Jump to content

Recommended Posts

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download AdwCleaner by Xplode from here: http://www.bleepingcomputer.com/download/adwcleaner/ and save to your Desktop.

 

  • Double click on AdwCleaner.exe to run the tool.
  • Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Uncheck any elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review.
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted (if necessary):
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs in next reply..

 

Kevin

Link to post
Share on other sites


Logs from Adwcleaner and JRT:

 

# AdwCleaner v3.018 - Report created 02/02/2014 at 13:13:39

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Professional Service Pack 1 (64 bits)

# Username : Kelly - KELLYLAPTOP

# Running from : C:\Users\Kelly\Desktop\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Kelly\Desktop\MySearchDial.url

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Found : HKCU\Software\InstallCore

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : [x64] HKCU\Software\InstallCore

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}

Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}

Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 





 

-\\ Google Chrome v32.0.1700.102

 

[ File : C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [4583 octets] - [02/02/2014 13:13:39]

 

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [4643 octets] ##########

 

 

and 

 


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.0 (01.07.2014:1)

OS: Windows 7 Professional x64

Ran by Kelly on Sun 02/02/2014 at 13:32:35.33

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\Program Files (x86)\browsersafeguard"

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 02/02/2014 at 13:43:46.02

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Link to post
Share on other sites

Both logs from Farbar Recovery Scan tool:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04

Ran by Kelly (administrator) on KELLYLAPTOP on 02-02-2014 13:56:42

Running from C:\Users\Kelly\Desktop

Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe

(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgfws.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe

(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe

(ShopAtHome.com) C:\Users\Kelly\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe

(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Spotify Ltd) C:\Users\Kelly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

(Macrovision Corporation) C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe

() C:\Users\Kelly\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE

(Dropbox, Inc.) C:\Users\Kelly\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe

(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe

(Intuit Inc. All rights reserved.) C:\Users\Kelly\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.EXE

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2012\QBDBMgr.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-06-24] (IDT, Inc.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)

HKLM\...\Run: [MfeEpePcMonitor] - "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-30] (Synaptics Incorporated)

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-29] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2013-06-17] (Intel Corporation)

HKLM-x32\...\Run: [DTRun] - c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)

HKLM-x32\...\Run: [File Sanitizer] - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12313720 2012-08-07] (Hewlett-Packard)

HKLM-x32\...\Run: [btTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)

HKLM-x32\...\Run: [intuit SyncManager] - C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [2829624 2013-11-08] (Intuit Inc. All rights reserved.)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2237328 2013-11-05] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478392 2013-09-05] (Adobe Systems Inc.)

HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-04-23] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [683656 2013-06-05] (PDF Complete Inc)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [QLBController] - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-07-31] (Hewlett-Packard Company)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [Carbonite Backup] - C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056264 2013-10-10] (Carbonite, Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)

HKLM-x32\...\Run: [browserAppCoreService] - C:\Users\Kelly\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\ShopAtHome_BAC_Service.exe [49152 2013-08-26] (ShopAtHome.com)

HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)

HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]

HKU\S-1-5-21-3693788669-2927186860-3419542279-1002\...\Run: [spotify] - C:\Users\Kelly\AppData\Roaming\Spotify\spotify.exe [6118400 2014-01-21] (Spotify Ltd)

HKU\S-1-5-21-3693788669-2927186860-3419542279-1002\...\Run: [spotify Web Helper] - C:\Users\Kelly\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-21] (Spotify Ltd)

HKU\S-1-5-21-3693788669-2927186860-3419542279-1002\...\Run: [iSUSPM] - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe [226904 2007-07-12] (Macrovision Corporation)

HKU\S-1-5-21-3693788669-2927186860-3419542279-1002\...\Run: [Amazon Cloud Player] - C:\Users\Kelly\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-10-22] ()

HKU\S-1-5-21-3693788669-2927186860-3419542279-1002\...\Run: [40BADB525C951B2DE533D25FD94FE590FD621ADB._service_run] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866584 2014-01-23] (Google Inc.)

