Thebearwrestler

Hi, Apologies for the delay. Here is the fixlog.txt..... Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03 Ran by Gary at 2014-11-16 21:03:17 Run:1 Running from C:\Users\Gary\Downloads Loaded Profile: Gary (Available profiles: Gary) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [zASRockInstantBoot] => [X] Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] C:\Users\Gary\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exe C:\Users\Gary\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\Gary\AppData\Local\Temp\oi_{6F8FEAC9-56D7-4BAF-A8A1-421505B0A9B5}.exe C:\Users\Gary\AppData\Local\Temp\Quarantine.exe C:\Users\Gary\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe Hosts: CMD: ipconfig /flushdns EmptyTemp: ***************** HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => value deleted successfully. HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value deleted successfully. "HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=euc-jp" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=ISO-8859-1" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=MS936" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=MS949" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=MS950" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=UTF-8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=UTF8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=euc-jp" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=ISO-8859-1" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=MS936" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=MS949" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=MS950" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=UTF-8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=UTF8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. vToolbarUpdater18.1.9 => Service deleted successfully. MSICDSetup => Service deleted successfully. C:\Users\Gary\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exe => Moved successfully. C:\Users\Gary\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully. C:\Users\Gary\AppData\Local\Temp\oi_{6F8FEAC9-56D7-4BAF-A8A1-421505B0A9B5}.exe => Moved successfully. C:\Users\Gary\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Gary\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully. C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Cheers

Hi, Apologies for the delay in getting back to you. The fixlog.txt Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-11-2014 03 Ran by Gary at 2014-11-16 21:03:17 Run:1 Running from C:\Users\Gary\Downloads Loaded Profile: Gary (Available profiles: Gary) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [zASRockInstantBoot] => [X] Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] C:\Users\Gary\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exe C:\Users\Gary\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\Gary\AppData\Local\Temp\oi_{6F8FEAC9-56D7-4BAF-A8A1-421505B0A9B5}.exe C:\Users\Gary\AppData\Local\Temp\Quarantine.exe C:\Users\Gary\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe Hosts: CMD: ipconfig /flushdns EmptyTemp: ***************** HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockXTU => value deleted successfully. HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\Software\Microsoft\Windows\CurrentVersion\Run\\zASRockInstantBoot => value deleted successfully. "HKCR\PROTOCOLS\Filter\application/x-ica" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=euc-jp" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=ISO-8859-1" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=MS936" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=MS949" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=MS950" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=UTF-8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica; ch****t=UTF8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=euc-jp" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=ISO-8859-1" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=MS936" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=MS949" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=MS950" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=UTF-8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\application/x-ica;ch****t=UTF8" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. "HKCR\PROTOCOLS\Filter\ica" => Key deleted successfully. "HKCR\CLSID\{CFB6322E-CC85-4d1b-82C7-893888A236BC}" => Key not found. vToolbarUpdater18.1.9 => Service deleted successfully. MSICDSetup => Service deleted successfully. C:\Users\Gary\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exe => Moved successfully. C:\Users\Gary\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE => Moved successfully. C:\Users\Gary\AppData\Local\Temp\oi_{6F8FEAC9-56D7-4BAF-A8A1-421505B0A9B5}.exe => Moved successfully. C:\Users\Gary\AppData\Local\Temp\Quarantine.exe => Moved successfully. C:\Users\Gary\AppData\Local\Temp\SETUP_AFTERBURNER.EXE => Moved successfully. C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe => Moved successfully. C:\Windows\System32\Drivers\etc\hosts => Moved successfully. Hosts was reset successfully. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => Removed 1.1 GB temporary data. The system needed a reboot. ==== End of Fixlog ====

