Freepchelp.co.uk

My computer's gone funny again

2014-10-23

Dear Friends

My home PC went odd about 2 months ago and I've only just dared turn it back on. Whenever I clicked on MS word, it would open a windows installer box; same with Mozilla firefox and Chrome. I can access web via IE. It was spontaneously rebooting every 5 mins but has now stopped. I don't know if this is malware or something else, but here are the logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 23/10/2014

Scan Time: 08:46:25

Logfile: 2310scanmbam.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.10.23.02

Rootkit Database: v2014.10.22.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: Nuala

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 329595

Time Elapsed: 16 min, 31 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 17

PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [4ad4e92f3f3d3ff7577a6b3eb250e61a],

PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [4ad4e92f3f3d3ff7577a6b3eb250e61a],

PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FD FDB-3722-470E-8BA8-90196DABE967}, Quarantined, [4ad4e92f3f3d3ff7577a6b3eb250e61a],

PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9F C-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [4ad4e92f3f3d3ff7577a6b3eb250e61a],

PUP.Optional.Iminent.A, HKU\S-1-5-21-786219754-68426886-4267286824-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\ST ATS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [d44a80981d5f979fd9b83aa2c63c7c84],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [d44a80981d5f979fd9b83aa2c63c7c84],

PUP.Optional.FreeFLVConverter.A, HKU\S-1-5-21-786219754-68426886-4267286824-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\ST ATS\{DC7CE5D0-3608-4FD0-8853-D5822E02135D}, Quarantined, [0d11e533a9d3a591408b386e44beb44c],

PUP.Optional.FreeFLVConverter.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DC7CE5D0-3608-4FD0-8853-D5822E02135D}, Quarantined, [0d11e533a9d3a591408b386e44beb44c],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [7ca208102359a78f17e5e0fc1be77a86],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [908edb3dbcc0b18544b9cf0d6f9334cc],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [22fcab6d1a623cfaa49fc6910003e917],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [ae7030e8de9ebd795141a6dbfc089769],

PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, Quarantined, [38e6f4247ffd5bdbf01359d66c97ac54],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, Quarantined, [e33b23f553290036d27196c126dde51b],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, Quarantined, [829c1bfdef8d92a4fe94fd849e668779],

PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\DatamngrCoordinator.exe, Quarantined, [45d96dab7a02bd79c73c56d913f0dc24],

PUP.Optional.Iminent.A, HKU\S-1-5-21-786219754-68426886-4267286824-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\IminentToolbar, Quarantined, [05191503790367cfe4506deb669d17e9],

Registry Values: 7

PUP.Optional.Iminent.A, HKU\S-1-5-21-786219754-68426886-4267286824-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [d44a80981d5f979fd9b83aa2c63c7c84],

PUP.Optional.Iminent.A, HKU\S-1-5-21-786219754-68426886-4267286824-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, Quarantined, [fe20d4447ffd5adc157c78643ac8639d],

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, Quarantined, [39e565b3bbc12e08ad98941526dcf30d],

PUP.Optional.VBates, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, Quarantined, [39e565b3bbc12e08ad98941526dcf30d]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIO NS|{21EAF666-26B3-4A3C-ABD0-CA2F5A326744}, C:\Program Files\V-bates\Firefox, Quarantined, [39e565b3bbc12e08ad98941526dcf30d]

PUP.Optional.VBates, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIO NS\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}, Quarantined, [ab73d741fe7ea294063f9118d82a817f],

PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\RUN|IminentMessenger, C:\Program Files (x86)\Iminent\Iminent.Messengers.exe, Quarantined, [c55965b36b1193a372fea581d92a3ac6]

Registry Data: 1

PUP.Optional.Conduit.A, HKU\S-1-5-21-786219754-68426886-4267286824-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.conduit.com/?gd=&ctid=...D67F40298&SSPV=, Good: (www.google.com), Bad: (http://search.conduit.com/?gd=&ctid=...PV=),Replaced,[63bb58c0354758de31ee869a4bba51af]

