Jump to content

guildmasterdan

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by guildmasterdan

    Infected with "Fast Daily Find.com"

    in Resolved Malware Removal Logs

    Posted

     Results of screen317's Security Check version 0.99.80  
       x64 (UAC is enabled)  
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Enabled!  
    Windows Defender   
     WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
     Malwarebytes Anti-Malware version 1.75.0.1300  
     Java 7 Update 51  
     Adobe Flash Player     12.0.0.77  
     Adobe Reader XI  
     Mozilla Firefox (27.0.1)
     Google Chrome 33.0.1750.146  
     Google Chrome 33.0.1750.154  
    ````````Process Check: objlist.exe by Laurent````````  
     Windows Defender MSMpEng.exe
     Malwarebytes Anti-Malware mbamservice.exe  
     Malwarebytes Anti-Malware mbamgui.exe  
     Malwarebytes' Anti-Malware mbamscheduler.exe   
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C:  %
    ````````````````````End of Log``````````````````````
     

    Infected with "Fast Daily Find.com"

    in Resolved Malware Removal Logs

    Posted

    Went I went to uninstall FindRight it gave me the following message. I selected no.

    "An error occured while trying to uninstall FindRight. It may have already been uninstalled. Would you
    like to remove FindRight from the list of featured programs?"

    I donwloaded CCleaner, and unchecked cookies.

    I browsed around a bit to test how it was running. Malwarebytes doesn't seem to be catching anything, and the extra
    tab isn't opening anymore.

    I went back into add/remove programs after the clean to try removing FindRight again, and it gave me the same message.

    Ran by Denehy at 2014-03-15 12:19:23 Run:1
    Running from C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKLM-x32\...\Run: [] - [X]
    SearchScopes: HKCU - {84718CBC-0841-4D62-83AE-97ED52032AFA} URL = http://search.condui...ultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12312670442138822&UM=2
    FF Extension: FindRight - C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-11]
    FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
    FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-30]
    Task: {49828A88-A37A-4B38-B796-C59966E31AA4} - System32\Tasks\Test TimeTrigger => C:\Users\Denehy\AppData\Local\Temp\Runner.exe
    C:\Users\Denehy\AppData\Local\Temp\Extract.exe
    C:\Users\Denehy\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Denehy\AppData\Local\Temp\Quarantine.exe
    C:\Users\Denehy\AppData\Local\Temp\sp64126.exe
    C:\Users\Denehy\AppData\Local\Temp\SP65048.exe
    C:\Users\Denehy\AppData\Local\Temp\UninstallHPSA.exe
    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:65137F0D
    AlternateDataStreams: C:\Users\Denehy\SkyDrive:ms-properties
    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84718CBC-0841-4D62-83AE-97ED52032AFA} => Key deleted successfully.
    HKCR\CLSID\{84718CBC-0841-4D62-83AE-97ED52032AFA} => Key not found.
    C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi => Moved successfully.
    HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D} => Value deleted successfully.
    C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{49828A88-A37A-4B38-B796-C59966E31AA4} => Key deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{49828A88-A37A-4B38-B796-C59966E31AA4} => Key deleted successfully.
    C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger => Key deleted successfully.
    "C:\Users\Denehy\AppData\Local\Temp\Extract.exe" => File/Directory not found.
    "C:\Users\Denehy\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found.
    "C:\Users\Denehy\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
    "C:\Users\Denehy\AppData\Local\Temp\sp64126.exe" => File/Directory not found.
    "C:\Users\Denehy\AppData\Local\Temp\SP65048.exe" => File/Directory not found.
    "C:\Users\Denehy\AppData\Local\Temp\UninstallHPSA.exe" => File/Directory not found.
    C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\Temp => ":65137F0D" ADS removed successfully.
    "C:\Users\Denehy\SkyDrive" => ":ms-properties" ADS not found.

    ==== End of Fixlog ====

    Infected with "Fast Daily Find.com"

    in Resolved Malware Removal Logs

    Posted

    Firefox is affected. I had thought that Chrome was as well, but it failed to show up when I tried to replicate the issue on that browser. I downloaded the tool and:

     

    FRST

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2014
    Ran by Denehy (administrator) on EDI on 12-03-2014 10:46:45
    Running from C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool
    Windows 8.1 (X64) OS Language: English(US)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
    (AMD) C:\WINDOWS\system32\atiesrxx.exe
    (AMD) C:\WINDOWS\system32\atieclxx.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
    (Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    (Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    (Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    () C:\Windows\system32\valWBFPolicyService.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Microsoft Corporation) C:\Windows\System32\skydrive.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    (Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Microsoft Corporation) C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
    (AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
    (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    (AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
    (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
    HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-06-05] (Synaptics Incorporated)
    HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [] - [X]
    HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [LWS] - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
    HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM\...\Runonce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
    HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-09] (Valve Corporation)
    HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [HP Deskjet 3050A J611 series (NET)] - C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
    HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [Power2GoExpress8] - C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
    HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [AppEx Accelerator UI] - C:\Program Files\AMD Quick Stream\AMDQuickStream.exe [429792 2013-04-11] (AppEx Networks Corporation)
    HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\Run: [Google Update] - C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-12-04] (Google Inc.)
    HKU\S-1-5-21-32087582-376241081-1250844966-1002\...\MountPoints2: {a87b6828-2e5f-11e2-be71-806e6f6e6963} - "E:\Setup.exe"
    Startup: C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk
    ShortcutTarget: Monitor Ink Alerts - HP Deskjet 3050A J611 series (Network).lnk -> C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
    Startup: C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
    ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
    HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    SearchScopes: HKLM - {C8D8CC51-6013-4FFB-9075-19D681AF421E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 - {C8D8CC51-6013-4FFB-9075-19D681AF421E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&r=228
    SearchScopes: HKCU - {361EE50B-93B0-4D25-BDA9-88A10E4D5C15} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
    SearchScopes: HKCU - {5F9FE8F2-B13A-46F3-A183-78B13182D1F1} URL = http://search.softonic.com/INF00175/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=198
    SearchScopes: HKCU - {84718CBC-0841-4D62-83AE-97ED52032AFA} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289075&CUI=UN12312670442138822&UM=2
    SearchScopes: HKCU - {BD0D9C56-A3C7-4D22-9931-3738E14E8EBF} URL = http://searchou.com/?q={searchTerms}&id=12294eff00000000000012689d993b3e&r=565
    SearchScopes: HKCU - {C8D8CC51-6013-4FFB-9075-19D681AF421E} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672