Hi Nev, Just downloaded Google chrome and can access my Yahoo mail from there, so the Yahoo logon issue must be related to Internet Explorer? Should I try to uninstall Internet Explorer and reinstall it to see if that works? Cheers Gary

Hi Nev i have been looking at the Yahoo community forums and there are instances of people not being able to sign in and seeing uk-mg42.mail.yahoo.com but I cannot see any answers to the problem. Cheers Gary

and the others.... can result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-11-2014 Ran by Gary (administrator) on GARY-PC on 01-11-2014 19:39:35 Running from C:\Users\Gary\Downloads Loaded Profile: Gary (Available profiles: Gary) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUSB\XFastUsb.exe (Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\redirector.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe (Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_167_ActiveX.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe (Farbar) C:\Users\Gary\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [XFastUSB] => C:\Program Files (x86)\XFastUSB\XFastUsb.exe [5019360 2013-12-21] (FNet Co., Ltd.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd) HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642728 2012-09-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3593744 2014-09-05] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [2640408 2014-08-25] () HKLM-x32\...\Run: [CitrixReceiver] => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk" HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.) HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Gary\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=968c05e05d3b47d384916d16b29cdbfd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\Gary\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=968c05e05d3b47d384916d16b29cdbfd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0214c HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3600216 2014-09-16] (Electronic Arts) HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.) HKU\S-1-5-21-2748923439-1750433010-2092404853-1000\...\MountPoints2: {05a663c7-4bc4-11e2-9df2-806e6f6e6963} - D:\ASRSetup.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x3111718B04F3CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://uk.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = https://mysearch.avg.com/search?cid={9961FE18-D203-4C88-AB35-5CE81CD36771}&mid=968c05e05d3b47d384916d16b29cdbfd-ad1491be2ce6c122f6b66faa90e70c2decf7d34c&lang=en&ds=avgab0&coid=avgtbavg&cmpid=&pr=sa&d=2014-02-07 21:30:07&v=18.1.9.799&pid=safeguard&sg=&sap=dsp&q={searchTerms} SearchScopes: HKCU - {BCBE0FE6-F243-49a1-87D1-3BDBE1791F24} URL = http://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=en&q={searchTerms} BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: AVG SafeGuard toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKLM-x32 - AVG SafeGuard toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\18.1.9.799\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search) Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica; ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;ch****t=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;ch****t=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;ch****t=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;ch****t=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;ch****t=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;ch****t=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: application/x-ica;ch****t=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 FF Extension: AVG SafeGuard toolbar - C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\17.3.1.204 [2014-02-07] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3364368 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [293448 2014-09-05] (AVG Technologies CZ, s.r.o.) R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [121344 2012-02-07] () [File not signed] R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [247576 2014-07-24] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [270616 2014-07-02] (AVG Technologies CZ, s.r.o.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies) R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [32320 2014-05-05] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2013-12-21] (FNet Co., Ltd.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-01] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-11-01] () S3 MSICDSetup; \??