Folders: 4

PUP.Optional.Iminent.A, C:\Users\Nuala\AppData\Local\Temp\Iminent, Quarantined, [74aa37e10379a69060f2a24e887a21df],

PUP.Optional.Visualbee, C:\Users\Nuala\AppData\Local\VisualBeeExe, Quarantined, [89958494e399b87e7d41a64b20e24ab6],

PUP.Optional.Iminent.A, C:\Users\Nuala\AppData\Roaming\IminentToolbar, Quarantined, [2cf252c6394349ed509f6d84a65ca25e],

PUP.Optional.VisualBee, C:\ProgramData\VisualBee, Quarantined, [ea3449cfbac233031f833cd36c97c33d],

Files: 24

PUP.Optional.GetNow.A, C:\Users\Nuala\Downloads\Angry Birds provided through Adscend Media Network CPA.exe, Quarantined, [4ad4e92f3f3d3ff7577a6b3eb250e61a],

PUP.Optional.ScramblePacker.A, C:\Users\Nuala\AppData\Local\Temp\information.exe, Quarantined, [839be8303349f541865a5b361ce5f808],

PUP.Optional.SearchProtect.A, C:\Users\Nuala\AppData\Local\Temp\nsaA5D8.exe, Quarantined, [de4024f4532942f41104bf8010f1956b],

PUP.Optional.SearchProtect.A, C:\Users\Nuala\AppData\Local\Temp\nsfA9EE.exe, Quarantined, [b66842d67309f541878e281708f926da],

MSIL.Solimba, C:\Users\Nuala\AppData\Local\Temp\vbmz20.exe, Quarantined, [6cb272a6d4a8d75ff969aa883bc6fa06],

MSIL.Solimba, C:\Users\Nuala\AppData\Local\Temp\GetCC.dll, Quarantined, [f42a56c2126a80b667fb062ccf32a45c],

PUP.Optional.SearchProtect.A, C:\Users\Nuala\AppData\Local\Temp\nsk7247.exe, Quarantined, [021ced2b5a225ed882931e2141c00cf4],

PUP.Optional.SearchProtect.A, C:\Users\Nuala\AppData\Local\Temp\nslF01.exe, Quarantined, [44dad543c5b790a638dd9ea1946d22de],

PUP.Optional.ScramblePacker.A, C:\Users\Nuala\AppData\Local\Temp\plus-hd-9-3.exe, Quarantined, [c25cb95f047852e414ccaee3bb4637c9],

PUP.Optional.SearchProtect.A, C:\Users\Nuala\AppData\Local\Temp\nsk6E9E.exe, Quarantined, [f32bce4a720a92a47e979fa02ad7bc44],

PUP.Optional.GenericExt.A, C:\Users\Nuala\AppData\Local\Temp\igdhbblpcellaljo kkpfhcjlagemhgjlee73\MinibarChrome.exe, Quarantined, [e737a77157250b2b1f4b91ac47b9847c],

PUP.Optional.Conduit.A, C:\Users\Nuala\AppData\Local\Temp\nsa4F99\SpSetup. exe, Quarantined, [48d645d38cf0be78897e8fa50ef319e7],

PUP.Optional.LiveSoftAction.A, C:\Users\Nuala\Downloads\Angry Birds provided through Adscend Media Network CPA(1).exe, Quarantined, [71adca4e374557df012155dc649da35d],

PUP.Optional.LiveSoftAction.A, C:\Users\Nuala\Downloads\Angry Birds provided through Adscend Media Network CPA(2).exe, Quarantined, [78a633e59fdd26103ee4ef42e51cc838],

PUP.Optional.OptimumInstaller.A, C:\Users\Nuala\Downloads\Player-Chrome.exe, Quarantined, [8c923ade4c305adc6cf40c5742bf7d83],

PUP.Optional.Conduit.A, C:\Users\Nuala\AppData\Roaming\Mozilla\Firefox\Pro files\p83vsbfm.default\searchplugins\conduit-search.xml, Quarantined, [26f8b5638bf13afcab94978b9f642cd4],