    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
    FF Plugin: @java.com/DTPlugin,version=1.6.0_33 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
    FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @authentec.com/ffwloplugin - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Denehy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Denehy\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: FindRight - C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{42e50651-9669-456e-9081-d5a836274274}.xpi [2014-02-11]
    FF Extension: Adblock Plus - C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-08-24]
    FF HKLM-x32\...\Firefox\Extensions: [{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}] - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi
    FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [2012-01-30]

    Chrome:
    =======
    CHR DefaultSearchKeyword: yahoo.com
    CHR DefaultSearchProvider: Yahoo!
    CHR DefaultSearchURL: http://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_gc&type=714647&ilc=12&p={searchTerms}
    CHR DefaultNewTabURL:
    CHR Extension: (Google Docs) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-04]
    CHR Extension: (Google Drive) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-04]
    CHR Extension: (YouTube) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-04]
    CHR Extension: (Google Cast) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-12-04]
    CHR Extension: (Adblock Plus) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-12-05]
    CHR Extension: (Google Search) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-04]
    CHR Extension: (Website Logon) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof [2013-12-04]
    CHR Extension: (Google Wallet) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-04]
    CHR Extension: (Gmail) - C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-04]
    CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]
    CHR HKLM-x32\...\Chrome\Extension: [jaaieiajnhcnimjgfmjpccjmmfkploci] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-12-12]