\D:\CDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 19:39 - 2014-11-01 19:39 - 00019528 _____ () C:\Users\Gary\Downloads\FRST.txt 2014-11-01 19:38 - 2014-11-01 19:39 - 00000000 ____D () C:\FRST 2014-11-01 19:38 - 2014-11-01 19:38 - 02114048 _____ (Farbar) C:\Users\Gary\Downloads\FRST64.exe 2014-11-01 19:38 - 2014-11-01 19:38 - 02114048 _____ (Farbar) C:\Users\Gary\Downloads\FRST64 (1).exe 2014-11-01 19:26 - 2014-11-01 19:26 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-10-30 19:43 - 2014-10-31 23:30 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\2FDB3184.sys 2014-10-29 19:43 - 2014-11-01 19:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-29 19:42 - 2014-10-31 23:41 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-29 19:42 - 2014-10-31 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-29 19:42 - 2014-10-31 23:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-29 19:42 - 2014-10-29 19:42 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-10-29 19:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-29 19:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-29 19:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-25 20:47 - 2014-10-25 20:47 - 00000000 ____H () C:\Users\Gary\Documents\Default.rdp 2014-10-25 20:25 - 2014-10-25 20:33 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\ICAClient 2014-10-25 20:25 - 2014-10-25 20:25 - 00001512 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix Receiver.lnk 2014-10-25 20:25 - 2014-10-25 20:25 - 00000000 ____D () C:\Users\Gary\AppData\Local\Citrix 2014-10-25 20:25 - 2014-10-25 20:25 - 00000000 ____D () C:\ProgramData\Citrix 2014-10-25 20:25 - 2014-10-25 20:25 - 00000000 ____D () C:\Program Files (x86)\Citrix 2014-10-25 20:24 - 2014-10-25 20:25 - 53860688 _____ (Citrix Systems, Inc.) C:\Users\Gary\Downloads\CitrixReceiver.exe 2014-10-18 20:03 - 2014-10-18 20:03 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\AVG2015 2014-10-18 19:49 - 2014-10-18 19:49 - 00000969 _____ () C:\Users\Public\Desktop\AVG 2015.lnk 2014-10-18 19:35 - 2014-10-18 19:49 - 00000000 ____D () C:\ProgramData\AVG2015 2014-10-18 19:13 - 2014-10-18 22:25 - 00000000 ____D () C:\Users\Gary\AppData\Local\Avg2015 2014-10-14 21:02 - 2014-10-10 02:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-10-14 21:02 - 2014-10-10 02:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-10-14 21:02 - 2014-10-10 02:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-10-14 21:02 - 2014-10-07 02:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-10-14 21:02 - 2014-10-07 02:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-10-14 21:02 - 2014-09-29 00:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-10-14 21:02 - 2014-09-25 22:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-10-14 21:02 - 2014-09-25 22:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-10-14 21:02 - 2014-09-25 22:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-10-14 21:02 - 2014-09-25 22:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-10-14 21:02 - 2014-09-25 22:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-10-14 21:02 - 2014-09-25 22:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-10-14 21:02 - 2014-09-25 22:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-10-14 21:02 - 2014-09-19 02:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-10-14 21:02 - 2014-09-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-10-14 21:02 - 2014-09-19 01:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-10-14 21:02 - 2014-09-19 01:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-10-14 21:02 - 2014-09-19 01:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-10-14 21:02 - 2014-09-19 01:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-10-14 21:02 - 2014-09-19 01:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-10-14 21:02 - 2014-09-19 01:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-10-14 21:02 - 2014-09-19 01:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-10-14 21:02 - 2014-09-19 01:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-10-14 21:02 - 2014-09-19 01:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-10-14 21:02 - 2014-09-19 01:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-10-14 21:02 - 2014-09-19 01:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-10-14 21:02 - 2014-09-19 01:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-10-14 21:02 - 2014-09-19 01:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-10-14 21:02 - 2014-09-19 01:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-10-14 21:02 - 2014-09-19 01:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-10-14 21:02 - 2014-09-19 01:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-10-14 21:02 - 2014-09-19 01:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-10-14 21:02 - 2014-09-19 01:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-10-14 21:02 - 2014-09-19 01:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-10-14 21:02 - 2014-09-19 01:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-10-14 21:02 - 2014-09-19 01:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-10-14 21:02 - 2014-09-19 01:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-10-14 21:02 - 2014-09-19 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-10-14 21:02 - 2014-09-19 01:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-10-14 