guildmasterdan

Results of screen317's Security Check version 0.99.80 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.77 Adobe Reader XI Mozilla Firefox (27.0.1) Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` Windows Defender MSMpEng.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````

Went I went to uninstall FindRight it gave me the following message. I selected no. "An error occured while trying to uninstall FindRight. It may have already been uninstalled. Would you like to remove FindRight from the list of featured programs?" I donwloaded CCleaner, and unchecked cookies. I browsed around a bit to test how it was running. Malwarebytes doesn't seem to be catching anything, and the extra tab isn't opening anymore. I went back into add/remove programs after the clean to try removing FindRight again, and it gave me the same message. Ran by Denehy at 2014-03-15 12:19:23 Run:1 Running from C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] - [X] SearchScopes: HKCU - {84718CBC-0841-4D62-83AE-97ED52032AFA} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12312670442138822&UM=2 FF Extension: FindRight - C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-11] FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-30] Task: {49828A88-A37A-4B38-B796-C59966E31AA4} - System32\Tasks\Test TimeTrigger => C:\Users\Denehy\AppData\Local\Temp\Runner.exe C:\Users\Denehy\AppData\Local\Temp\Extract.exe C:\Users\Denehy\AppData\Local\Temp\ntdll_dump.dll C:\Users\Denehy\AppData\Local\Temp\Quarantine.exe C:\Users\Denehy\AppData\Local\Temp\sp64126.exe C:\Users\Denehy\AppData\Local\Temp\SP65048.exe C:\Users\Denehy\AppData\Local\Temp\UninstallHPSA.exe AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:65137F0D AlternateDataStreams: C:\Users\Denehy\SkyDrive:ms-properties ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84718CBC-0841-4D62-83AE-97ED52032AFA} => Key deleted successfully. HKCR\CLSID\{84718CBC-0841-4D62-83AE-97ED52032AFA} => Key not found. C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => Moved successfully. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} => Value deleted successfully. C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49828A88-A37A-4B38-B796-C59966E31AA4} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49828A88-A37A-4B38-B796-C59966E31AA4} => Key deleted successfully. C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => Key deleted successfully. "C:\Users\Denehy\AppData\Local\Temp\Extract.exe" => File/Directory not found. "C:\Users\Denehy\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found. "C:\Users\Denehy\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. "C:\Users\Denehy\AppData\Local\Temp\sp64126.exe" => File/Directory not found. "C:\Users\Denehy\AppData\Local\Temp\SP65048.exe" => File/Directory not found. "C:\Users\Denehy\AppData\Local\Temp\UninstallHPSA.exe" => File/Directory not found. C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully. C:\ProgramData\Temp => ":65137F0D" ADS removed successfully. "C:\Users\Denehy\SkyDrive" => ":ms-properties" ADS not found. ==== End of Fixlog ====

Firefox is affected. I had thought that Chrome was as well, but it failed to show up when I tried to replicate the issue on that browser. I downloaded the tool and: FRST Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014 Ran by Denehy (administrator) on EDI on 12-03-2014 10:46:45 Running from C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool Windows 8.1 (X64) OS Language: English(US) Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe (AMD) C:\WINDOWS\system32\atiesrxx.exe (AMD) C:\WINDOWS\system32\atieclxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe () C:\Windows\system32\valWBFPolicyService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Microsoft Corporation) C:\Windows\System32\skydrive.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.) HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-06-05] (Synaptics Incorporated) HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Runonce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-09] (Valve Corporation) HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.) HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.) HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [AppEx Accelerator UI] - C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation) HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [Google Update] - C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-04] (Google Inc.) HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\MountPoints2: {a87b6828-2e5f-11e2-be71-806e6f6e6963} - "E:\Setup.exe" Startup: C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1 SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS SearchScopes: HKLM - {C8D8CC51-6013-4FFB-9075-19D681AF421E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKLM-x32 - {C8D8CC51-6013-4FFB-9075-19D681AF421E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=228 SearchScopes: HKCU - {361EE50B-93B0-4D25-BDA9-88A10E4D5C15} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms} SearchScopes: HKCU - {5F9FE8F2-B13A-46F3-A183-78B13182D1F1} URL = http://search.softonic.com/INF00175/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=198 SearchScopes: HKCU - {84718CBC-0841-4D62-83AE-97ED52032AFA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12312670442138822&UM=2 SearchScopes: HKCU - {BD0D9C56-A3C7-4D22-9931-3738E14E8EBF} URL = http://searchou.com/?q={searchTerms}&id=12294eff00000000000012689d993b3e&r=565 SearchScopes: HKCU - {C8D8CC51-6013-4FFB-9075-19D681AF421E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms} BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Denehy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Denehy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Extension: FindRight - C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-11] FF Extension: Adblock Plus - C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-24] FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-30] Chrome: ======= CHR DefaultSearchKeyword: yahoo.com CHR DefaultSearchProvider: Yahoo! CHR DefaultSearchURL: http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=714647&ilc=12&p={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04] CHR Extension: (Google Drive) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04] CHR