    ==================== Services (Whitelisted) =================

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
    R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
    R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] ()
    R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
    R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-09] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
    R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
    R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
    S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
    S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
    S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
    R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-09] (Microsoft Corporation)
    S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
    R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
    S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
    S3 RDID1061; C:\Windows\system32\Drivers\rdwm1061.sys [201728 2012-10-23] (Roland Corporation)
    S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
    R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-08-04] (Realtek Semiconductor Corp.)
    S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-09] (Microsoft Corporation)
    R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-06-05] (Synaptics Incorporated)
    S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
    S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
    S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-03-12 10:46 - 2014-03-12 10:46 - 00000000 ____D () C:\FRST
    2014-03-12 10:45 - 2014-03-12 10:46 - 00000000 ____D () C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool
    2014-03-10 23:48 - 2014-03-10 23:48 - 00002229 _____ () C:\Users\Denehy\Desktop\HP Support Assistant.lnk
    2014-03-10 23:43 - 2014-03-10 23:43 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
    2014-03-09 11:51 - 2014-03-09 12:27 - 00000000 ____D () C:\AdwCleaner
    2014-03-09 11:50 - 2014-03-09 11:50 - 01244192 _____ () C:\Users\Denehy\Desktop\AdwCleaner.exe
    2014-03-07 18:13 - 2014-03-07 18:13 - 00002152 _____ () C:\Users\Denehy\Desktop\RKreport[0]_S_03072014_171317.txt
    2014-03-07 18:09 - 2014-03-07 18:14 - 00003341 _____ () C:\Users\Denehy\Desktop\malware forum reports.txt
    2014-03-07 18:00 - 2014-03-07 18:13 - 00000000 ____D () C:\Users\Denehy\Desktop\RK_Quarantine
    2014-03-07 18:00 - 2014-03-07 18:00 - 04413952 _____ () C:\Users\Denehy\Desktop\RogueKillerX64.exe
    2014-03-06 17:02 - 2014-03-06 17:02 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.com
    2014-03-06 13:51 - 2014-03-06 13:51 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.scr
    2014-03-05 11:38 - 2014-03-05 11:38 - 00005306 _____ () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill.lnk
    2014-02-18 22:21 - 2014-02-25 15:38 - 00000000 ____D () C:\Users\Denehy\Desktop\Gaming Files
    2014-02-15 13:48 - 2013-11-27 11:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2014-02-15 13:48 - 2013-11-27 09:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2014-02-15 13:48 - 2013-11-26 05:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-02-15 13:48 - 2013-11-23 07:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-02-15 13:47 - 2013-12-08 20:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2014-02-15 13:47 - 2013-12-08 20:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2014-02-15 13:47 - 2013-11-27 11:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2014-02-15 13:47 - 2013-11-27 10:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2014-02-15 13:47 - 2013-11-27 08:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
    2014-02-15 13:47 - 2013-11-27 06:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2014-02-15 13:47 - 2013-11-27 06:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
    2014-02-15 13:47 - 2013-11-27 06:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
    2014-02-15 13:47 - 2013-11-27 05:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
    2014-02-15 13:47 - 2013-11-27 05:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2014-02-15 13:47 - 2013-11-27 05:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2014-02-15 13:47 - 2013-11-27 05:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
    2014-02-15 13:47 - 2013-11-27 04:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2014-02-15 13:47 - 2013-11-27 04:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
    2014-02-15 13:47 - 2013-11-27 00:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-02-15 13:47 - 2013-11-26 09:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2014-02-15 13:47 - 2013-11-26 09:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2014-02-15 13:47 - 2013-11-26 09:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2014-02-15 13:47 - 2013-11-26 09:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2014-02-15 13:47 - 2013-11-26 07:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2014-02-15 13:47 - 2013-11-26 07:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2014-02-15 13:47 - 2013-11-26 07:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2014-02-15 13:47 - 2013-11-26 06:13 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-02-15 13:47 - 2013-11-26 04:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-02-15 13:47 - 2013-11-24 21:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
    2014-02-15 13:47 - 2013-11-24 21:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2014-02-15 13:47 - 2013-11-24 19:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2014-02-15 13:47 - 2013-11-24 19:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2014-02-15 13:47 - 2013-11-23 08:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
    2014-02-15 13:47 - 2013-11-23 04:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-02-15 13:47 - 2013-11-23 03:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
    2014-02-15 13:47 - 2013-11-23 03:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
    2014-02-15 13:47 - 2013-11-23 03:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2014-02-15 13:47 - 2013-11-23 00:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2014-02-15 13:47 - 2013-11-22 23:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
    2014-02-15 13:47 - 2013-11-22 23:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
    2014-02-15 13:47 - 2013-11-22 23:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2014-02-15 13:47 - 2013-11-22 23:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2014-02-15 13:47 - 2013-11-22 23:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-02-15 13:47 - 2013-11-22 23:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-02-15 13:47 - 2013-11-21 02:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
    2014-02-15 13:47 - 2013-11-21 02:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-02-15 13:47 - 2013-11-16 01:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2014-02-15 13:47 - 2013-11-15 14:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2014-02-15 13:47 - 2013-11-15 10:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2014-02-15 13:47 - 2013-11-15 10:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2014-02-15 13:47 - 2013-11-15 10:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2014-02-15 13:47 - 2013-11-15 09:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2014-02-15 13:47 - 2013-11-05 16:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-02-15 13:47 - 2013-10-30 20:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2014-02-15 13:47 - 2013-10-30 19:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2014-02-14 11:50 - 2014-02-16 18:22 - 00000000 ____D () C:\Users\Denehy\Documents\Corel VideoStudio Pro
    2014-02-14 11:48 - 2014-02-14 14:24 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Ulead Systems
    2014-02-14 11:48 - 2014-02-14 11:50 - 00000000 ____D () C:\ProgramData\Protexis