HKU\S-1-5-21-3693788669-2927186860-3419542279-1002\...\MountPoints2: {adb7dc7b-7dd8-11e2-93c9-806e6f6e6963} - F:\Setup.exe

Lsa: [Notification Packages] DPPassFilter scecli

Startup: C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Kelly\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

ProxyServer: http=127.0.0.1:49221;https=127.0.0.1:49221

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0C0CtBtB0E0CtD0CtBtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1705393216&ir=

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0103&cd=2XzuyEtN2Y1L1Qzu0FyE0ByB0EtBtB0C0CtBtB0E0CtD0CtBtN0D0Tzu0CyByCtDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=1705393216&ir=

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search

BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)

BHO-x32: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)

Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)

Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} -  No File

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File

Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)

Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\windows\SysWOW64\skype4com.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

Chrome: 

=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll ()

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Extension: (Google Docs) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-20]

CHR Extension: (Google Drive) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-20]

CHR Extension: (YouTube) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-20]

CHR Extension: (Google Search) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-20]

CHR Extension: (ShopAtHome.com extension) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlmebkoiahbppacaicbgncnjhbpdfkcc [2014-01-27]

CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-07-01]

CHR Extension: (Emoji for Chrome) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbgkphlalcbmifhkabdbodaghlhfcbbd [2013-12-22]

CHR Extension: (Pretty Facebook Chat) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihamlfilbdodiokndlfmmlpjlnopaobi [2013-12-22]

CHR Extension: (Yulia Brodskaya) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko [2013-06-20]

CHR Extension: (Google Wallet) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]

CHR Extension: (Gmail) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-20]

CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-09-05]

 

==================== Services (Whitelisted) =================

 

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

R2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-10-23] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)

R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)

R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)

R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)

S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-01-31] (Hewlett-Packard Company)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-07-31] (Hewlett-Packard Company)

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-10-28] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-10-28] (Intel Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] ()

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1143432 2013-06-05] (PDF Complete Inc)

R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2013-01-18] (ArcSoft, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2013-01-18] (ArcSoft, Inc.)

R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)

R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)

R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)

R3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)

R3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2012-01-31] (Hewlett-Packard Company)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)

R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)

R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)

R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)

R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)

R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-02-02 13:56 - 2014-02-02 13:57 - 00027417 _____ () C:\Users\Kelly\Desktop\FRST.txt

2014-02-02 13:56 - 2014-02-02 13:56 - 02080256 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe

2014-02-02 13:56 - 2014-02-02 13:56 - 00000000 ____D () C:\FRST

2014-02-02 13:43 - 2014-02-02 13:43 - 00001224 _____ () C:\Users\Kelly\Desktop\JRT.txt

2014-02-02 13:32 - 2014-02-02 13:32 - 00000000 ____D () C:\windows\ERUNT

2014-02-02 13:31 - 2014-02-02 13:31 - 01037068 _____ (Thisisu) C:\Users\Kelly\Desktop\JRT.exe

2014-02-02 13:13 - 2014-02-02 13:17 - 00000000 ____D () C:\AdwCleaner

2014-02-02 13:13 - 2014-02-02 13:13 - 01166132 _____ () C:\Users\Kelly\Desktop\AdwCleaner.exe

2014-02-02 13:08 - 2014-02-02 13:08 - 00003864 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task

2014-02-02 13:06 - 2014-02-02 13:07 - 01671464 _____ (Fusion Install ) C:\Users\Kelly\Desktop\Setup.exe

2014-01-30 14:00 - 2014-01-30 14:00 - 00032268 _____ () C:\Users\Kelly\Desktop\dds.txt

2014-01-30 14:00 - 2014-01-30 14:00 - 00010330 _____ () C:\Users\Kelly\Desktop\attach.txt

2014-01-30 13:57 - 2014-01-30 13:58 - 00688992 ____R (Swearware) C:\Users\Kelly\Desktop\dds.scr

2014-01-30 13:34 - 2014-01-30 13:34 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Malwarebytes

2014-01-30 13:33 - 2014-01-30 13:33 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-30 13:33 - 2014-01-30 13:33 - 00001113 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-30 13:33 - 2014-01-30 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-01-30 13:33 - 2014-01-30 13:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-30 13:33 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-01-30 13:32 - 2014-01-30 13:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kelly\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-30 00:31 - 2014-01-30 00:31 - 00000196 _____ () C:\windows\DirectX.log

2014-01-30 00:31 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_32.dll

2014-01-30 00:31 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_32.dll

2014-01-30 00:30 - 2014-01-30 00:30 - 00002163 _____ () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2014-01-30 00:30 - 2014-01-30 00:30 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2014-01-30 00:30 - 2014-01-30 00:30 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ___RD () C:\Users\Kelly\SkyDrive

2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive

2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive

2014-01-30 00:28 - 2014-01-30 00:28 - 00000062 _____ () C:\Users\Kelly\AppData\Roaming\WB.CFG