Extension: (YouTube) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04] CHR Extension: (Google Cast) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-04] CHR Extension: (Adblock Plus) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-05] CHR Extension: (Google Search) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04] CHR Extension: (Website Logon) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-12-04] CHR Extension: (Google Wallet) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04] CHR Extension: (Gmail) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04] CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.) R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] () R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.) R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-09] (Microsoft Corporation) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra) R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.) R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices) S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation) S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation) S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation) R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-09] (Microsoft Corporation) S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation) S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation) S3 RDID1061; C:\Windows\system32\Drivers\rdwm1061.sys [201728 2012-10-23] (Roland Corporation) S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation) R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-08-04] (Realtek Semiconductor Corp.) S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-09] (Microsoft Corporation) R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated) S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated) S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation) S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation) R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-12 10:46 - 2014-03-12 10:46 - 00000000 ____D () C:\FRST 2014-03-12 10:45 - 2014-03-12 10:46 - 00000000 ____D () C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool 2014-03-10 23:48 - 2014-03-10 23:48 - 00002229 _____ () C:\Users\Denehy\Desktop\HP Support Assistant.lnk 2014-03-10 23:43 - 2014-03-10 23:43 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-03-09 11:51 - 2014-03-09 12:27 - 00000000 ____D () C:\AdwCleaner 2014-03-09 11:50 - 2014-03-09 11:50 - 01244192 _____ () C:\Users\Denehy\Desktop\AdwCleaner.exe 2014-03-07 18:13 - 2014-03-07 18:13 - 00002152 _____ () C:\Users\Denehy\Desktop\RKreport[0]_S_03072014_171317.txt 2014-03-07 18:09 - 2014-03-07 18:14 - 00003341 _____ () C:\Users\Denehy\Desktop\malware forum reports.txt 2014-03-07 18:00 - 2014-03-07 18:13 - 00000000 ____D () C:\Users\Denehy\Desktop\RK_Quarantine 2014-03-07 18:00 - 2014-03-07 18:00 - 04413952 _____ () C:\Users\Denehy\Desktop\RogueKillerX64.exe 2014-03-06 17:02 - 2014-03-06 17:02 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.com 2014-03-06 13:51 - 2014-03-06 13:51 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.scr 2014-03-05 11:38 - 2014-03-05 11:38 - 00005306 _____ () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill.lnk 2014-02-18 22:21 - 2014-02-25 15:38 - 00000000 ____D () C:\Users\Denehy\Desktop\Gaming Files 2014-02-15 13:48 - 2013-11-27 11:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2014-02-15 13:48 - 2013-11-27 09:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2014-02-15 13:48 - 2013-11-26 05:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2014-02-15 13:48 - 2013-11-23 07:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2014-02-15 13:47 - 2013-12-08 20:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2014-02-15 13:47 - 2013-12-08 20:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2014-02-15 13:47 - 2013-11-27 11:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2014-02-15 13:47 - 2013-11-27 10:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2014-02-15 13:47 - 2013-11-27 08:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys 2014-02-15 13:47 - 2013-11-27 06:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll 2014-02-15 13:47 - 2013-11-27 06:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll 2014-02-15 13:47 - 2013-11-27 06:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll 2014-02-15 13:47 - 2013-11-27 05:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll 2014-02-15 13:47 - 2013-11-27 05:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2014-02-15 13:47 - 2013-11-27 05:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2014-02-15 13:47 - 2013-11-27 05:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2014-02-15 13:47 - 2013-11-27 04:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2014-02-15 13:47 - 2013-11-27 04:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2014-02-15 13:47 - 2013-11-27 00:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml 2014-02-15 13:47 - 2013-11-26 09:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2014-02-15 13:47 - 2013-11-26 09:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2014-02-15 13:47 - 2013-11-26 09:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2014-02-15 13:47 - 2013-11-26 09:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2014-02-15 13:47 - 2013-11-26 07:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2014-02-15 13:47 - 2013-11-26 07:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2014-02-15 13:47 - 2013-11-26 07:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2014-02-15 13:47 - 2013-11-26 06:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2014-02-15 13:47 - 2013-11-26 04:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2014-02-15 13:47 - 2013-11-24 21:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2014-02-15 13:47 - 2013-11-24 21:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2014-02-15 13:47 - 2013-11-24 19:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2014-02-15 13:47 - 2013-11-24 19:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2014-02-15 13:47 - 2013-11-23 08:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll 2014-02-15 13:47 - 2013-11-23 04:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2014-02-15 13:47 - 2013-11-23 03:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll 2014-02-15 13:47 - 2013-11-23 03:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys 2014-02-15 13:47 - 2013-11-23 03:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2014-02-15 13:47 - 2013-11-23 00:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll 2014-02-15 13:47 - 2013-11-22 23:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2014-02-15 13:47 - 2013-11-22 23:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2014-02-15 13:47 - 2013-11-22 23:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2014-02-15 13:47 - 2013-11-22 23:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2014-02-15 13:47 - 2013-11-22 23:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2014-02-15 13:47 - 2013-11-22 23:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2014-02-15 13:47 - 2013-11-21 02:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll 2014-02-15 13:47 - 2013-11-21 02:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2014-02-15 13:47 - 2013-11-16 01:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2014-02-15 13:47 - 2013-11-15 14:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2014-02-15 13:47 - 2013-11-15 10:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2014-02-15 13:47 - 2013-11-15 10:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2014-02-15 13:47 - 2013-11-15 10:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll 2014-02-15 13:47 - 2013-11-15 09:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2014-02-15 13:47 - 2013-11-05 16:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-02-15 13:47 - 2013-10-30 20:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2014-02-15 13:47 - 2013-10-30 19:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2014-02-14 11:50 - 2014-02-16 18:22 - 00000000 ____D () C:\Users\Denehy\Documents\Corel VideoStudio Pro 2014-02-14 11:48 - 2014-02-14 14:24 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Ulead Systems 2014-02-14 11:48 - 2014-02-14 11:50 - 00000000 ____D () C:\ProgramData\Protexis 2014-02-14 11:48 - 2014-02-14 11:48 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Corel 2014-02-13 23:21 - 2014-02-13 23:21 - 00000110 _____ () C:\WINDOWS\wininit.ini 2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc 2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\eSellerate 2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software 2014-02-13 23:20 - 2014-02-13 23:20 - 00000563 _____ () C:\WINDOWS\wmsetup.log 2014-02-13 23:20 - 2014-02-13 23:20 - 00000000 ____D () C:\WINDOWS\RegisteredPackages 2014-02-13 23:18 - 2014-02-13 23:18 - 00000000 ____D () C:\ProgramData\InterVideo 2014-02-13 23:15 - 2014-02-13 23:16 - 00000000 ____D () C:\ProgramData\Corel 2014-02-13 23:15 - 2014-02-13 23:15 - 00001061 _____ () C:\Users\Public\Desktop\Corel ScreenCap X6.lnk 2014-02-13 23:15 - 2014-02-13 23:15 - 00001054 _____ () C:\Users\Public\Desktop\Corel VideoStudio Pro X6.lnk 2014-02-13 23:02 - 2014-02-13 23:11 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-02-13 21:29 - 2014-02-17 17:00 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-02-13 21:29 - 2014-02-17 17:00 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-13 18:36 - 2014-02-13 18:42 - 1414007832 _____ (Acresso Software Inc.) C:\Users\Denehy\Downloads\VSX6_Pro_TBYB.exe 2014-02-13 16:16 - 2014-02-06 07:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2014-02-13 16:16 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-02-13 16:16 - 2014-02-06 07:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-13 16:16 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-02-13 16:16 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-02-13 16:16 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-02-13 16:16 - 2014-02-06 06:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-02-13 16:16 - 2014-02-06 06:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-02-13 16:16 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-02-13 16:16 - 2014-02-06 05:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-02-13 16:16 - 2014-02-06 05:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-13 16:16 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-02-13 16:16 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-02-13 16:16 - 2014-02-06 05:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-02-13 16:16 - 2014-02-06 05:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-02-13 16:16 - 2014-02-06 05:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-02-13 16:16 - 2014-02-06 05:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-02-13 16:16 - 2014-02-06 04:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-13 16:16 - 2014-02-06 04:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-02-13 16:16 - 2014-01-07 01:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2014-02-13 16:16 - 2014-01-07 00:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2014-02-13 16:16 - 2013-12-08 20:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-02-13 16:16 - 2013-12-08 20:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll 2014-02-13 16:16 - 2013-12-08 19:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll 2014-02-13 16:16 - 2013-12-08 19:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-02-13 16:16 - 2013-11-21 02:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2014-02-13 16:16 - 2013-11-21 01:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2014-02-13 16:15 - 2014-02-06 08:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-13 16:15 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-02-13 16:15 - 2014-02-06 06:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-13 16:15 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-02-13 16:15 - 2014-02-06 06:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-02-13 16:15 - 2014-02-06 06:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-13 16:15 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2014-02-13 16:15 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-02-13 16:15 - 2014-02-06 06:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-02-13 16:15 - 2014-02-06 05:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-13 16:15 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-02-13 16:15 - 2014-02-06 05:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-02-13 16:15 