21:02 - 2014-09-19 00:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-10-14 21:02 - 2014-09-19 00:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-10-14 21:02 - 2014-09-19 00:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-10-14 21:02 - 2014-09-19 00:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-10-14 21:02 - 2014-09-19 00:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-10-14 21:02 - 2014-09-19 00:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-10-14 21:02 - 2014-09-19 00:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-10-14 21:02 - 2014-09-19 00:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-10-14 21:02 - 2014-09-19 00:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-10-14 21:02 - 2014-09-19 00:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-10-14 21:02 - 2014-09-19 00:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-10-14 21:02 - 2014-09-19 00:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-14 21:02 - 2014-09-19 00:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-10-14 21:02 - 2014-09-19 00:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-10-14 21:02 - 2014-09-19 00:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-10-14 21:02 - 2014-09-19 00:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-10-14 21:02 - 2014-09-19 00:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-10-14 21:02 - 2014-09-18 23:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-10-14 21:02 - 2014-09-18 23:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-10-14 21:02 - 2014-09-18 23:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-10-14 21:02 - 2014-09-18 23:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-10-14 21:02 - 2014-08-19 03:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2014-10-14 21:02 - 2014-08-19 03:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2014-10-14 21:02 - 2014-08-19 03:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2014-10-14 21:02 - 2014-08-19 03:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2014-10-14 21:02 - 2014-08-19 03:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2014-10-14 21:02 - 2014-08-19 03:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2014-10-14 21:02 - 2014-08-19 03:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2014-10-14 21:02 - 2014-08-19 03:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2014-10-14 21:02 - 2014-08-19 03:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2014-10-14 21:02 - 2014-08-19 03:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2014-10-14 21:02 - 2014-08-19 02:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2014-10-14 21:02 - 2014-08-19 02:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2014-10-14 21:02 - 2014-08-19 02:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2014-10-14 21:02 - 2014-07-07 02:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-10-14 21:02 - 2014-07-07 02:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2014-10-14 21:02 - 2014-07-07 02:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-10-14 21:02 - 2014-07-07 02:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2014-10-14 21:02 - 2014-07-07 02:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2014-10-14 21:02 - 2014-07-07 02:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2014-10-14 21:02 - 2014-07-07 02:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2014-10-14 21:02 - 2014-07-07 02:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2014-10-14 21:02 - 2014-07-07 02:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-10-14 21:02 - 2014-07-07 02:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2014-10-14 21:02 - 2014-07-07 02:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2014-10-14 21:02 - 2014-07-07 01:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2014-10-14 21:02 - 2014-07-07 01:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2014-10-14 21:02 - 2014-07-07 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2014-10-14 21:02 - 2014-07-07 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2014-10-14 21:02 - 2014-07-07 01:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-10-14 21:02 - 2014-07-07 01:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-10-14 21:02 - 2014-07-07 01:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-10-14 21:02 - 2014-07-07 01:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2014-10-14 21:02 - 2014-07-07 01:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2014-10-14 21:02 - 2014-07-07 01:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2014-10-14 21:02 - 2014-06-28 00:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2014-10-14 21:02 - 2014-06-28 00:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2014-10-14 21:02 - 2014-06-28 00:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2014-10-14 21:02 - 2014-06-18 22:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-10-14 21:02 - 2014-06-18 22:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-10-14 21:02 - 2014-06-18 22:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-10-14 