downloads\booking_MAD _Flights1408788626997.ics
2014-08-22 18:36 - 2011-07-12 17:52 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-22 13:50 - 2014-08-22 13:50 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00001794 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-08-22 10:59 - 2014-08-22 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-08-22 10:59 - 2014-08-22 10:58 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-22 10:59 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files\iTunes
2014-08-22 10:59 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-08-22 10:58 - 2014-08-22 10:58 - 00000000 ____D () C:\Program Files\iPod
2014-08-22 09:38 - 2014-08-22 09:38 - 02881881 _____ () C:\Users\Graham\Downloads\MOBILY WHOLESALE 2014 08 21 2130.xlsm
2014-08-21 20:29 - 2014-08-21 20:29 - 00000414 __RSH () C:\ProgramData\ntuser.pol
2014-08-21 20:27 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-21 11:18 - 2014-04-21 12:13 - 00000000 ____D () C:\Users\Graham\AppData\Local\CrashDumps
2014-08-20 19:15 - 2013-10-18 10:56 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-20 19:14 - 2014-08-20 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-20 19:13 - 2014-08-20 19:14 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-20 19:13 - 2014-08-20 19:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-20 19:13 - 2014-08-20 19:14 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-20 19:13 - 2014-08-20 19:14 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-20 19:13 - 2014-08-20 19:13 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-20 19:08 - 2014-08-20 19:08 - 00918440 _____ (Oracle Corporation) C:\Users\Graham\Downloads\chromeinstall-7u67.exe
2014-08-20 19:05 - 2014-08-20 19:05 - 01057176 _____ (Adobe) C:\Users\Graham\Downloads\install_flashplayer14x32axau_mssd_aaa_aih.exe
2014-08-20 00:05 - 2014-08-19 23:55 - 30293168 _____ () C:\Users\Graham\Downloads\NOS_Tplss-Flamenco.avi.crdownload
2014-08-19 23:49 - 2014-08-19 23:49 - 00000000 __SHD () C:\found.003
2014-08-18 19:29 - 2011-06-26 02:24 - 00000000 ____D () C:\ProgramData\PCDr
2014-08-18 14:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-18 14:11 - 2013-09-07 10:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-18 14:06 - 2011-07-16 10:45 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-18 13:44 - 2014-08-18 13:44 - 00000000 __SHD () C:\found.002
2014-08-17 22:40 - 2012-06-11 10:32 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\TrueCrypt
2014-08-16 17:07 - 2014-04-30 22:30 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Banda Ancha Móvil
2014-08-16 09:50 - 2014-08-16 09:50 - 00000000 ____D () C:\Program Files (x86)\Banda Ancha Móvil
2014-08-12 17:46 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-10 08:59 - 2014-08-10 08:59 - 00000000 __SHD () C:\found.001
2014-08-09 23:18 - 2014-06-27 20:08 - 00004994 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Graham-THINK-Graham Graham-THINK
2014-08-07 03:06 - 2014-08-16 16:48 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-07 03:01 - 2014-08-16 16:48 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-05 07:43 - 2011-06-26 02:22 - 00003020 _____ () C:\Windows\System32\Tasks\PMTask
2014-08-05 07:43 - 2009-07-14 04:20 - 00000000 __RSD () C:\Windows\Media
2014-08-05 07:42 - 2014-08-05 07:42 - 00002005 _____ () C:\Users\Public\Desktop\Lenovo SHAREit.lnk
2014-08-05 07:42 - 2014-08-05 07:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-08-05 07:42 - 2011-06-26 02:23 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-05 07:42 - 2011-06-26 02:14 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-08-05 07:42 - 2011-06-26 02:14 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-08-05 07:31 - 2011-06-26 01:53 - 00000000 ____D () C:\ProgramData\Lenovo
2014-08-05 07:29 - 2014-04-07 10:53 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-08-05 07:29 - 2011-06-26 02:15 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-08-05 07:21 - 2014-08-05 07:21 - 00000000 __SHD () C:\found.000
2014-08-05 00:47 - 2014-08-05 00:47 - 00622584 _____ () C:\Windows\Minidump\080514-8236-01.dmp
2014-08-05 00:47 - 2012-01-18 16:29 - 885536577 _____ () C:\Windows\MEMORY.DMP
2014-08-05 00:47 - 2012-01-18 16:29 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 00:12 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-08-01 00:41 - 2014-08-17 16:37 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-01 00:16 - 2014-08-17 16:37 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-31 11:52 - 2014-07-22 09:54 - 00038522 _____ () C:\Users\Graham\AppData\Roaming\Comma Separated Values.ADR
2014-07-30 17:39 - 2013-03-13 13:33 - 00000000 ____D () C:\Users\Graham\AppData\Roaming\webex
 