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-02-13 16:15 - 2014-02-06 05:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-13 16:15 - 2014-02-06 05:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-13 16:15 - 2014-02-06 04:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-02-13 16:15 - 2014-02-06 04:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-02-13 16:15 - 2014-02-06 04:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-02-13 16:15 - 2014-01-07 03:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe 2014-02-13 16:15 - 2014-01-07 01:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe 2014-02-13 16:15 - 2014-01-04 16:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2014-02-13 16:15 - 2014-01-04 15:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2014-02-13 16:15 - 2014-01-04 10:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2014-02-13 16:15 - 2014-01-04 10:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2014-02-13 16:15 - 2014-01-04 09:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll 2014-02-13 16:15 - 2014-01-04 09:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2014-02-13 16:15 - 2014-01-04 09:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll 2014-02-13 16:15 - 2014-01-04 09:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2014-02-13 16:15 - 2013-12-20 22:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms 2014-02-13 16:15 - 2013-12-20 22:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms 2014-02-13 16:15 - 2013-12-20 06:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2014-02-13 16:15 - 2013-12-20 02:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2014-02-13 16:15 - 2013-12-08 22:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2014-02-13 16:15 - 2013-12-08 21:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2014-02-13 16:14 - 2014-01-09 04:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2014-02-13 16:14 - 2014-01-09 03:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2014-02-13 16:14 - 2014-01-09 03:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll 2014-02-13 16:14 - 2014-01-09 03:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2014-02-13 16:14 - 2014-01-09 03:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll 2014-02-13 16:14 - 2014-01-09 03:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll 2014-02-13 16:14 - 2014-01-09 03:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll 2014-02-13 16:14 - 2014-01-09 03:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll 2014-02-13 16:14 - 2014-01-09 03:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll 2014-02-13 16:14 - 2014-01-09 03:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe 2014-02-12 12:57 - 2014-02-12 12:57 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2014-02-12 11:17 - 2013-10-17 03:46 - 03858944 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys 2014-02-12 10:58 - 2014-02-12 12:03 - 00000000 ____D () C:\Program Files (x86)\Lightworks 2014-02-12 10:43 - 2014-02-12 10:41 - 72720560 _____ (Lightworks) C:\Users\Denehy\Downloads\Lightworks-Installer.exe 2014-02-12 10:40 - 2014-02-12 10:40 - 00619024 _____ ( ) C:\Users\Denehy\Downloads\Lightworks Download Manager.exe 2014-02-11 20:49 - 2014-02-11 20:49 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yume Nikki 0.10 English 2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\WINDOWS\en 2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-02-11 11:09 - 2014-02-11 11:09 - 01239536 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\wlsetup-web(1).exe 2014-02-11 00:30 - 2014-02-11 00:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\MicrosoftFixit.AudioPlayback.Run.exe 2014-02-10 12:30 - 2014-02-10 12:30 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf ==================== One Month Modified Files and Folders ======= 2014-03-12 10:46 - 2014-03-12 10:46 - 00000000 ____D () C:\FRST 2014-03-12 10:46 - 2014-03-12 10:45 - 00000000 ____D () C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool 2014-03-12 10:45 - 2012-12-01 23:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2014-03-12 10:45 - 2012-12-01 23:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-03-12 10:41 - 2013-11-14 03:28 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-12 10:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness 2014-03-12 10:39 - 2012-12-01 15:16 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E1F77F69-B8B8-4427-A5F8-872F5974F150} 2014-03-12 10:37 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-03-11 02:56 - 2014-02-08 23:47 - 01734227 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-10 23:57 - 2012-12-01 20:59 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-32087582-376241081-1250844966-1002 2014-03-10 23:48 - 2014-03-10 23:48 - 00002229 _____ () C:\Users\Denehy\Desktop\HP Support Assistant.lnk 2014-03-10 23:48 - 2013-11-11 16:31 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForDenehy 2014-03-10 23:48 - 2013-04-28 12:53 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForDenehy.job 2014-03-10 23:48 - 2012-08-17 01:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-10 23:46 - 2012-08-17 01:52 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard 2014-03-10 23:44 - 2013-09-18 12:44 - 00052414 _____ () C:\WINDOWS\system32\lvcoinst.log 2014-03-10 23:43 - 2014-03-10 23:43 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F} 2014-03-10 23:42 - 2012-08-17 02:11 - 00000000 ____D () C:\ProgramData\Hewlett-Packard 2014-03-10 23:41 - 2012-08-03 20:02 - 00000000 ____D () C:\SWSetup 2014-03-10 00:19 - 2013-12-04 23:03 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA.job 2014-03-09 15:19 - 2013-12-04 23:07 - 00002414 _____ () C:\Users\Denehy\Desktop\Google Chrome.lnk 2014-03-09 15:19 - 2013-12-04 23:03 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core.job 2014-03-09 13:52 - 2013-06-12 14:40 - 00000000 ____D () C:\Users\Denehy\Desktop\Guildmaster Dan 2014-03-09 12:30 - 2014-02-09 10:58 - 00000000 __RDO () C:\Users\Denehy\SkyDrive 2014-03-09 12:29 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-09 12:28 - 2013-11-14 03:20 - 00013774 _____ () C:\WINDOWS\PFRO.log 2014-03-09 12:28 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-03-09 12:27 - 2014-03-09 11:51 - 00000000 ____D () C:\AdwCleaner 2014-03-09 11:54 - 2012-12-02 19:33 