PUP.Optional.VBates, C:\Windows\System32\Tasks\FF Watcher {95A35DCA-582A-4DA2-8514-F48B581AEA4C}, Quarantined, [ac722deb4b3157df018329007c87b848],

PUP.Optional.VBates, C:\Windows\Tasks\FF Watcher {95A35DCA-582A-4DA2-8514-F48B581AEA4C}.job, Quarantined, [3be38890e399b87e3a4b9b8e3bc841bf],

PUP.Optional.Iminent.A, C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.local storage, Quarantined, [d14da0780577c373919966daf50e9070],

PUP.Optional.Iminent.A, C:\Users\Nuala\AppData\Roaming\Mozilla\Firefox\Pro files\p83vsbfm.default\searchplugins\iminent.xml, Quarantined, [b767de3a8cf0bf77c32e6ae1e81b58a8],

PUP.Optional.Iminent.A, C:\Users\Nuala\AppData\Roaming\IminentToolbar\sqli te3.dll, Quarantined, [2cf252c6394349ed509f6d84a65ca25e],

PUP.Optional.VisualBee, C:\ProgramData\VisualBee\VisualBeeDB.exe, Quarantined, [ea3449cfbac233031f833cd36c97c33d],

PUP.Optional.VisualBee, C:\ProgramData\VisualBee\VisualBeeSoftware.exe, Quarantined, [ea3449cfbac233031f833cd36c97c33d],

PUP.Optional.Iminent.A, C:\Users\Nuala\AppData\Roaming\Mozilla\Firefox\Pro files\p83vsbfm.default\user.js, Good: (), Bad: (user_pref("extensions.iminent.tlbrSrchUrl", "http://start.iminent.com/?ref=toolbarm#q=");), Replaced,[0d118197245884b23067d985df26bd43]

Physical Sectors: 0

(No malicious items detected)

(end)

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-10-2014

Ran by Nuala (administrator) on NABOO on 23-10-2014 12:05:07

Running from C:\Users\Nuala\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\BHC7YWAE

Loaded Profile: Nuala (Available profiles: Nuala)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

() C:\Users\Nuala\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe

(Dropbox, Inc.) C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox .exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe

HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2726728 2010-03-25] (CANON INC.)

HKLM-x32\...\Run: [StartCCC] => "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

HKLM-x32\...\Run: [CanonSolutionMenuEx] => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon

HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-04] (AVAST Software)

HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-30] (Easybits)

HKLM-x32\...\Run: [QuickTime Task] => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

HKLM-x32\...\Run: [iTunesHelper] => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1

HKU\S-1-5-21-786219754-68426886-4267286824-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Nuala\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [397632 2013-04-05] ()

HKU\S-1-5-21-786219754-68426886-4267286824-1000\...\Run: [TomTomHOME.exe] => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

HKU\S-1-5-21-786219754-68426886-4267286824-1000\...\Policies\system: [DisableLockWorkstation] 0

HKU\S-1-5-21-786219754-68426886-4267286824-1000\...\Policies\system: [DisableChangePassword] 0

Startup: C:\Users\Nuala\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/CQDSK/2

SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM - {97260D55-C7DE-4416-8331-A6363E7FBD0D} URL = http://uk.search.yahoo.com/search?p=...sg&type=CPDTDF

SearchScopes: HKLM - {ED78C70E-09F3-40E8-87ED-C153562563B5} URL = http://en.wikipedia.org/wiki/Special...h={searchTerms}

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM-x32 - {97260D55-C7DE-4416-8331-A6363E7FBD0D} URL = http://uk.search.yahoo.com/search?p=...sg&type=CPDTDF

SearchScopes: HKLM-x32 - {ED78C70E-09F3-40E8-87ED-C153562563B5} URL = http://en.wikipedia.org/wiki/Special...h={searchTerms}

SearchScopes: HKCU - {A33DB9FD-7A8A-496E-92D3-9CFCF9D9E1C9} URL =

SearchScopes: HKCU - {ED78C70E-09F3-40E8-87ED-C153562563B5} URL =

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP luginx64.dll No File

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll No File

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckP lugin.dll No File

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll No File

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts.../ieawsdc32.cab

DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} http://www.tescophoto.com/upload/act...eX_Control.cab

Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File

Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll No File

Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll No File

Winsock: Catalog5 05 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()

Winsock: Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File Not found ()

Winsock: Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll File Not found ()

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

FireFox:

========

FF ProfilePath: C:\Users\Nuala\AppData\Roaming\Mozilla\Firefox\Pro files\p83vsbfm.default

FF DefaultSearchEngineuser_pref("browser.search.defau ltenginename", "");: user_pref("browser.search.defaultenginename", "");

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File

FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File

FF Plugin-x32: @ei.MindDabble_4p.com/Plugin -> C:\Program Files (x86)\MindDabble_4pEI\Installr\1.bin\NP4pEISB.dll No File

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll No File

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File

FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\Nuala\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)

FF user.js: detected! => C:\Users\Nuala\AppData\Roaming\Mozilla\Firefox\Pro files\p83vsbfm.default\user.js

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-01-29]

FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]

Chrome:

=======

CHR Profile: C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2014-05-12]

CHR Extension: (Google Drive) - C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2014-05-12]

CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmn hjmhfn [2014-05-28]

CHR Extension: (YouTube) - C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2014-05-12]

CHR Extension: (Google Search) - C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf [2014-05-12]

CHR Extension: (Google Wallet) - C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2014-05-12]

CHR Extension: (Gmail) - C:\Users\Nuala\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2014-05-12]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-28] (AVAST Software)

R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-28] (AVAST Software)

R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S2 Apple Mobile Device; "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]

S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]

S2 cvhsvc; "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" [X]

S3 GameConsoleService; "C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe" [X]

S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]

S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]

S2 HP Support Assistant Service; "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [X]

S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X]

S2 LightScribeService; "c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" [X]

S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]

S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [X]

S2 sftlist; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" [X]

S3 sftvsa; "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" [X]

S2 TomTomHOMEService; "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-28] ()

R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-28] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-28] (AVAST Software)

R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-28] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-28] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-28] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-28] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-28] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-28] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-28] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-23] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)

R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 12:04 - 2014-10-23 12:05 - 00000000 ____D () C:\FRST

2014-10-23 12:04 - 2014-10-23 12:04 - 02112000 _____ (Farbar) C:\Users\Nuala\Desktop\FRST64.exe.jjb2jvn.partial

2014-10-23 08:49 - 2014-05-14 17:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-10-23 08:49 - 2014-05-14 17:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-10-23 08:49 - 2014-05-14 17:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-10-23 08:49 - 2014-05-14 17:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-10-23 08:49 - 2014-05-14 17:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-10-23 08:49 - 2014-05-14 17:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-10-23 08:49 - 2014-05-14 17:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-10-23 08:49 - 2014-05-14 17:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-10-23 08:49 - 2014-05-14 17:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-10-23 08:49 - 2014-05-14 17:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-10-23 08:48 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-10-23 08:48 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-10-23 08:48 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-10-23 08:48 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-10-23 08:41 - 2014-10-23 12:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-23 08:41 - 2014-10-23 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-23 08:41 - 2014-10-23 08:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-23 08:41 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-10-23 08:41 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-23 12:00 - 2014-05-12 18:18 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-10-23 12:00 - 2012-09-20 19:32 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-23 12:00 - 2012-08-02 21:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-10-23 12:00 - 2011-05-28 11:37 - 00109920 _____ () C:\Users\Nuala\AppData\Local\GDIPFONTCACHEV1.DAT

2014-10-23 12:00 - 2011-05-28 11:31 - 01469086 _____ () C:\Windows\WindowsUpdate.log

2014-10-23 09:14 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-23 09:14 - 2009-07-14 05:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-23 09:08 - 2013-06-24 16:49 - 00000000 ___RD () C:\Users\Nuala\Dropbox

2014-10-23 09:08 - 2013-06-24 16:47 - 00000000 ____D () C:\Users\Nuala\AppData\Roaming\Dropbox