Some content of TEMP:
====================
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.295.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.296.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.299.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.304.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.305.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.314.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.319.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.326.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.327.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.328.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.330.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.331.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.332.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.333.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.335.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.336.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.337.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.338.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.339.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.340.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.341.exe
C:\Users\Graham\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\Graham\AppData\Local\Temp\cryptoapi4java.dll
C:\Users\Graham\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Graham\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjsvrhc.dll
C:\Users\Graham\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.1.exe
C:\Users\Graham\AppData\Local\Temp\GomAudDnInstaller.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Graham\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Graham\AppData\Local\Temp\nativecall.dll
C:\Users\Graham\AppData\Local\Temp\nitro_pro8_x64.exe
C:\Users\Graham\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Graham\AppData\Local\Temp\ResetDevice.exe
C:\Users\Graham\AppData\Local\Temp\setuplyncentryretail.x64.en-us_.exe
C:\Users\Graham\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Graham\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Graham\AppData\Local\Temp\WiTopia%20Installer.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 00:27
 
==================== End Of Log ============================


#13 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 27 August 2014 - 05:17 AM

Hello mcduck,


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.3.1.2183.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 mcduck

mcduck
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 27 August 2014 - 05:14 PM

Hi Jo, the scan logs are pasted below.

 

MBAM

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 27/08/2014
Scan Time: 20:18:46
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.27.06
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Graham
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 352010
Time Elapsed: 1 hr, 13 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 3
PUP.Optional.OpenCandy, C:\Users\Graham\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.1.exe, Quarantined, [02906a61d6a549ed5e1f59c1d42d25db], 
PUP.Optional.BonanzaDeals.A, C:\Users\Graham\AppData\Local\Temp\is1590112554\137776605_stp\bd.exe, Quarantined, [cac89734106bbf770494f93635ccb050], 
PUP.Optional.OpenCandy, C:\Users\Graham\Downloads\FreemakeVideoConverterSetup.exe, Quarantined, [444e795292e96fc7522bfc1efb0625db], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
MyEsetScan.txt
 
C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Roaming\0D0S1L2Z1P1B\Codec Package Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Roaming\digitalsite\UpdateProc\UpdateTask.exe.vir Win32/DealPly.K potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Graham\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe.vir a variant of Win32/DealPly.S potentially unwanted application
C:\Users\Graham\AppData\Local\Temp\is1590112554\137776705_stp\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application
C:\Users\Graham\Downloads\cnet_inSSIDer-Installer-2_0_7_0126_exe.exe a variant of Win32/InstallCore.D potentially unwanted application
C:\Users\Graham\Downloads\PDFCreator-1_2_1_setup.exe Win32/Toolbar.Widgi potentially unwanted application
C:\Users\Graham\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi potentially unwanted application
C:\Users\Graham\Downloads\talksetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll a variant of Win32/Toolbar.Linkury.G potentially unwanted application
 


#15 Jo*

Jo*

  • Malware Response Team
  • 3,269 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:21 PM

Posted 28 August 2014 - 01:59 AM

Hello mcduck,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
C:\Users\Graham\AppData\Local\Temp\is1590112554\137776705_stp\uninstaller.exe
C:\Users\Graham\Downloads\cnet_inSSIDer-Installer-2_0_7_0126_exe.exe
C:\Users\Graham\Downloads\PDFCreator-1_2_1_setup.exe Win32/Toolbar.Widgi
C:\Users\Graham\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi
C:\Users\Graham\Downloads\talksetup.exe
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.295.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.296.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.299.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.304.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.305.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.314.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.319.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.326.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.327.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.328.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.330.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.331.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.332.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.333.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.335.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.336.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.337.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.338.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.339.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.340.exe 
C:\Users\Graham\AppData\Local\Temp\1Password-1.0.9.341.exe 
C:\Users\Graham\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe 
C:\Users\Graham\AppData\Local\Temp\cryptoapi4java.dll 
C:\Users\Graham\AppData\Local\Temp\DataCard_Setup64.exe 
C:\Users\Graham\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjsvrhc.dll 
C:\Users\Graham\AppData\Local\Temp\FreemakeVideoConverter_4.1.0.1.exe 
C:\Users\Graham\AppData\Local\Temp\GomAudDnInstaller.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe 
C:\Users\Graham\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe 
C:\Users\Graham\AppData\Local\Temp\nativecall.dll 
C:\Users\Graham\AppData\Local\Temp\nitro_pro8_x64.exe 
C:\Users\Graham\AppData\Local\Temp\OfficeSetup.exe 
C:\Users\Graham\AppData\Local\Temp\ResetDevice.exe 
C:\Users\Graham\AppData\Local\Temp\setuplyncentryretail.x64.en-us_.exe 
C:\Users\Graham\AppData\Local\Temp\SkypeSetup.exe 
C:\Users\Graham\AppData\Local\Temp\vcredist_x86.exe 
C:\Users\Graham\AppData\Local\Temp\WiTopia%20Installer.exe
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.


***


How the computer is running now?



---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users