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log 2014-03-09 11:53 - 2012-12-10 00:49 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-03-09 11:50 - 2014-03-09 11:50 - 01244192 _____ () C:\Users\Denehy\Desktop\AdwCleaner.exe 2014-03-07 18:14 - 2014-03-07 18:09 - 00003341 _____ () C:\Users\Denehy\Desktop\malware forum reports.txt 2014-03-07 18:13 - 2014-03-07 18:13 - 00002152 _____ () C:\Users\Denehy\Desktop\RKreport[0]_S_03072014_171317.txt 2014-03-07 18:13 - 2014-03-07 18:00 - 00000000 ____D () C:\Users\Denehy\Desktop\RK_Quarantine 2014-03-07 18:00 - 2014-03-07 18:00 - 04413952 _____ () C:\Users\Denehy\Desktop\RogueKillerX64.exe 2014-03-06 17:12 - 2013-08-21 16:42 - 05519488 _____ () C:\Users\Denehy\Desktop\Rkill.txt 2014-03-06 17:02 - 2014-03-06 17:02 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.com 2014-03-06 13:51 - 2014-03-06 13:51 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.scr 2014-03-06 12:07 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports 2014-03-05 15:34 - 2013-04-28 21:35 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\uTorrent 2014-03-05 11:38 - 2014-03-05 11:38 - 00005306 _____ () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill.lnk 2014-03-04 22:24 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM 2014-03-03 18:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-03-03 01:00 - 2012-12-01 15:16 - 00000000 ___RD () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-03-03 01:00 - 2012-12-01 15:16 - 00000000 ___RD () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-03-03 00:58 - 2013-08-22 10:44 - 00403960 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-03 00:57 - 2012-12-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-03-03 00:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-03-03 00:55 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism 2014-03-03 00:55 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism 2014-02-25 15:38 - 2014-02-18 22:21 - 00000000 ____D () C:\Users\Denehy\Desktop\Gaming Files 2014-02-17 17:00 - 2014-02-13 21:29 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2014-02-17 17:00 - 2014-02-13 21:29 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2014-02-16 18:22 - 2014-02-14 11:50 - 00000000 ____D () C:\Users\Denehy\Documents\Corel VideoStudio Pro 2014-02-16 16:14 - 2013-12-04 23:03 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA 2014-02-16 16:14 - 2013-12-04 23:03 - 00003492 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core 2014-02-15 14:31 - 2013-07-24 11:25 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-02-15 14:29 - 2012-12-12 23:56 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-02-15 10:53 - 2014-02-05 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-02-14 14:24 - 2014-02-14 11:48 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Ulead Systems 2014-02-14 11:50 - 2014-02-14 11:48 - 00000000 ____D () C:\ProgramData\Protexis 2014-02-14 11:48 - 2014-02-14 11:48 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Corel 2014-02-13 23:21 - 2014-02-13 23:21 - 00000110 _____ () C:\WINDOWS\wininit.ini 2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc 2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\eSellerate 2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software 2014-02-13 23:20 - 2014-02-13 23:20 - 00000563 _____ () C:\WINDOWS\wmsetup.log 2014-02-13 23:20 - 2014-02-13 23:20 - 00000000 ____D () C:\WINDOWS\RegisteredPackages 2014-02-13 23:20 - 2013-10-27 11:33 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp 2014-02-13 23:18 - 2014-02-13 23:18 - 00000000 ____D () C:\ProgramData\InterVideo 2014-02-13 23:16 - 2014-02-13 23:15 - 00000000 ____D () C:\ProgramData\Corel 2014-02-13 23:15 - 2014-02-13 23:15 - 00001061 _____ () C:\Users\Public\Desktop\Corel ScreenCap X6.lnk 2014-02-13 23:15 - 2014-02-13 23:15 - 00001054 _____ () C:\Users\Public\Desktop\Corel VideoStudio Pro X6.lnk 2014-02-13 23:11 - 2014-02-13 23:02 - 00000000 ____D () C:\Program Files (x86)\Corel 2014-02-13 23:10 - 2012-08-17 02:04 - 00066748 _____ () C:\WINDOWS\DirectX.log 2014-02-13 22:21 - 2013-08-22 10:46 - 00299742 _____ () C:\WINDOWS\setupact.log 2014-02-13 21:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer 2014-02-13 21:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager 2014-02-13 21:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera 2014-02-13 18:42 - 2014-02-13 18:36 - 1414007832 _____ (Acresso Software Inc.) C:\Users\Denehy\Downloads\VSX6_Pro_TBYB.exe 2014-02-12 13:00 - 2013-05-17 19:18 - 00000000 ____D () C:\Users\Denehy\AppData\Local\Unity 2014-02-12 12:57 - 2014-02-12 12:57 - 00000000 ____D () C:\WINDOWS\PCHEALTH 2014-02-12 12:03 - 2014-02-12 10:58 - 00000000 ____D () C:\Program Files (x86)\Lightworks 2014-02-12 12:02 - 2013-10-11 12:55 - 00000000 ____D () C:\BigFishCache 2014-02-12 11:18 - 2012-11-14 07:36 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros 2014-02-12 11:07 - 2013-06-12 16:12 - 00000000 ____D () C:\Users\Public\Documents\Lightworks 2014-02-12 10:41 - 2014-02-12 10:43 - 72720560 _____ (Lightworks) C:\Users\Denehy\Downloads\Lightworks-Installer.exe 2014-02-12 10:40 - 2014-02-12 10:40 - 00619024 _____ ( ) C:\Users\Denehy\Downloads\Lightworks Download Manager.exe 2014-02-11 20:51 - 2014-02-08 23:28 - 00000000 ____D () C:\Users\Denehy 2014-02-11 20:49 - 2014-02-11 20:49 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yume Nikki 0.10 English 2014-02-11 20:47 - 2013-09-18 12:44 - 00000000 ____D () C:\Program Files\Common Files\logishrd 2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\WINDOWS\en 2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-02-11 11:11 - 2012-08-17 02:04 - 00000000 ____D () C:\Program Files (x86)\Windows Live 2014-02-11 11:09 - 2014-02-11 11:09 - 01239536 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\wlsetup-web(1).exe 2014-02-11 00:30 - 2014-02-11 00:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\MicrosoftFixit.AudioPlayback.Run.exe 2014-02-10 12:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore 2014-02-10 12:30 - 2014-02-10 12:30 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf 2014-02-10 12:30 - 2013-08-21 16:42 - 00000000 ____D () C:\Users\Denehy\Desktop\rkill Some content of TEMP: ==================== C:\Users\Denehy\AppData\Local\Temp\Extract.exe C:\Users\Denehy\AppData\Local\Temp\ntdll_dump.dll C:\Users\Denehy\AppData\Local\Temp\Quarantine.exe C:\Users\Denehy\AppData\Local\Temp\sp64126.exe C:\Users\Denehy\AppData\Local\Temp\SP65048.exe C:\Users\Denehy\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-09 14:39 ==================== End Of Log ============================ ADDITION Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014 Ran by Denehy at 2014-03-12 10:48:10 Running from C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.) AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks) AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden Amnesia - The Dark Descent (HKLM-x32\...