2014-10-23 09:07 - 2012-09-20 19:32 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-23 09:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-10-23 09:06 - 2009-07-14 05:51 - 00162439 _____ () C:\Windows\setupact.log

2014-10-23 09:06 - 2009-07-14 05:45 - 00420056 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-10-23 09:05 - 2011-05-28 11:24 - 00787248 _____ () C:\Windows\PFRO.log

2014-10-23 09:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Speech

2014-10-23 08:46 - 2013-11-15 18:04 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-23 08:46 - 2011-07-30 10:01 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-23 08:41 - 2011-10-06 21:38 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-10-23 08:31 - 2013-06-24 16:47 - 00000000 ____D () C:\Users\Nuala\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Dropbox

2014-10-02 15:53 - 2011-05-28 11:47 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-01 11:11 - 2011-10-06 21:38 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some content of TEMP:

====================

C:\Users\Nuala\AppData\Local\Temp\BackupSetup.exe

C:\Users\Nuala\AppData\Local\Temp\dropbox_sqlite_e xt.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbqx5db.dll

C:\Users\Nuala\AppData\Local\Temp\helper.exe

C:\Users\Nuala\AppData\Local\Temp\SendMsg.dll

C:\Users\Nuala\AppData\Local\Temp\sqlite3.exe

C:\Users\Nuala\AppData\Local\Temp\{7E9CA04F-6E86-4318-8475-7CFD4FE4CEC3}-GoogleUpdateSetup.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-10 19:52

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-10-2014

Ran by Nuala at 2014-10-23 12:05:49

Running from C:\Users\Nuala\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\BHC7YWAE

Boot Mode: Normal

================================================== ========

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 14.0.0.110 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden

AM Usb Card Reader Driver (HKLM-x32\...\AmUStor) (Version: 8.1460.6366.1401 - Alcor)

AM Usb Card Reader Driver (x32 Version: 8.1460.6366.1401 - Alcor) Hidden

Amazon MP3 Downloader 1.0.18 (HKCU\...\Amazon MP3 Downloader) (Version: 1.0.18 - Amazon Services LLC)

Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 2.1.0 - Amazon Services LLC)

Amazon Music Importer (x32 Version: 2.1.0 - Amazon Services LLC) Hidden

Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

ATI Catalyst Install Manager (HKLM\...\{E50A5077-1654-BEAE-986B-7B7133DA7C48}) (Version: 3.0.762.0 - ATI Technologies, Inc.)

avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)

Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden

BlackBerry Desktop Software 7.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)

BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41 - Research In Motion Ltd.) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bookworm Adventures Volume 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )

Canon MP Navigator EX 4.0 (HKLM-x32\...\MP Navigator EX 4.0) (Version: - )

Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version: - )

Canon MP280 series User Registration (HKLM-x32\...\Canon MP280 series User Registration) (Version: - )

Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )

Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - )

Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden

Catalyst Control Center Core Implementation (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Full New (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Light (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

Catalyst Control Center InstallProxy (x32 Version: 2010.0202.2335.42270 - ATI Technologies, Inc.) Hidden

Catalyst Control Center Localization All (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

CCC Help Chinese Standard (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Chinese Traditional (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Czech (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Danish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Dutch (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help English (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Finnish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help French (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help German (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Greek (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Hungarian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Italian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Japanese (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Korean (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Norwegian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Polish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Portuguese (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Russian (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Spanish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Swedish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Thai (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

CCC Help Turkish (x32 Version: 2010.0202.2334.42270 - ATI) Hidden

ccc-core-static (x32 Version: 2010.0202.2335.42270 - ATI) Hidden

ccc-utility64 (Version: 2010.0202.2335.42270 - ATI) Hidden

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden

Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)

FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden

Final Draft (HKLM-x32\...\{7C3C895B-AE02-4F30-8A6A-051D37A38DD0}) (Version: 8.0.1.89 - Final Draft, Inc.)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden

HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden

HP Game Console (x32 Version: - WildTangent) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}) (Version: 10.1.0002 - Hewlett-Packard)

HP Update (HKLM-x32\...\{DE77FE3F-A33D-499A-87AD-5FC406617B40}) (Version: 5.002.003.003 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.1.6.0 - Hewlett-Packard)

iCloud (HKLM\...\{CE97E4D3-9F91-4D72-8A29-ED9EA90E5A15}) (Version: 2.1.3.25 - Apple Inc.)