21:02 - 2014-06-18 22:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-10-14 21:02 - 2014-06-18 22:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-10-14 21:02 - 2014-06-18 22:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-10-14 21:01 - 2014-09-18 02:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-10-14 21:01 - 2014-09-18 01:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-10-14 21:01 - 2014-09-04 05:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-10-14 21:01 - 2014-09-04 05:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-10-14 21:01 - 2014-08-29 02:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-10-14 21:01 - 2014-08-29 02:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-10-14 21:01 - 2014-08-29 02:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll 2014-10-14 21:01 - 2014-08-29 02:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll 2014-10-14 21:01 - 2014-08-29 02:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe 2014-10-14 21:01 - 2014-08-29 01:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-10-14 21:01 - 2014-08-29 01:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe 2014-10-14 21:01 - 2014-08-29 01:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll 2014-10-14 21:01 - 2014-08-29 01:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll 2014-10-14 21:00 - 2014-09-13 01:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-10-14 21:00 - 2014-09-13 01:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-10-14 21:00 - 2014-07-17 02:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-10-14 21:00 - 2014-07-17 02:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-10-14 21:00 - 2014-07-17 02:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-10-14 21:00 - 2014-07-17 02:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-10-14 21:00 - 2014-07-17 02:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-10-14 21:00 - 2014-07-17 02:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-10-14 21:00 - 2014-07-17 01:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-10-14 21:00 - 2014-07-17 01:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-10-14 21:00 - 2014-07-17 01:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-10-14 21:00 - 2014-07-17 01:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-10-14 21:00 - 2014-07-17 01:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-01 19:33 - 2009-07-14 04:45 - 00026528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-01 19:33 - 2009-07-14 04:45 - 00026528 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-01 19:31 - 2009-07-14 05:13 - 00782010 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-01 19:30 - 2013-12-21 23:19 - 01093160 _____ () C:\Windows\WindowsUpdate.log 2014-11-01 19:28 - 2013-12-27 19:43 - 00000000 ____D () C:\Users\Gary\AppData\Roaming\Skype 2014-11-01 19:27 - 2014-07-12 16:39 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-11-01 19:26 - 2013-12-21 23:53 - 00701182 _____ () C:\Windows\PFRO.log 2014-11-01 19:26 - 2013-12-21 23:48 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-11-01 19:26 - 2013-12-21 23:46 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-11-01 19:26 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-01 19:26 - 2009-07-14 04:51 - 00040610 _____ () C:\Windows\setupact.log 2014-11-01 19:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\L2Schemas 2014-11-01 19:00 - 2013-12-26 10:59 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-01 18:56 - 2013-12-22 16:44 - 00000000 ____D () C:\ProgramData\MFAData 2014-11-01 18:53 - 2013-12-22 00:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-10-29 18:32 - 2014-09-30 20:20 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-10-29 18:32 - 2013-12-27 19:42 - 00000000 ____D () C:\ProgramData\Skype 2014-10-28 23:17 - 2014-03-17 21:32 - 00000000 ____D () C:\Users\Gary\AppData\Local\Battle.net 2014-10-28 21:34 - 2014-03-17 21:32 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-10-28 20:56 - 2014-07-12 16:39 - 00000000 ____D () C:\ProgramData\Origin 2014-10-27 20:56 - 2014-07-12 19:16 - 00001186 _____ () C:\Users\Public\Desktop\Titanfall.lnk 2014-10-27 20:54 - 2013-12-26 11:13 - 00473315 _____ () C:\Windows\DirectX.log 2014-10-26 22:12 - 2013-12-28 11:23 - 00000000 ____D () C:\Users\Gary\AppData\Local\CrashDumps 2014-10-25 19:32 - 2009-07-14 05:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-10-19 16:12 - 2013-12-22 16:46 - 00000000 ____D () C:\ProgramData\AVG2014 2014-10-18 20:04 - 2013-12-22 16:46 - 00000000 ____D () C:\Program Files (x86)\AVG 2014-10-18 19:49 - 2014-04-01 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-10-16 21:26 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\rescache 2014-10-16 20:43 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-10-16 20:38 - 2009-07-14 04:45 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-10-16 20:38 - 2009-07-14 03:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-10-16 20:36 - 2014-05-06 22:34 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-10-16 20:36 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-10-16 