2014-01-30 00:28 - 2014-01-30 00:28 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Windows Live

2014-01-30 00:28 - 2014-01-30 00:26 - 00366611 _____ () C:\Users\Kelly\AppData\Local\mysearchdial-speeddial.crx

2014-01-30 00:26 - 2014-01-30 00:26 - 00000388 _____ () C:\Users\Kelly\Desktop\FREE Games.url

2014-01-30 00:26 - 2014-01-30 00:22 - 142602520 _____ (Microsoft Corporation) C:\Users\Kelly\Downloads\Movie-Maker [1].exe

2014-01-29 09:45 - 2014-02-02 13:52 - 00000157 _____ () C:\Quickbooks.rid

2014-01-28 14:38 - 2014-01-30 13:23 - 00000000 ____D () C:\Users\Kelly\Desktop\Tom's Obituary_files

2014-01-28 14:38 - 2014-01-28 14:38 - 00962617 _____ () C:\Users\Kelly\Desktop\Tom's Obituary.htm

2014-01-27 15:20 - 2014-01-27 15:20 - 04860416 _____ () C:\Users\Kelly\Desktop\Allstate Docs.msg

2014-01-27 09:58 - 2014-02-01 19:48 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\ShopAtHome.com BrowserAppCore Service

2014-01-27 09:58 - 2014-01-27 09:58 - 00456776 _____ () C:\Users\Kelly\Desktop\ShopAtHome_AppCore_7127_C47155275_D1_R1009834_B3.exe

2014-01-27 09:58 - 2014-01-27 09:58 - 00003848 _____ () C:\windows\System32\Tasks\Reset ShopAtHome BAC

2014-01-27 09:58 - 2014-01-27 09:58 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Windows

2014-01-23 12:36 - 2014-01-23 12:20 - 00016928 _____ () C:\Users\Public\Documents\Nemo's Zuma Sept-Dec 2013.xlsx

2014-01-23 12:36 - 2014-01-23 12:20 - 00016928 _____ () C:\ProgramData\Documents\Nemo's Zuma Sept-Dec 2013.xlsx

2014-01-23 11:25 - 2014-01-23 11:25 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-01-23 11:25 - 2014-01-23 11:25 - 00001783 _____ () C:\ProgramData\Desktop\iTunes.lnk

2014-01-23 11:24 - 2014-01-23 11:25 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-23 11:24 - 2014-01-23 11:25 - 00000000 ____D () C:\Program Files\iTunes

2014-01-23 11:24 - 2014-01-23 11:25 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-01-23 11:24 - 2014-01-23 11:24 - 00000000 ____D () C:\Program Files\iPod

2014-01-15 11:26 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys

2014-01-15 11:26 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys

2014-01-15 11:26 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys

2014-01-15 11:26 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys

2014-01-15 11:26 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys

2014-01-15 11:26 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys

2014-01-15 11:26 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

2014-01-15 11:26 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys

2014-01-15 11:26 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

 

==================== One Month Modified Files and Folders =======

 

2014-02-02 13:57 - 2014-02-02 13:56 - 00027417 _____ () C:\Users\Kelly\Desktop\FRST.txt

2014-02-02 13:56 - 2014-02-02 13:56 - 02080256 _____ (Farbar) C:\Users\Kelly\Desktop\FRST64.exe

2014-02-02 13:56 - 2014-02-02 13:56 - 00000000 ____D () C:\FRST

2014-02-02 13:52 - 2014-01-29 09:45 - 00000157 _____ () C:\Quickbooks.rid

2014-02-02 13:52 - 2013-06-17 11:29 - 37576704 ____R () C:\Quickbooks.QBW

2014-02-02 13:52 - 2013-06-17 11:29 - 02686976 ____R () C:\Quickbooks.QBW.TLG

2014-02-02 13:51 - 2013-06-17 11:29 - 00000351 _____ () C:\Quickbooks.QBW.ND

2014-02-02 13:49 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

2014-02-02 13:43 - 2014-02-02 13:43 - 00001224 _____ () C:\Users\Kelly\Desktop\JRT.txt

2014-02-02 13:40 - 2013-06-19 11:11 - 00000000 ____D () C:\ProgramData\MFAData

2014-02-02 13:35 - 2012-04-16 05:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-02-02 13:33 - 2013-02-23 11:52 - 02061020 _____ () C:\windows\WindowsUpdate.log