    2014-02-14 11:48 - 2014-02-14 11:48 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Corel
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000110 _____ () C:\WINDOWS\wininit.ini
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\eSellerate
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software
    2014-02-13 23:20 - 2014-02-13 23:20 - 00000563 _____ () C:\WINDOWS\wmsetup.log
    2014-02-13 23:20 - 2014-02-13 23:20 - 00000000 ____D () C:\WINDOWS\RegisteredPackages
    2014-02-13 23:18 - 2014-02-13 23:18 - 00000000 ____D () C:\ProgramData\InterVideo
    2014-02-13 23:15 - 2014-02-13 23:16 - 00000000 ____D () C:\ProgramData\Corel
    2014-02-13 23:15 - 2014-02-13 23:15 - 00001061 _____ () C:\Users\Public\Desktop\Corel ScreenCap X6.lnk
    2014-02-13 23:15 - 2014-02-13 23:15 - 00001054 _____ () C:\Users\Public\Desktop\Corel VideoStudio Pro X6.lnk
    2014-02-13 23:02 - 2014-02-13 23:11 - 00000000 ____D () C:\Program Files (x86)\Corel
    2014-02-13 21:29 - 2014-02-17 17:00 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-02-13 21:29 - 2014-02-17 17:00 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-13 18:36 - 2014-02-13 18:42 - 1414007832 _____ (Acresso Software Inc.) C:\Users\Denehy\Downloads\VSX6_Pro_TBYB.exe
    2014-02-13 16:16 - 2014-02-06 07:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-02-13 16:16 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-02-13 16:16 - 2014-02-06 07:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-02-13 16:16 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-02-13 16:16 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-02-13 16:16 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-02-13 16:16 - 2014-02-06 06:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-02-13 16:16 - 2014-02-06 06:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-02-13 16:16 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-02-13 16:16 - 2014-02-06 05:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-02-13 16:16 - 2014-02-06 05:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-02-13 16:16 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-02-13 16:16 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-02-13 16:16 - 2014-02-06 05:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-02-13 16:16 - 2014-02-06 05:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-02-13 16:16 - 2014-02-06 05:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-02-13 16:16 - 2014-02-06 05:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-02-13 16:16 - 2014-02-06 04:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-02-13 16:16 - 2014-02-06 04:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-02-13 16:16 - 2014-01-07 01:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2014-02-13 16:16 - 2014-01-07 00:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2014-02-13 16:16 - 2013-12-08 20:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2014-02-13 16:16 - 2013-12-08 20:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
    2014-02-13 16:16 - 2013-12-08 19:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
    2014-02-13 16:16 - 2013-12-08 19:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2014-02-13 16:16 - 2013-11-21 02:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2014-02-13 16:16 - 2013-11-21 01:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2014-02-13 16:15 - 2014-02-06 08:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-02-13 16:15 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-02-13 16:15 - 2014-02-06 06:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-02-13 16:15 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-02-13 16:15 - 2014-02-06 06:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-02-13 16:15 - 2014-02-06 06:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-02-13 16:15 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-02-13 16:15 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-02-13 16:15 - 2014-02-06 06:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-02-13 16:15 - 2014-02-06 05:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-02-13 16:15 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-02-13 16:15 - 2014-02-06 05:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-02-13 16:15 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-02-13 16:15 - 2014-02-06 05:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-02-13 16:15 - 2014-02-06 05:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-02-13 16:15 - 2014-02-06 04:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-02-13 16:15 - 2014-02-06 04:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-02-13 16:15 - 2014-02-06 04:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-02-13 16:15 - 2014-01-07 03:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2014-02-13 16:15 - 2014-01-07 01:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2014-02-13 16:15 - 2014-01-04 16:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2014-02-13 16:15 - 2014-01-04 15:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2014-02-13 16:15 - 2014-01-04 10:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-02-13 16:15 - 2014-01-04 10:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-02-13 16:15 - 2014-01-04 09:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-02-13 16:15 - 2014-01-04 09:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-02-13 16:15 - 2014-01-04 09:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2014-02-13 16:15 - 2014-01-04 09:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-02-13 16:15 - 2013-12-20 22:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
    2014-02-13 16:15 - 2013-12-20 22:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
    2014-02-13 16:15 - 2013-12-20 06:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-02-13 16:15 - 2013-12-20 02:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-02-13 16:15 - 2013-12-08 22:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-02-13 16:15 - 2013-12-08 21:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-02-13 16:14 - 2014-01-09 04:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-02-13 16:14 - 2014-01-09 03:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-02-13 16:14 - 2014-01-09 03:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-02-13 16:14 - 2014-01-09 03:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-02-13 16:14 - 2014-01-09 03:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-02-13 16:14 - 2014-01-09 03:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-02-13 16:14 - 2014-01-09 03:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-02-13 16:14 - 2014-01-09 03:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-02-13 16:14 - 2014-01-09 03:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-02-13 16:14 - 2014-01-09 03:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-02-12 12:57 - 2014-02-12 12:57 - 00000000 ____D () C:\WINDOWS\PCHEALTH
    2014-02-12 11:17 - 2013-10-17 03:46 - 03858944 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athwbx.sys
    2014-02-12 10:58 - 2014-02-12 12:03 - 00000000 ____D () C:\Program Files (x86)\Lightworks
    2014-02-12 10:43 - 2014-02-12 10:41 - 72720560 _____ (Lightworks) C:\Users\Denehy\Downloads\Lightworks-Installer.exe
    2014-02-12 10:40 - 2014-02-12 10:40 - 00619024 _____ ( ) C:\Users\Denehy\Downloads\Lightworks Download Manager.exe
    2014-02-11 20:49 - 2014-02-11 20:49 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yume Nikki 0.10 English
    2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\WINDOWS\en
    2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-02-11 11:09 - 2014-02-11 11:09 - 01239536 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\wlsetup-web(1).exe
    2014-02-11 00:30 - 2014-02-11 00:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\MicrosoftFixit.AudioPlayback.Run.exe
    2014-02-10 12:30 - 2014-02-10 12:30 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf

    ==================== One Month Modified Files and Folders =======

    2014-03-12 10:46 - 2014-03-12 10:46 - 00000000 ____D () C:\FRST
    2014-03-12 10:46 - 2014-03-12 10:45 - 00000000 ____D () C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool
    2014-03-12 10:45 - 2012-12-01 23:17 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2014-03-12 10:45 - 2012-12-01 23:17 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-03-12 10:41 - 2013-11-14 03:28 - 00956540 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-03-12 10:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-03-12 10:39 - 2012-12-01 15:16 - 00003910 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E1F77F69-B8B8-4427-A5F8-872F5974F150}
    2014-03-12 10:37 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-03-11 02:56 - 2014-02-08 23:47 - 01734227 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-03-10 23:57 - 2012-12-01 20:59 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-32087582-376241081-1250844966-1002
    2014-03-10 23:48 - 2014-03-10 23:48 - 00002229 _____ () C:\Users\Denehy\Desktop\HP Support Assistant.lnk
    2014-03-10 23:48 - 2013-11-11 16:31 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForDenehy
    2014-03-10 23:48 - 2013-04-28 12:53 - 00000344 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForDenehy.job
    2014-03-10 23:48 - 2012-08-17 01:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-03-10 23:46 - 2012-08-17 01:52 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
    2014-03-10 23:44 - 2013-09-18 12:44 - 00052414 _____ () C:\WINDOWS\system32\lvcoinst.log
    2014-03-10 23:43 - 2014-03-10 23:43 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
    2014-03-10 23:42 - 2012-08-17 02:11 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
    2014-03-10 23:41 - 2012-08-03 20:02 - 00000000 ____D () C:\SWSetup
    2014-03-10 00:19 - 2013-12-04 23:03 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA.job
    2014-03-09 15:19 - 2013-12-04 23:07 - 00002414 _____ () C:\Users\Denehy\Desktop\Google Chrome.lnk
    2014-03-09 15:19 - 2013-12-04 23:03 - 00000868 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core.job
    2014-03-09 13:52 - 2013-06-12 14:40 - 00000000 ____D () C:\Users\Denehy\Desktop\Guildmaster Dan
    2014-03-09 12:30 - 2014-02-09 10:58 - 00000000 __RDO () C:\Users\Denehy\SkyDrive
    2014-03-09 12:29 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-03-09 12:28 - 2013-11-14 03:20 - 00013774 _____ () C:\WINDOWS\PFRO.log
    2014-03-09 12:28 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2014-03-09 12:27 - 2014-03-09 11:51 - 00000000 ____D () C:\AdwCleaner
    2014-03-09 11:54 - 2012-12-02 19:33 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2014-03-09 11:53 - 2012-12-10 00:49 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2014-03-09 11:50 - 2014-03-09 11:50 - 01244192 _____ () C:\Users\Denehy\Desktop\AdwCleaner.exe
    2014-03-07 18:14 - 2014-03-07 18:09 - 00003341 _____ () C:\Users\Denehy\Desktop\malware forum reports.txt
    2014-03-07 18:13 - 2014-03-07 18:13 - 00002152 _____ () C:\Users\Denehy\Desktop\RKreport[0]_S_03072014_171317.txt
    2014-03-07 18:13 - 2014-03-07 18:00 - 00000000 ____D () C:\Users\Denehy\Desktop\RK_Quarantine
    2014-03-07 18:00 - 2014-03-07 18:00 - 04413952 _____ () C:\Users\Denehy\Desktop\RogueKillerX64.exe
    2014-03-06 17:12 - 2013-08-21 16:42 - 05519488 _____ () C:\Users\Denehy\Desktop\Rkill.txt
    2014-03-06 17:02 - 2014-03-06 17:02 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.com
    2014-03-06 13:51 - 2014-03-06 13:51 - 00688992 _____ (Swearware) C:\Users\Denehy\Desktop\dds.scr
    2014-03-06 12:07 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\LiveKernelReports
    2014-03-05 15:34 - 2013-04-28 21:35 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\uTorrent
    2014-03-05 11:38 - 2014-03-05 11:38 - 00005306 _____ () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rkill.lnk
    2014-03-04 22:24 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-03-03 18:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-03-03 01:00 - 2012-12-01 15:16 - 00000000 ___RD () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-03-03 01:00 - 2012-12-01 15:16 - 00000000 ___RD () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-03-03 00:58 - 2013-08-22 10:44 - 00403960 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-03-03 00:57 - 2012-12-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-03-03 00:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-03-03 00:55 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
    2014-03-03 00:55 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
    2014-02-25 15:38 - 2014-02-18 22:21 - 00000000 ____D () C:\Users\Denehy\Desktop\Gaming Files
    2014-02-17 17:00 - 2014-02-13 21:29 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-02-17 17:00 - 2014-02-13 21:29 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-02-16 18:22 - 2014-02-14 11:50 - 00000000 ____D () C:\Users\Denehy\Documents\Corel VideoStudio Pro
    2014-02-16 16:14 - 2013-12-04 23:03 - 00003872 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA
    2014-02-16 16:14 - 2013-12-04 23:03 - 00003492 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core
    2014-02-15 14:31 - 2013-07-24 11:25 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-02-15 14:29 - 2012-12-12 23:56 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-02-15 10:53 - 2014-02-05 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-02-14 14:24 - 2014-02-14 11:48 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Ulead Systems
    2014-02-14 11:50 - 2014-02-14 11:48 - 00000000 ____D () C:\ProgramData\Protexis
    2014-02-14 11:48 - 2014-02-14 11:48 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Corel
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000110 _____ () C:\WINDOWS\wininit.ini
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\SmartSound Software Inc
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\ProgramData\eSellerate
    2014-02-13 23:21 - 2014-02-13 23:21 - 00000000 ____D () C:\Program Files (x86)\SmartSound Software
    2014-02-13 23:20 - 2014-02-13 23:20 - 00000563 _____ () C:\WINDOWS\wmsetup.log
    2014-02-13 23:20 - 2014-02-13 23:20 - 00000000 ____D () C:\WINDOWS\RegisteredPackages
    2014-02-13 23:20 - 2013-10-27 11:33 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
    2014-02-13 23:18 - 2014-02-13 23:18 - 00000000 ____D () C:\ProgramData\InterVideo
    2014-02-13 23:16 - 2014-02-13 23:15 - 00000000 ____D () C:\ProgramData\Corel
    2014-02-13 23:15 - 2014-02-13 23:15 - 00001061 _____ () C:\Users\Public\Desktop\Corel ScreenCap X6.lnk
    2014-02-13 23:15 - 2014-02-13 23:15 - 00001054 _____ () C:\Users\Public\Desktop\Corel VideoStudio Pro X6.lnk
    2014-02-13 23:11 - 2014-02-13 23:02 - 00000000 ____D () C:\Program Files (x86)\Corel
    2014-02-13 23:10 - 2012-08-17 02:04 - 00066748 _____ () C:\WINDOWS\DirectX.log
    2014-02-13 22:21 - 2013-08-22 10:46 - 00299742 _____ () C:\WINDOWS\setupact.log
    2014-02-13 21:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-02-13 21:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-02-13 21:27 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-02-13 18:42 - 2014-02-13 18:36 - 1414007832 _____ (Acresso Software Inc.) C:\Users\Denehy\Downloads\VSX6_Pro_TBYB.exe
    2014-02-12 13:00 - 2013-05-17 19:18 - 00000000 ____D () C:\Users\Denehy\AppData\Local\Unity
    2014-02-12 12:57 - 2014-02-12 12:57 - 00000000 ____D () C:\WINDOWS\PCHEALTH
    2014-02-12 12:03 - 2014-02-12 10:58 - 00000000 ____D () C:\Program Files (x86)\Lightworks
    2014-02-12 12:02 - 2013-10-11 12:55 - 00000000 ____D () C:\BigFishCache
    2014-02-12 11:18 - 2012-11-14 07:36 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
    2014-02-12 11:07 - 2013-06-12 16:12 - 00000000 ____D () C:\Users\Public\Documents\Lightworks
    2014-02-12 10:41 - 2014-02-12 10:43 - 72720560 _____ (Lightworks) C:\Users\Denehy\Downloads\Lightworks-Installer.exe
    2014-02-12 10:40 - 2014-02-12 10:40 - 00619024 _____ ( ) C:\Users\Denehy\Downloads\Lightworks Download Manager.exe
    2014-02-11 20:51 - 2014-02-08 23:28 - 00000000 ____D () C:\Users\Denehy
    2014-02-11 20:49 - 2014-02-11 20:49 - 00000000 ____D () C:\Users\Denehy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yume Nikki 0.10 English
    2014-02-11 20:47 - 2013-09-18 12:44 - 00000000 ____D () C:\Program Files\Common Files\logishrd
    2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\WINDOWS\en
    2014-02-11 11:11 - 2014-02-11 11:11 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2014-02-11 11:11 - 2012-08-17 02:04 - 00000000 ____D () C:\Program Files (x86)\Windows Live
    2014-02-11 11:09 - 2014-02-11 11:09 - 01239536 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\wlsetup-web(1).exe
    2014-02-11 00:30 - 2014-02-11 00:30 - 00347816 _____ (Microsoft Corporation) C:\Users\Denehy\Downloads\MicrosoftFixit.AudioPlayback.Run.exe
    2014-02-10 12:39 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
    2014-02-10 12:30 - 2014-02-10 12:30 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
    2014-02-10 12:30 - 2013-08-21 16:42 - 00000000 ____D () C:\Users\Denehy\Desktop\rkill

    Some content of TEMP:
    ====================
    C:\Users\Denehy\AppData\Local\Temp\Extract.exe
    C:\Users\Denehy\AppData\Local\Temp\ntdll_dump.dll
    C:\Users\Denehy\AppData\Local\Temp\Quarantine.exe
    C:\Users\Denehy\AppData\Local\Temp\sp64126.exe
    C:\Users\Denehy\AppData\Local\Temp\SP65048.exe
    C:\Users\Denehy\AppData\Local\Temp\UninstallHPSA.exe


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-03-09 14:39

    ==================== End Of Log ============================

     

     

     

    ADDITION

     