20:36 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-10-14 21:12 - 2013-12-26 00:06 - 00000000 ____D () C:\Windows\system32\MRT 2014-10-14 21:10 - 2013-12-26 00:06 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-12 17:53 - 2014-09-11 18:52 - 00000000 ____D () C:\Users\Gary\AppData\Local\Adobe Some content of TEMP: ==================== C:\Users\Gary\AppData\Local\Temp\install_flashplayer13x32axau_gtba_chra_dy_aaa_aih.exe C:\Users\Gary\AppData\Local\Temp\MSIAFTERBURNERSETUP.EXE C:\Users\Gary\AppData\Local\Temp\oi_{6F8FEAC9-56D7-4BAF-A8A1-421505B0A9B5}.exe C:\Users\Gary\AppData\Local\Temp\SETUP_AFTERBURNER.EXE C:\Users\Gary\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-29 19:33 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2014 Ran by Gary at 2014-11-01 19:40:00 Running from C:\Users\Gary\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) AMD Catalyst Install Manager (HKLM\...\{46DA7FD9-8BC1-7BA8-98D1-27F46647871B}) (Version: 8.0.891.0 - Advanced Micro Devices, Inc.) ASRock App Charger v1.0.5 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.) ASRock eXtreme Tuner v0.1.190 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - ) ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - ) ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.) ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.) AVG 2014 (Version: 14.0.4259 - AVG Technologies) Hidden AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5315 - AVG Technologies) AVG 2015 (Version: 15.0.4189 - AVG Technologies) Hidden AVG 2015 (Version: 15.0.5315 - AVG Technologies) Hidden AVG SafeGuard toolbar (HKLM-x32\...\AVG SafeGuard toolbar) (Version: 18.1.9.799 - AVG Technologies) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.) Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version: - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai) HAWKEN (HKLM-x32\...\Steam App 271290) (Version: - Adhesive Games) Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel® Smart Connect Technology 2.0 x64 (HKLM\...\{D1B033E8-A077-4B0D-9831-5798E19E861E}) (Version: 2.0.1083.0 - Intel) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality) Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment) Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation) Online Plug-in (x32 Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) Peggle Deluxe 1.0 (HKLM-x32\...\Peggle Deluxe 1.0) (Version: - ) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Self-service Plug-in (x32 Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited) Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.8.10 - Electronic Arts) Trine 2 (HKLM-x32\...\Steam App 35720) (Version: - Frozenbyte) Unreal Tournament 3 (HKCU\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games) Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden Unreal Tournament 3: Black Edition (HKLM-x32\...\Steam App 13210) (Version: - Epic Games, Inc.) Uplay (HKLM-x32\...\Uplay) (Version: 4.2 - Ubisoft) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Windows Driver Package - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) World of Goo (HKLM-x32\...\{B8CB01F7-897E-4159-B4FB-850BE8954FBF}) (Version: 1.00.000 - ) XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - Firaxis Games) XFastUSB (HKLM-x32\...\XFastUSB) (Version: 3.02.28 - ASRock Inc.) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1690BE49-5C32-4098-B4E2-D0AC50510F2F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {261A4579-4B70-4BB3-BB70-F7FDAA1F7025} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {77482189-BC64-4155-9682-0060EDF6A51C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2013-12-21 23:46 - 2012-02-07 17:27 - 00121344 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe 2012-02-09 16:26 - 2012-02-09 16:26 - 00133632 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe 2012-02-09 16:26 - 2012-02-09 16:26 - 00048128 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll 2012-02-09 16:26 - 2012-02-09 16:26 - 00036864 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetDetect.dll 2014-08-11 20:44 - 2014-08-11 20:44 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe 2013-12-21 23:50 - 2011-05-19 09:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2013-12-21 23:40 - 2012-01-05 09:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-29 22:33 - 2014-08-25 17:14 - 02640408 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe 2014-08-11 20:44 - 2014-08-11 20:44 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll 2012-06-26 12:11 - 2012-06-26 12:11 - 02302040 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll 2012-06-26 12:11 - 2012-06-26 12:11 - 08197208 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll 2012-06-26 12:11 - 2012-06-26 12:11 - 00345688 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll 2012-06-26 12:10 - 2012-06-26 12:10 - 00202328 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll 2012-06-26 12:10 - 2012-06-26 12:10 - 00027736 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll 2012-06-26 12:11 - 2012-06-26 12:11 - 