\{759FC370-E77F-4FB0-A1E4-C0628A44BA44}) (Version: 1.00.0000 - Valusoft) AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden calibre (HKLM-x32\...\{D060E2E3-5509-4420-AA04-FA197C6678C8}) (Version: 0.9.28 - Kovid Goyal) CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.1.266.0 - Google Inc.) ComicRack v0.9.156 (HKLM\...\ComicRack) (Version: v0.9.156 - cYo Soft) Contents (x32 Version: 16.1.0.45 - Corel Corporation) Hidden Corel VideoStudio Pro X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.1.0.45 - Corel Corporation) CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.) CyberLink LabelPrint (x32 Version: 2.5.3.5901 - CyberLink Corp.) Hidden CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.) CyberLink Media Suite 10 (x32 Version: 10.0.3.2608 - CyberLink Corp.) Hidden CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.) CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.) CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.) CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.) CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.) CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories) Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard) erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden FFsplit version 0.7 (HKLM-x32\...\{82458834-6226-4A34-AE96-6907354F9F36}_is1) (Version: 0.7 - FFsplit Team) FindRight (HKLM\...\FindRight) (Version: 2014.02.11.223523 - FindRight) <==== ATTENTION FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory) Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.) Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company) HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd) HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard) HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent) HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company) HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company) HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard) HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard) HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard) HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company) ICA (x32 Version: 16.1.0.45 - Corel Corporation) Hidden IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT) IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Java 6 Update 33 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416033FF}) (Version: 6.0.330 - Oracle) Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.) LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility) Motorola Device Software Update (x32 Version: 12.10.3002 - Motorola Mobility) Hidden Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation) Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Project 64 version 2.0.0.14 (HKLM-x32\...\Project 64_is1) (Version: 2.0.0.14 - ) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.) Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.) Setup (x32 Version: 16.1.0.45 - Corel Corporation) Hidden Share (x32 Version: 16.1.0.45 - Corel Corporation) Hidden Share64 (Version: 16.1.0.45 - Corel Corporation) Hidden SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.) SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated) The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom) UA-4FX Driver (HKLM\...\RolandRDID0061) (Version: - Roland Corporation) Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VSClassic (x32 Version: 16.1.0.45 - Corel Corporation) Hidden VSHelp (x32 Version: 16.1.0.45 - Corel Corporation) Hidden VSPro (x32 Version: 16.1.0.45 - Corel Corporation) Hidden Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Yume Nikki 0.10 English (HKCU\...\Yume Nikki 0.10 English) (Version: - ) ==================== Restore Points ========================= 22-02-2014 04:48:24 Scheduled Checkpoint 03-03-2014 22:58:53 Scheduled Checkpoint 07-03-2014 22:17:51 Malwarebytes Help Start Point 11-03-2014 03:44:11 Installed HP Support Assistant ==================== Hosts content: ========================== 2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {119D2C18-7F25-4BDD-8AA3-DC269F84F308} - System32\Tasks\PcRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {2FDCA46A-5CAC-4D5D-8B59-B49A186E577C} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {3CD26201-F2D6-4DD9-A2A2-6E14123FB0CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company) Task: {3F3CCDE3-B0A8-4289-A30E-4A598EA65CAB} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {437BC9DD-84EE-4B78-AAF6-0D17E0BDB262} - \BackgroundContainer Startup Task No Task File Task: {43A324A5-5BA1-4376-A946-946E8EC36A6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {43AE4E83-DEB9-40FF-82B7-09B9F9803811} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-05] (Synaptics Incorporated) Task: {45DE73A0-6209-41BF-A8DC-8AD942738A6D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {49828A88-A37A-4B38-B796-C59966E31AA4} - System32\Tasks\Test TimeTrigger => C:\Users\Denehy\AppData\Local\Temp\Runner.exe <==== ATTENTION Task: {4C03268C-E26B-4AD9-96D9-63B2700194FD} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] () Task: {5B067028-4A29-42A0-B1B1-4DAE77C8BD31} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] () Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6B966235-2276-4764-A9C8-EEAAE65BC17E} - System32\Tasks\HPCeeScheduleForDenehy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard) Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {739EEAD5-EE34-443F-8B7A-FF82B89A6D86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7D9C08DC-CFE9-4420-98C3-981F8F4BEE6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.) Task: {8247AD1C-33FB-47A5-AA4E-6E4D73924C02} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-15] (Microsoft Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {87801EB6-B91B-4FDD-BE25-F34BF887A111} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink) Task: {8CC2B922-7E32-4CEA-87FB-5F3458AF9921} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.) Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {998D62DE-0D14-4C85-8A5D-3FC3A8AFDCED} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.) Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A2CB74C9-7668-4121-8548-C3A29871DC3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {A769E8A9-EF4D-4667-9931-2E31188EF19C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe Task: {A843A4DB-776B-4EE1-86DA-156967D3F52A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink) Task: {C7A23EFF-B109-4158-92FD-2657DD701ADE} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] () Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {DD7C7F0A-40B6-4A15-B3F9-3B57C140907C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core.job => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA.job => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\HPCeeScheduleForDenehy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-08 14:36 - 2012-08-08 14:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll 2012-10-23 18:58 - 2012-10-23 18:58 - 00120728 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe 2012-09-06 05:47 - 2012-09-06 05:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe 2012-10-23 18:58 - 2012-10-23 18:58 - 00694168 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe 2013-02-07 09:19 - 2013-02-07 09:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe 2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 2012-08-08 14:36 - 2012-08-08 14:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2012-10-17 16:42 - 2012-10-17 16:42 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll 2013-05-20 20:32 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll 2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll 2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll 2013-02-07 09:19 - 2013-02-07 09:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll 2014-02-05 13:17 - 2014-02-15 10:53 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\Temp:2CB9631F AlternateDataStreams: C:\ProgramData\Temp:65137F0D AlternateDataStreams: C:\Users\Denehy\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/11/2014 02:57:03 AM) (Source: Application Hang) (User: ) Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 801c Start Time: 01cf3cddee8c63f7 Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe Report Id: 4ba9e73a-a8ea-11e3-beef-082e5f7afb68 Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1 Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EDI) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EDI) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EDI) Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (03/11/2014 02:56:36 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (03/09/2014 11:49:10 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (03/05/2014 11:08:09 AM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (03/04/2014 09:29:24 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (03/01/2014 05:24:14 PM) (Source: Customer Experience Improvement Program) (User: ) Description: 80070005 Error: (02/28/2014 04:41:37 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database System errors: ============= Error: (03/12/2014 10:40:03 AM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/10/2014 11:43:21 PM) (Source: Service Control Manager) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: %%2 Error: (03/10/2014 11:43:21 PM) (Source: Service Control Manager) (User: ) Description: The HP Support Assistant Service service failed to start due to the following error: %%2 Error: (03/10/2014 11:41:41 PM) (Source: Service Control Manager) (User: ) Description: The HP Support Assistant Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (03/10/2014 11:36:51 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/09/2014 11:52:10 AM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/08/2014 05:23:43 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/07/2014 05:36:29 PM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Error: (03/06/2014 05:05:35 PM) (Source: Service Control Manager) (User: ) Description: The Validity WBF Policy Service service terminated unexpectedly. It has done this 1 time(s). Error: (03/06/2014 11:00:02 AM) (Source: DCOM) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable Microsoft Office Sessions: ========================= Error: (03/11/2014 02:57:03 AM) (Source: Application Hang)(User: ) Description: LiveComm.exe17.5.9600.20413801c01cf3cddee8c63f74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe4ba9e73a-a8ea-11e3-beef-082e5f7afb68microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1 Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EDI) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170 Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EDI) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170 Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EDI) Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170 Error: (03/11/2014 02:56:36 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (03/09/2014 11:49:10 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (03/05/2014 11:08:09 AM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (03/04/2014 09:29:24 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (03/01/2014 05:24:14 PM) (Source: Customer Experience Improvement Program)(User: ) Description: 80070005 Error: (02/28/2014 04:41:37 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY) Description: -2147024883 CodeIntegrity Errors: =================================== Date: 2014-03-03 16:41:12.212 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:40:11.880 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:40:11.710 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:39:34.803 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:39:34.559 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:37:54.810 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:37:54.585 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:37:54.374 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:37:54.102 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2014-03-03 16:37:53.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 5596.25 MB Available physical RAM: 3247.1 MB Total Pagefile: 6492.25 MB Available Pagefile: 3902.99 MB Total Virtual: 131072 MB Available Virtual: 131071.78 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:670.94 GB) (Free:488.11 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (RECOVERY) (Fixed) (Total:26.58 GB) (Free:3.1 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (Amnesia) (CDROM) (Total:1.18 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D) Partition: GPT Partition Type. ==================== End Of Log ============================