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2014
    Ran by Denehy at 2014-03-12 10:48:10
    Running from C:\Users\Denehy\Desktop\Farbar Recovery Scan Tool
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
    AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
    AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
    AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)
    AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
    Amnesia - The Dark Descent (HKLM-x32\...\{759FC370-E77F-4FB0-A1E4-C0628A44BA44}) (Version: 1.00.0000 - Valusoft)
    AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
    calibre (HKLM-x32\...\{D060E2E3-5509-4420-AA04-FA197C6678C8}) (Version: 0.9.28 - Kovid Goyal)
    CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
    ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.1.266.0 - Google Inc.)
    ComicRack v0.9.156 (HKLM\...\ComicRack) (Version: v0.9.156 - cYo Soft)
    Contents (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
    Corel VideoStudio Pro X6 (HKLM-x32\...\_{6688A246-F6E8-48AD-9806-8D5832E9F15D}) (Version: 16.1.0.45 - Corel Corporation)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.5901 - CyberLink Corp.)
    CyberLink LabelPrint (x32 Version: 2.5.3.5901 - CyberLink Corp.) Hidden
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.3.2608 - CyberLink Corp.)
    CyberLink Media Suite 10 (x32 Version: 10.0.3.2608 - CyberLink Corp.) Hidden
    CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
    CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
    CyberLink Power2Go 8 (x32 Version: 8.0.3.2527 - CyberLink Corp.) Hidden
    CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
    CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dolby Axon - 1.5.1.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.1.1 - Dolby Laboratories)
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
    FFsplit version 0.7 (HKLM-x32\...\{82458834-6226-4A34-AE96-6907354F9F36}_is1) (Version: 0.7 - FFsplit Team)
    FindRight (HKLM\...\FindRight) (Version: 2014.02.11.223523 - FindRight) <==== ATTENTION
    FormatFactory 3.3.1.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.1.0 - Format Factory)
    Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
    Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
    HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
    HP Deskjet 3050A J611 series Basic Device Software (HKLM\...\{1B77E249-B8D5-4E5E-8848-693ACEF84E6D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Documentation (HKLM-x32\...\{92524C67-A99D-44C6-8995-04F5E76486AF}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
    HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
    HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\{34C821CA-6B55-44A0-8A9B-2EF471D6019E}) (Version: 6.0.100.272 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{835B275B-F29B-464B-BD4B-097FD55FAB0A}) (Version: 4.6.8.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    ICA (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6418.0 - IDT)
    IPM_VS_Pro (x32 Version: 16.0 - Corel Corporation) Hidden
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    Java 6 Update 33 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416033FF}) (Version: 6.0.330 - Oracle)
    Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
    LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
    LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
    LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
    LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
    LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
    LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
    LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
    LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
    LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
    Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
    Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.3.4 - Motorola Mobility)
    Motorola Device Software Update (x32 Version: 12.10.3002 - Motorola Mobility) Hidden
    Motorola Mobile Drivers Installation 5.9.0 (Version: 5.9.0 - Motorola Inc.) Hidden
    Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
    Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Project 64 version 2.0.0.14 (HKLM-x32\...\Project 64_is1) (Version: 2.0.0.14 - )
    Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29034 - Realtek Semiconductor Corp.)
    Search Protection (HKCU\...\Search Protection) (Version: 7.5.0.1 - Spigot, Inc.)
    Setup (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
    Share (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
    Share64 (Version: 16.1.0.45 - Corel Corporation) Hidden
    SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
    SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
    SmartSound Quicktracks 5 (HKLM-x32\...\InstallShield_{2F8BA3FD-1FA9-4279-B696-712ABB12F09F}) (Version: 5.1.6 - SmartSound Software Inc.)
    SmartSound Quicktracks 5 (x32 Version: 5.1.6 - SmartSound Software Inc.) Hidden
    Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.5.3.3 - Synaptics Incorporated)
    The Secret World (HKLM-x32\...\The Secret World_is1) (Version: 1.0.0 - Funcom)
    UA-4FX Driver (HKLM\...\RolandRDID0061) (Version:  - Roland Corporation)
    Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    VSClassic (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
    VSHelp (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
    VSPro (x32 Version: 16.1.0.45 - Corel Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live Writer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Live Writer Resources (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
    Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
    Windows Media Encoder 9 Series (x32 Version: 9.00.2980 - Microsoft Corporation) Hidden
    WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Yume Nikki 0.10 English (HKCU\...\Yume Nikki 0.10 English) (Version:  - )

    ==================== Restore Points  =========================

    22-02-2014 04:48:24 Scheduled Checkpoint
    03-03-2014 22:58:53 Scheduled Checkpoint
    07-03-2014 22:17:51 Malwarebytes Help Start Point
    11-03-2014 03:44:11 Installed HP Support Assistant