00282200 _____ () C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll 2014-07-12 16:40 - 2014-09-16 19:36 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll 2014-01-29 22:33 - 2014-06-02 18:28 - 01640472 _____ () C:\Program Files (x86)\AVG SafeGuard toolbar\TBAPI.dll 2014-10-16 20:54 - 2014-10-16 20:54 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll 2013-12-21 23:42 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll 2013-12-21 23:44 - 2012-02-07 17:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2748923439-1750433010-2092404853-500 - Administrator - Disabled) Gary (S-1-5-21-2748923439-1750433010-2092404853-1000 - Administrator - Enabled) => C:\Users\Gary Guest (S-1-5-21-2748923439-1750433010-2092404853-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2748923439-1750433010-2092404853-1002 - Limited - Enabled) ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (11/01/2014 07:26:39 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (11/01/2014 06:51:18 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/31/2014 11:29:47 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/30/2014 07:43:05 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/29/2014 10:11:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program IEXPLORE.EXE version 11.0.9600.17344 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 358 Start Time: 01cff3c53ce6ca26 Termination Time: 0 Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Report Id: Error: (10/29/2014 10:09:35 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/29/2014 08:29:56 PM) (Source: System Restore) (EventID: 8211) (User: ) Description: The scheduled restore point could not be created. Additional information: (0x81000101). Error: (10/29/2014 08:29:56 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101). Error: (10/29/2014 07:33:44 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". Dependent Assembly Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (10/29/2014 07:33:41 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3. The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid. System errors: ============= Error: (11/01/2014 06:51:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The MBAMScheduler service failed to start due to the following error: %%1053 Error: (11/01/2014 06:51:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect. Error: (10/28/2014 11:19:00 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334} Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/28/2014 11:18:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: %%1068 Error: (10/28/2014 11:18:19 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Microsoft Office Sessions: ========================= Error: (11/01/2014 07:26:39 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (11/01/2014 06:51:18 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/31/2014 11:29:47 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/30/2014 07:43:05 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/29/2014 10:11:55 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: IEXPLORE.EXE11.0.9600.1734435801cff3c53ce6ca260C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Error: (10/29/2014 10:09:35 PM) (Source: ISCT Agent) (EventID: 1003) (User: ) Description: CAgentState::DoPeriodicSuspendResume ****Error in initialize NetDetect, status = 0x2 Error: (10/29/2014 08:29:56 PM) (Source: System Restore) (EventID: 8211) (User: ) Description: 0x81000101 Error: (10/29/2014 08:29:56 PM) (Source: System Restore) (EventID: 8193) (User: ) Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101 Error: (10/29/2014 07:33:44 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files (x86)\Nokia\Nokia PC Suite 7\TIS_Windows7PIM.dll Error: (10/29/2014 07:33:41 PM) (Source: SideBySide) (EventID: 63) (User: ) Description: assemblyIdentityversionMAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINORC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dllC:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll3 ==================== Memory info =========================== Processor: Intel® Core i5-3570 CPU @ 3.40GHz Percentage of memory in use: 31% Total physical RAM: 8079.25 MB Available physical RAM: 5527.25 MB Total Pagefile: 16156.68 MB Available Pagefile: 12953.57 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (WIN7) (Fixed) (Total:931.51 GB) (Free:722.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 745374FE) Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ # AdwCleaner v3.311 - Report created 01/11/2014 at 19:48:04 # Updated 30/09/2014 by Xplode # Operating System : Windows 7 Professional Service Pack 1 (64 bits) # Username : Gary - GARY-PC # Running from : C:\Users\Gary\Downloads\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar Folder Deleted : C:\ProgramData\AVG Secure Search Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\ProgramData\DeviceVM Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar Folder Deleted : C:\Program Files (x86)\AVG Security Toolbar Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search [!] Folder Deleted : C:\Users\Gary\AppData\Local\AVG SafeGuard toolbar Folder Deleted : C:\Users\Gary\AppData\Local\Temp\AirInstaller Folder Deleted : C:\Users\Gary\AppData\LocalLow\AVG SafeGuard toolbar Folder Deleted : C:\Users\Gary\AppData\Roaming\DeviceVM ***** [ Scheduled Tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\AVG SafeGuard toolbar Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17344 ************************* AdwCleaner[R0].txt - [5746 octets] - [01/11/2014 19:45:03] AdwCleaner[s0].txt - [5551 octets] - [01/11/2014 19:48:04] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5611 octets] ########## Cheers Gary