Insaniquarium Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

iTunes (HKLM\...\{1CF5754A-545B-4360-BFDE-2847BC728DFC}) (Version: 11.2.0.115 - Apple Inc.)

Jewel Quest II (x32 Version: 2.2.0.95 - WildTangent) Hidden

Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2926 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.2926 - CyberLink Corp.) Hidden

LightScribe System Software (HKLM-x32\...\{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}) (Version: 1.18.15.1 - LightScribe)

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Home and Student 2010 - English (HKLM-x32\...\{90140011-0061-0409-0000-0000000FF1CE}) (Version: 14.0.5138.5002 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MusicStation (HKLM-x32\...\MusicStationNetstaller) (Version: 1.0.0.121 - Hewlett-Packard)

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 3.5.111 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4204 - CyberLink Corp.)

Power2Go (x32 Version: 6.1.4204 - CyberLink Corp.) Hidden

QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6080 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)

Recovery Manager (x32 Version: 5.5.2829 - CyberLink Corp.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden

SketchUp 2013 (HKLM-x32\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)

Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

TomTom HOME (HKLM-x32\...\{EC5F4C1B-F838-4CB7-8561-8F809296428B}) (Version: 2.9.5 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Trixie (HKLM-x32\...\{8EEA1427-5C0D-469F-9FC6-A622A99D98EB}) (Version: 1.0.3 - Bhelpuri)

Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden

Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox .exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-786219754-68426886-4267286824-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Nuala\AppData\Roaming\Dropbox\bin\Dropbox Ext64.24.dll (Dropbox, Inc.)

==================== Restore Points =========================

31-05-2014 09:07:52 Windows Update

05-06-2014 10:01:15 Windows Update

11-06-2014 10:32:16 Windows Update

11-06-2014 10:53:38 Windows Update

18-06-2014 13:59:58 Windows Update

28-06-2014 11:43:44 Windows Update

22-07-2014 10:25:48 Windows Update

22-07-2014 15:06:31 Windows Update

26-07-2014 09:40:06 Windows Update

26-07-2014 09:57:20 Windows Update

28-07-2014 09:57:17 avast! antivirus system restore point

28-07-2014 09:59:52 Device Driver Package Install: Avast Network Service

29-07-2014 11:14:39 Windows Update

04-08-2014 21:57:51 Windows Update

23-10-2014 07:48:15 Windows Update

23-10-2014 08:12:58 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2013-11-15 20:40 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01059175-01B1-4A03-ACF3-D6491EEDE0F4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2014-05-27] (Adobe Systems Incorporated)

Task: {0B817EBC-9498-4BD7-BF0E-B89393840DC3} - System32\Tasks\{C67FBF1A-1761-4E98-A9D4-D0B6C037A54A} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04] (AVAST Software)

Task: {12BF6EB7-924E-4064-9CA9-58C5AC67745F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {3C0A548E-1255-4A4C-BA86-86F48928B2FC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: {60868B95-8DDE-49A8-B2F8-413DA9E5898B} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-28] (AVAST Software)

Task: {60DD09F5-8941-4F4E-A41F-CC1F252DA868} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {61F6242E-06F0-44A4-B601-9895A71ED0C2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe

Task: {681FA39E-C527-46F6-B3FC-12A8F3837F67} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {6F98CFB7-C58C-451C-9DF5-7568EA6847C0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe

Task: {8BBECEC4-70ED-41B0-8254-ED7F37AD6D6A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe

Task: {93E4E1E9-A472-4DEA-AE77-84269ADB9200} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe

Task: {A7C7C45A-8625-4C08-AE28-2A43D94A6C57} - System32\Tasks\{9728EB74-9493-4DA8-A22D-1BD65BEBDF41} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04] (AVAST Software)