I didn't recognize anything important so I just ran theclean. # AdwCleaner v3.020 - Report created 09/03/2014 at 12:25:53 # Updated 27/02/2014 by Xplode # Operating System : Windows 8.1 (64 bits) # Username : Denehy - EDI # Running from : C:\Users\Denehy\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\SearchProtect Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\AVG Security Toolbar Folder Deleted : C:\ProgramData\DnsBasic Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\DnsBasic Folder Deleted : C:\Program Files (x86)\Nation Toolbar Folder Deleted : C:\Program Files (x86)\SearchProtect Folder Deleted : C:\Program Files (x86)\Softonic Folder Deleted : C:\Program Files (x86)\uTorrentControl_v6 Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin Folder Deleted : C:\Users\Denehy\AppData\Local\Conduit Folder Deleted : C:\Users\Denehy\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Denehy\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Denehy\AppData\LocalLow\Softonic Folder Deleted : C:\Users\Denehy\AppData\LocalLow\Toolbar4 Folder Deleted : C:\Users\Denehy\AppData\LocalLow\uTorrentControl_v6 Folder Deleted : C:\Users\Denehy\AppData\Roaming\DefaultTab Folder Deleted : C:\Users\Denehy\AppData\Roaming\Search Protection Folder Deleted : C:\Users\Denehy\AppData\Roaming\SearchProtect Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp File Deleted : C:\END File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk File Deleted : C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\user.js File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1 Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1 Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1 Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075 Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122982266} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166986666} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96F454EA-9D38-474F-B504-56193E00C1A5} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96F454EA-9D38-474F-B504-56193E00C1A5} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB67DBD8-68A0-4800-B42B-90C5B87BBD78} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C39DAA43-0E59-484C-8D8C-E2CCE1530036} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94} Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166986666} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671} Key Deleted : HKCU\Software\APN PIP Key Deleted : HKCU\Software\caphyon Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\Nation Toolbar Key Deleted : HKCU\Software\PIP Key Deleted : HKCU\Software\PrivitizeVPNInstallDates Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\SoftonicToolbar Key Deleted : HKCU\Software\StartSearch Key Deleted : HKCU\Software\uTorrentControl_v6 Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6 Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F} Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0} Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C} Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\caphyon Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DnsBasic Key Deleted : HKLM\Software\Nation Toolbar Key Deleted : HKLM\Software\PIP Key Deleted : HKLM\Software\SearchProtect Key Deleted : HKLM\Software\uTorrentControl_v6 Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nation Toolbar Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\prefs.js ] -\\ Google Chrome v [ File : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [17181 octets] - [09/03/2014 11:51:59] AdwCleaner[R1].txt - [17242 octets] - [09/03/2014 11:53:40] AdwCleaner[s0].txt - [14801 octets] - [09/03/2014 12:25:53] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14862 octets] ##########

DDS does not run, possibly because of what you indicated,(my OS is WIn 8.1). Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.06.06 Windows 8 x64 NTFS Internet Explorer 11.0.9600.16518 Denehy :: EDI [administrator] Protection: Enabled 3/7/2014 4:43:01 PM mbam-log-2014-03-07 (16-43-01).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219130 Time elapsed: 6 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\Denehy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits version Started in : Normal mode User : Denehy [Admin rights] Mode : Scan -- Date : 03/07/2014 17:13:17 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤ [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] BackgroundContainer Startup Task : "C:\WINDOWS\SysWOW64\Rundll32.exe" - "C:\Users\Denehy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][7][x] -> FOUND [V2][sUSP PATH] Test TimeTrigger : C:\Users\Denehy\AppData\Local\Temp\Runner.exe - C:\Users\Denehy\AppData\Local\Temp\DNS.exe [x][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST750LM022 HN-M7 SATA Disk Device +++++ --- User --- [MBR] 5563ee86216a1c21e78cfa8297c1cea8 [bSP] 6a3125a7f090a24988d63ba5cae1a61d : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_03072014_171317.txt >>

Hello, I believe I am infected with a Malware called FastDailyFind.com. It causes my Malwarebytes PRO to block a malicious website several times every time I load a new web page.Sometimes a new tab will open at FastDailyFind.com which never finishes loading. I have run my Malwarebytes PRO full scan four times in the past three days. It has founds something each time. Each time prompting me to restart my computer. I have a software I use called rKill before I run the scan. Following the advice on the "I'm infected - What do I do now?" thread, I downloaded dds.scr and saved it to my desktop. It said that it could not run in compatability mode and exited. I then downloaded dds.com, and it said the same. Please advise.