Hi, Logs as follows........ Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 01/11/2014 Scan Time: 19:19:03 Logfile: Administrator: Yes Version: 2.00.3.1025 Malware Database: v2014.11.01.07 Rootkit Database: v2014.11.01.02 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Gary Scan Type: Threat Scan Result: Completed Objects Scanned: 309811 Time Elapsed: 6 min, 7 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, Quarantined, [4d4eff3774083cfad46ffb43b54ed62a], Registry Values: 1 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, Quarantined, [4d4eff3774083cfad46ffb43b54ed62a] Registry Data: 0 (No malicious items detected) Folders: 24 PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\rep, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\STG, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\UI, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\UI\rep, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], Files: 78 PUP.Optional.Conduit.A, C:\Users\Gary\AppData\Local\Temp\air9A8A.exe, Quarantined, [95062c0a720a87af7a49bc770bf66799], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\Temp\nshD705.exe, Quarantined, [970467cf324a42f4b8dd88b89d64da26], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\Temp\nsmC26A.exe, Quarantined, [1388989ee79595a19ef745fbe819c937], PUP.Optional.Conduit.A, C:\Users\Gary\AppData\Local\Temp\nsbA364\SpSetup.exe, Quarantined, [1982092d0973b185276075c0f70a57a9], PUP.Optional.Conduit.A, C:\Windows\Temp\nsb7D6D.exe, Quarantined, [386364d20577cd698a1d7524956cfc04], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsf5318.exe, Quarantined, [0299f0463844b1858e07de6243be0df3], PUP.Optional.Conduit.A, C:\Windows\Temp\nsg2DF6.exe, Quarantined, [b4e7d066e19be5513c6b4851fc0519e7], PUP.Optional.Conduit.A, C:\Windows\Temp\nsg4B85.exe, Quarantined, [653686b0f08c2a0cf3b43663b051c937], PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsv3A79.exe, Quarantined, [faa1ef478af25cdaf89d8bb503febe42], PUP.Optional.Conduit.A, C:\Windows\Temp\nsv9E36.exe, Quarantined, [6e2d181e4b315dd92780603980812cd4], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\bubble.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, Quarantined, [f8a375c1fb81bb7bc5eb265bcb39f60a], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], PUP.Optional.SearchProtect.A, C:\Users\Gary\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, Quarantined, [7f1cd75f681448eea5696aa4c73ce818], Physical Sectors: 0 (No malicious items detected) (end)

Hi, Yeah just tried that and still no luck with my Yahoo account. I managed to write down the two pages that appear 1 is login.yahoo.com and 2 is uk-mg42.mail.yahoo.com. Regards Gary

Hi Nev, I don't use any other mail apart from Yahoo. My system clock looks like it is showing the correct time. I think the login issue has been going on for a around a week now. Cheers Gary

Hi, I am having problems with my Yahoo mail, I am able to login and preview my mail on the Yahoo homepage but when I click into my Yahoo mail a page opens up and jumps between two blank pages and does this for 30 seconds and then crashes my internet. In addition I have noticed that my computer is running a little slower. I have tried using System Restore but I don't seem to have any restore points, I have gone into safe mode and still no restore points. I have read up that this could be a symptom of a virus. I have tried disabling Avg and then trying system restore but that has not worked. I have Avg installed and this shows no issues so I have installed malwarebytes also but this has not solved the problem. Can anyone give me any advice? apart from a fresh install of windows I am unsure what to do. Cheers Gary

Hi, I am having problems with my Yahoo mail, I am able to login and preview my mail on the Yahoo homepage but when I click into my Yahoo mail a page opens up and jumps between two blank pages and does this for 30 seconds and then crashes my internet. I have tried using System Restore but I don't seem to have any restore points, I have gone into safe mode and still no restore points. I have read up that this could be a symptom of a virus removing all my restore points. I have tried disabling Avg and then trying system restore but that has not worked. I have Avg installed and this shows no issues so I have installed malwarebytes also but this has not solved the problem. Can anyone give me any advice? apart from a fresh install of windows I am unsure what to do. Cheers Gary