    ==================== Hosts content: ==========================

    2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {119D2C18-7F25-4BDD-8AA3-DC269F84F308} - System32\Tasks\PcRegistryShield_Start => C:\Program Files (x86)\PC Registry Shield\PcRegistryShield.exe
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {2FDCA46A-5CAC-4D5D-8B59-B49A186E577C} - System32\Tasks\pcreg => C:\Program Files\wrapper_inst\service.exe
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {3CD26201-F2D6-4DD9-A2A2-6E14123FB0CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
    Task: {3F3CCDE3-B0A8-4289-A30E-4A598EA65CAB} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
    Task: {437BC9DD-84EE-4B78-AAF6-0D17E0BDB262} - \BackgroundContainer Startup Task No Task File
    Task: {43A324A5-5BA1-4376-A946-946E8EC36A6E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {43AE4E83-DEB9-40FF-82B7-09B9F9803811} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-06-05] (Synaptics Incorporated)
    Task: {45DE73A0-6209-41BF-A8DC-8AD942738A6D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {49828A88-A37A-4B38-B796-C59966E31AA4} - System32\Tasks\Test TimeTrigger => C:\Users\Denehy\AppData\Local\Temp\Runner.exe <==== ATTENTION
    Task: {4C03268C-E26B-4AD9-96D9-63B2700194FD} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
    Task: {5B067028-4A29-42A0-B1B1-4DAE77C8BD31} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6B966235-2276-4764-A9C8-EEAAE65BC17E} - System32\Tasks\HPCeeScheduleForDenehy => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {739EEAD5-EE34-443F-8B7A-FF82B89A6D86} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {7D9C08DC-CFE9-4420-98C3-981F8F4BEE6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe [2013-12-04] (Google Inc.)
    Task: {8247AD1C-33FB-47A5-AA4E-6E4D73924C02} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-15] (Microsoft Corporation)
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {87801EB6-B91B-4FDD-BE25-F34BF887A111} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {8CC2B922-7E32-4CEA-87FB-5F3458AF9921} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {998D62DE-0D14-4C85-8A5D-3FC3A8AFDCED} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {A2CB74C9-7668-4121-8548-C3A29871DC3A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
    Task: {A769E8A9-EF4D-4667-9931-2E31188EF19C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
    Task: {A843A4DB-776B-4EE1-86DA-156967D3F52A} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {C7A23EFF-B109-4158-92FD-2657DD701ADE} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2012-10-23] ()
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {DD7C7F0A-40B6-4A15-B3F9-3B57C140907C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002Core.job => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-32087582-376241081-1250844966-1002UA.job => C:\Users\Denehy\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForDenehy.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Loaded Modules (whitelisted) =============

    2012-08-08 14:36 - 2012-08-08 14:36 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2012-10-23 18:58 - 2012-10-23 18:58 - 00120728 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    2012-09-06 05:47 - 2012-09-06 05:47 - 00028160 _____ () C:\Windows\system32\valWBFPolicyService.exe
    2012-10-23 18:58 - 2012-10-23 18:58 - 00694168 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    2013-02-07 09:19 - 2013-02-07 09:19 - 04073768 _____ () C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
    2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
    2012-08-08 14:36 - 2012-08-08 14:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2012-10-17 16:42 - 2012-10-17 16:42 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
    2013-05-20 20:32 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
    2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
    2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
    2013-02-07 09:19 - 2013-02-07 09:19 - 00019240 _____ () C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
    2014-02-05 13:17 - 2014-02-15 10:53 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
    AlternateDataStreams: C:\ProgramData\Temp:65137F0D
    AlternateDataStreams: C:\Users\Denehy\SkyDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/11/2014 02:57:03 AM) (Source: Application Hang) (User: )
    Description: The program LiveComm.exe version 17.5.9600.20413 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 801c

    Start Time: 01cf3cddee8c63f7

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe

    Report Id: 4ba9e73a-a8ea-11e3-beef-082e5f7afb68

    Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EDI)
    Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EDI)
    Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: EDI)
    Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/11/2014 02:56:36 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (03/09/2014 11:49:10 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (03/05/2014 11:08:09 AM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (03/04/2014 09:29:24 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (03/01/2014 05:24:14 PM) (Source: Customer Experience Improvement Program) (User: )
    Description: 80070005

    Error: (02/28/2014 04:41:37 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT AUTHORITY)
    Description: There was an error with the Windows Location Provider database


    System errors:
    =============
    Error: (03/12/2014 10:40:03 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (03/10/2014 11:43:21 PM) (Source: Service Control Manager) (User: )
    Description: The HP Support Assistant Service service failed to start due to the following error:
    %%2

    Error: (03/10/2014 11:43:21 PM) (Source: Service Control Manager) (User: )
    Description: The HP Support Assistant Service service failed to start due to the following error:
    %%2

    Error: (03/10/2014 11:41:41 PM) (Source: Service Control Manager) (User: )
    Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

    Error: (03/10/2014 11:36:51 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (03/09/2014 11:52:10 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (03/08/2014 05:23:43 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (03/07/2014 05:36:29 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

    Error: (03/06/2014 05:05:35 PM) (Source: Service Control Manager) (User: )
    Description: The Validity WBF Policy Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (03/06/2014 11:00:02 AM) (Source: DCOM) (User: NT AUTHORITY)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


    Microsoft Office Sessions:
    =========================
    Error: (03/11/2014 02:57:03 AM) (Source: Application Hang)(User: )
    Description: LiveComm.exe17.5.9600.20413801c01cf3cddee8c63f74294967295C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\LiveComm.exe4ba9e73a-a8ea-11e3-beef-082e5f7afb68microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbweppleae38af2e007f4358a809ac99a64a67c1

    Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EDI)
    Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

    Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EDI)
    Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

    Error: (03/11/2014 02:56:44 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: EDI)
    Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail-2147023170

    Error: (03/11/2014 02:56:36 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (03/09/2014 11:49:10 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (03/05/2014 11:08:09 AM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (03/04/2014 09:29:24 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (03/01/2014 05:24:14 PM) (Source: Customer Experience Improvement Program)(User: )
    Description: 80070005

    Error: (02/28/2014 04:41:37 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT AUTHORITY)
    Description: -2147024883


    CodeIntegrity Errors:
    ===================================
      Date: 2014-03-03 16:41:12.212
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:40:11.880
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:40:11.710
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:39:34.803
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:39:34.559
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:37:54.810
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:37:54.585
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:37:54.374
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:37:54.102
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

      Date: 2014-03-03 16:37:53.896
      Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Percentage of memory in use: 41%
    Total physical RAM: 5596.25 MB
    Available physical RAM: 3247.1 MB
    Total Pagefile: 6492.25 MB
    Available Pagefile: 3902.99 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.78 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:670.94 GB) (Free:488.11 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive d: (RECOVERY) (Fixed) (Total:26.58 GB) (Free:3.1 GB) NTFS ==>[system with boot components (obtained from reading drive)]
    Drive e: (Amnesia) (CDROM) (Total:1.18 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 699 GB) (Disk ID: A50E1C7D)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================

    Infected with "Fast Daily Find.com"

    in Resolved Malware Removal Logs

    Posted

    I didn't recognize anything important so I just ran theclean.