Task: {B423F7A7-F0E4-4B73-87B3-662B02EC5D1F} - System32\Tasks\{F828D4D5-B85A-42B5-80E7-4335896371E3} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04] (AVAST Software)

Task: {D36E7AF1-40AB-43EF-9176-096C2A9F816E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Task: {D8DAF351-FF3E-441C-8C36-E7D7D5500855} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChec ker.exe

Task: {FB516710-666E-4D68-B605-AAD1FCDA0C74} - System32\Tasks\{AAEB6A86-49BF-474C-8E90-AF1529E8AD2D} => C:\Program Files\AVAST Software\Avast\AvastUI.exe [2014-08-04] (AVAST Software)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-04-05 22:55 - 2013-04-05 22:55 - 00397632 _____ () C:\Users\Nuala\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe

2014-07-28 10:59 - 2014-07-28 10:59 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll

2014-10-23 08:30 - 2014-10-23 08:30 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102201\algo.dll

2014-10-23 12:00 - 2014-10-23 12:00 - 02896896 _____ () C:\Program Files\AVAST Software\Avast\defs\14102301\algo.dll

2014-07-28 10:59 - 2014-07-28 10:59 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2014-10-23 09:08 - 2014-10-23 09:08 - 00043008 _____ () c:\users\nuala\appdata\local\temp\dropbox_sqlite_e xt.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpbqx5db.dll

2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Nuala\AppData\Roaming\Dropbox\bin\libcef. dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-786219754-68426886-4267286824-500 - Administrator - Disabled)

Guest (S-1-5-21-786219754-68426886-4267286824-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-786219754-68426886-4267286824-1002 - Limited - Enabled)

Nuala (S-1-5-21-786219754-68426886-4267286824-1000 - Administrator - Enabled) => C:\Users\Nuala

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/23/2014 08:46:14 AM) (Source: Microsoft Office 14) (EventID: 2001) (User: )

Description: Microsoft Word: Rejected Safe Mode action : Word failed to start correctly last time. Starting Word in safe mode will help you correct or isolate a startup problem in order to successfully start the program. Some functionality may be disabled in this mode.

Do you want to start Word in safe mode?.

Rejected Safe Mode action : Microsoft Word.

Error: (10/23/2014 08:42:24 AM) (Source: MsiInstaller) (EventID: 11719) (User: Naboo)

Description: Product: Microsoft Office Shared MUI (English) 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (10/23/2014 08:42:16 AM) (Source: MsiInstaller) (EventID: 11719) (User: Naboo)

Description: Product: Microsoft Office Office 64-bit Components 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (10/23/2014 08:33:29 AM) (Source: MsiInstaller) (EventID: 11719) (User: Naboo)

Description: Product: Microsoft Office Office 64-bit Components 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (08/07/2014 01:59:57 PM) (Source: MsiInstaller) (EventID: 11719) (User: Naboo)

Description: Product: Microsoft Office Office 64-bit Components 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (08/07/2014 01:56:11 PM) (Source: MsiInstaller) (EventID: 11719) (User: Naboo)

Description: Product: Microsoft Office Office 64-bit Components 2010 -- Error 1719. The Windows Installer Service could not be accessed. This can occur if the Windows Installer is not correctly installed. Contact your support personnel for assistance.

Error: (07/22/2014 11:49:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15725

Error: (07/22/2014 11:49:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15725

Error: (07/22/2014 11:49:23 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/22/2014 11:49:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 14727

System errors:

=============

Error: (10/23/2014 00:00:12 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/23/2014 00:00:12 PM) (Source: Service Control Manager) (EventID: 7011) (User: )

Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.

Error: (10/23/2014 09:09:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The HP Support Assistant Service service failed to start due to the following error:

%%2

Error: (10/23/2014 09:09:15 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The Google Update Service (gupdate) service failed to start due to the following error:

%%2

Error: (10/23/2014 09:07:07 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:

%%1068

Error: (10/23/2014 09:07:03 AM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The Application Virtualization Client service depends on the Application Virtualization Service Agent service which failed to start because of the following error:

%