     

    # AdwCleaner v3.020 - Report created 09/03/2014 at 12:25:53
    # Updated 27/02/2014 by Xplode
    # Operating System : Windows 8.1  (64 bits)
    # Username : Denehy - EDI
    # Running from : C:\Users\Denehy\Desktop\AdwCleaner.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    Folder Deleted : C:\SearchProtect
    Folder Deleted : C:\ProgramData\Ask
    Folder Deleted : C:\ProgramData\AVG Security Toolbar
    Folder Deleted : C:\ProgramData\DnsBasic
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\DnsBasic
    Folder Deleted : C:\Program Files (x86)\Nation Toolbar
    Folder Deleted : C:\Program Files (x86)\SearchProtect
    Folder Deleted : C:\Program Files (x86)\Softonic
    Folder Deleted : C:\Program Files (x86)\uTorrentControl_v6
    Folder Deleted : C:\WINDOWS\SysWOW64\AI_RecycleBin
    Folder Deleted : C:\Users\Denehy\AppData\Local\Conduit
    Folder Deleted : C:\Users\Denehy\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Denehy\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Denehy\AppData\LocalLow\Softonic
    Folder Deleted : C:\Users\Denehy\AppData\LocalLow\Toolbar4
    Folder Deleted : C:\Users\Denehy\AppData\LocalLow\uTorrentControl_v6
    Folder Deleted : C:\Users\Denehy\AppData\Roaming\DefaultTab
    Folder Deleted : C:\Users\Denehy\AppData\Roaming\Search Protection
    Folder Deleted : C:\Users\Denehy\AppData\Roaming\SearchProtect
    Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
    Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    [!] Folder Deleted : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
    File Deleted : C:\END
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
    File Deleted : C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\user.js
    File Deleted : C:\WINDOWS\System32\Tasks\BackgroundContainer Startup Task

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
    Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduit.com
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\conduitapps.com
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
    Key Deleted : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3272718
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289075
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220122982266}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166986666}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96F454EA-9D38-474F-B504-56193E00C1A5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96F454EA-9D38-474F-B504-56193E00C1A5}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CB67DBD8-68A0-4800-B42B-90C5B87BBD78}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C39DAA43-0E59-484C-8D8C-E2CCE1530036}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660166986666}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
    Key Deleted : HKCU\Software\APN PIP
    Key Deleted : HKCU\Software\caphyon
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Cr_Installer
    Key Deleted : HKCU\Software\Nation Toolbar
    Key Deleted : HKCU\Software\PIP
    Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\SoftonicToolbar
    Key Deleted : HKCU\Software\StartSearch
    Key Deleted : HKCU\Software\uTorrentControl_v6
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\AppDataLow\Software\BackgroundContainer
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6
    Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\Software\AVG Secure Search
    Key Deleted : HKLM\Software\caphyon
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DnsBasic
    Key Deleted : HKLM\Software\Nation Toolbar
    Key Deleted : HKLM\Software\PIP
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\uTorrentControl_v6
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DnsBasic
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Nation Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar

    ***** [ Browsers ] *****

    -\\ Internet Explorer v11.0.9600.16518


    -\\ Mozilla Firefox v27.0.1 (en-US)

    [ File : C:\Users\Denehy\AppData\Roaming\Mozilla\Firefox\Profiles\66fgi8yb.default-1377316120672\prefs.js ]


    -\\ Google Chrome v

    [ File : C:\Users\Denehy\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [17181 octets] - [09/03/2014 11:51:59]
    AdwCleaner[R1].txt - [17242 octets] - [09/03/2014 11:53:40]
    AdwCleaner[s0].txt - [14801 octets] - [09/03/2014 12:25:53]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14862 octets] ##########
     

    Infected with "Fast Daily Find.com"

    in Resolved Malware Removal Logs

    Posted

    DDS does not run, possibly because of what you indicated,(my OS is WIn 8.1).



    Malwarebytes Anti-Malware (PRO) 1.75.0.1300
    www.malwarebytes.org

    Database version: v2014.03.06.06

    Windows 8 x64 NTFS
    Internet Explorer 11.0.9600.16518
    Denehy :: EDI [administrator]

    Protection: Enabled

    3/7/2014 4:43:01 PM
    mbam-log-2014-03-07 (16-43-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 219130
    Time elapsed: 6 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 1
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Data: "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\Denehy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Quarantined and deleted successfully.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)






    RogueKiller V8.8.10 _x64_ [Feb 28 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Denehy [Admin rights]
    Mode : Scan -- Date : 03/07/2014 17:13:17
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 6 ¤¤¤
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Scheduled tasks : 2 ¤¤¤
    [V2][sUSP PATH] BackgroundContainer Startup Task : "C:\WINDOWS\SysWOW64\Rundll32.exe" - "C:\Users\Denehy\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun [-][7][x] -> FOUND
    [V2][sUSP PATH] Test TimeTrigger : C:\Users\Denehy\AppData\Local\Temp\Runner.exe - C:\Users\Denehy\AppData\Local\Temp\DNS.exe [x][x] -> FOUND

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Browser Addons : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection :  ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE)  ST750LM022 HN-M7 SATA Disk Device +++++
    --- User ---
    [MBR] 5563ee86216a1c21e78cfa8297c1cea8
    [bSP] 6a3125a7f090a24988d63ba5cae1a61d : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_S_03072014_171317.txt >>
     

    Infected with "Fast Daily Find.com"

    in Resolved Malware Removal Logs

    Posted

    Hello, I believe I am infected with a Malware called FastDailyFind.com. It causes my Malwarebytes PRO to block a malicious website several times every time I load a new web page.Sometimes a new tab will open at FastDailyFind.com which never finishes loading. I have run my Malwarebytes PRO full scan four times in the past three days. It has founds something each time. Each time prompting me to restart my computer. I have a software I use called rKill before I run the scan.

     

    Following the advice on the "I'm infected - What do I do now?" thread, I downloaded dds.scr and saved it to my desktop. It said that it could not run in compatability mode and exited. I then downloaded dds.com, and it said the same.

    Please advise.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.