2014-02-02 13:32 - 2014-02-02 13:32 - 00000000 ____D () C:\windows\ERUNT

2014-02-02 13:31 - 2014-02-02 13:31 - 01037068 _____ (Thisisu) C:\Users\Kelly\Desktop\JRT.exe

2014-02-02 13:29 - 2009-07-13 23:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-02 13:29 - 2009-07-13 23:45 - 00031536 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-02 13:26 - 2009-07-14 00:13 - 00782638 _____ () C:\windows\system32\PerfStringBackup.INI

2014-02-02 13:23 - 2012-09-26 08:53 - 00000950 _____ () C:\windows\SysWOW64\bscs.ini

2014-02-02 13:22 - 2013-06-28 08:09 - 00000000 ___RD () C:\Users\Kelly\Dropbox

2014-02-02 13:22 - 2013-06-28 08:02 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Dropbox

2014-02-02 13:22 - 2013-06-18 16:46 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Spotify

2014-02-02 13:22 - 2012-04-16 05:58 - 00000000 ____D () C:\ProgramData\PDFC

2014-02-02 13:21 - 2013-06-17 08:27 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI

2014-02-02 13:20 - 2013-06-17 08:27 - 00000043 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI

2014-02-02 13:19 - 2013-06-21 08:21 - 00010121 _____ () C:\windows\setupact.log

2014-02-02 13:19 - 2013-06-20 08:04 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-02 13:19 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-02-02 13:17 - 2014-02-02 13:13 - 00000000 ____D () C:\AdwCleaner

2014-02-02 13:13 - 2014-02-02 13:13 - 01166132 _____ () C:\Users\Kelly\Desktop\AdwCleaner.exe

2014-02-02 13:08 - 2014-02-02 13:08 - 00003864 _____ () C:\windows\System32\Tasks\BrowserSafeguard Update Task

2014-02-02 13:07 - 2014-02-02 13:06 - 01671464 _____ (Fusion Install ) C:\Users\Kelly\Desktop\Setup.exe

2014-02-02 13:02 - 2013-06-20 08:04 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-02 10:13 - 2013-06-17 14:38 - 00000000 ____D () C:\Users\Kelly\Documents\Outlook Files

2014-02-02 03:01 - 2013-06-17 11:29 - 00000000 ____D () C:\QuickBooksAutoDataRecovery

2014-02-02 02:00 - 2013-06-28 13:46 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Adobe

2014-02-01 21:37 - 2013-06-16 13:06 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{AF3D8110-00D7-4D7C-AA4A-F9253B4BB62D}

2014-02-01 19:48 - 2014-01-27 09:58 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\ShopAtHome.com BrowserAppCore Service

2014-01-31 20:54 - 2013-12-25 18:05 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForKelly

2014-01-31 20:54 - 2013-12-25 18:05 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForKelly.job

2014-01-31 12:21 - 2013-07-02 12:33 - 00065191 _____ () C:\~qbofx32

2014-01-31 11:51 - 2013-07-02 12:33 - 00000109 _____ () C:\mkx02430.ini

2014-01-30 21:23 - 2013-07-02 13:17 - 00000103 _____ () C:\mkx03106.ini

2014-01-30 14:28 - 2013-06-21 08:21 - 00028750 _____ () C:\windows\PFRO.log

2014-01-30 14:00 - 2014-01-30 14:00 - 00032268 _____ () C:\Users\Kelly\Desktop\dds.txt

2014-01-30 14:00 - 2014-01-30 14:00 - 00010330 _____ () C:\Users\Kelly\Desktop\attach.txt

2014-01-30 13:58 - 2014-01-30 13:57 - 00688992 ____R (Swearware) C:\Users\Kelly\Desktop\dds.scr

2014-01-30 13:34 - 2014-01-30 13:34 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Malwarebytes

2014-01-30 13:33 - 2014-01-30 13:33 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-30 13:33 - 2014-01-30 13:33 - 00001113 _____ () C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-30 13:33 - 2014-01-30 13:33 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-01-30 13:33 - 2014-01-30 13:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-30 13:32 - 2014-01-30 13:32 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kelly\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-30 13:23 - 2014-01-28 14:38 - 00000000 ____D () C:\Users\Kelly\Desktop\Tom's Obituary_files

2014-01-30 00:31 - 2014-01-30 00:31 - 00000196 _____ () C:\windows\DirectX.log

2014-01-30 00:30 - 2014-01-30 00:30 - 00002163 _____ () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2014-01-30 00:30 - 2014-01-30 00:30 - 00002104 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2014-01-30 00:30 - 2014-01-30 00:30 - 00002104 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk

2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ___RD () C:\Users\Kelly\SkyDrive

2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ____D () C:\ProgramData\Microsoft SkyDrive

2014-01-30 00:30 - 2014-01-30 00:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft SkyDrive

2014-01-30 00:30 - 2013-06-16 13:02 - 00000000 ____D () C:\Users\Kelly

2014-01-30 00:28 - 2014-01-30 00:28 - 00000062 _____ () C:\Users\Kelly\AppData\Roaming\WB.CFG

2014-01-30 00:28 - 2014-01-30 00:28 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Windows Live

2014-01-30 00:26 - 2014-01-30 00:28 - 00366611 _____ () C:\Users\Kelly\AppData\Local\mysearchdial-speeddial.crx

2014-01-30 00:26 - 2014-01-30 00:26 - 00000388 _____ () C:\Users\Kelly\Desktop\FREE Games.url

2014-01-30 00:22 - 2014-01-30 00:26 - 142602520 _____ (Microsoft Corporation) C:\Users\Kelly\Downloads\Movie-Maker [1].exe

2014-01-29 17:26 - 2013-07-02 12:33 - 00055056 _____ () C:\~qbofxod

2014-01-29 17:17 - 2013-08-07 10:42 - 00000103 _____ () C:\mkx07492.ini

2014-01-29 09:45 - 2013-06-17 10:51 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Intuit

2014-01-29 09:44 - 2013-06-17 10:42 - 00000000 ____D () C:\ProgramData\Intuit

2014-01-29 09:19 - 2013-06-20 08:05 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-29 09:19 - 2013-06-20 08:05 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk

2014-01-28 14:38 - 2014-01-28 14:38 - 00962617 _____ () C:\Users\Kelly\Desktop\Tom's Obituary.htm

2014-01-27 15:20 - 2014-01-27 15:20 - 04860416 _____ () C:\Users\Kelly\Desktop\Allstate Docs.msg

2014-01-27 09:58 - 2014-01-27 09:58 - 00456776 _____ () C:\Users\Kelly\Desktop\ShopAtHome_AppCore_7127_C47155275_D1_R1009834_B3.exe

2014-01-27 09:58 - 2014-01-27 09:58 - 00003848 _____ () C:\windows\System32\Tasks\Reset ShopAtHome BAC

2014-01-27 09:58 - 2014-01-27 09:58 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Windows

2014-01-27 09:23 - 2013-06-17 07:38 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log

2014-01-27 09:22 - 2013-07-01 09:03 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-01-25 12:08 - 2013-06-24 16:40 - 00000000 ____D () C:\Users\Public\Documents\Kelly

2014-01-25 12:08 - 2013-06-24 16:40 - 00000000 ____D () C:\ProgramData\Documents\Kelly

2014-01-23 12:20 - 2014-01-23 12:36 - 00016928 _____ () C:\Users\Public\Documents\Nemo's Zuma Sept-Dec 2013.xlsx

2014-01-23 12:20 - 2014-01-23 12:36 - 00016928 _____ () C:\ProgramData\Documents\Nemo's Zuma Sept-Dec 2013.xlsx

2014-01-23 11:25 - 2014-01-23 11:25 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-01-23 11:25 - 2014-01-23 11:25 - 00001783 _____ () C:\ProgramData\Desktop\iTunes.lnk

2014-01-23 11:25 - 2014-01-23 11:24 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-01-23 11:25 - 2014-01-23 11:24 - 00000000 ____D () C:\Program Files\iTunes

2014-01-23 11:25 - 2014-01-23 11:24 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-01-23 11:24 - 2014-01-23 11:24 - 00000000 ____D () C:\Program Files\iPod

2014-01-23 11:19 - 2013-02-23 12:19 - 00000000 ____D () C:\ProgramData\Apple

2014-01-21 10:29 - 2009-07-13 23:45 - 00431528 _____ () C:\windows\system32\FNTCACHE.DAT

2014-01-21 10:10 - 2013-07-18 07:30 - 00000000 ____D () C:\windows\system32\MRT

2014-01-21 10:05 - 2013-06-16 15:33 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-20 12:14 - 2013-06-18 16:47 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Spotify

2014-01-19 14:20 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD

2014-01-19 02:33 - 2010-11-20 22:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

2014-01-10 15:22 - 2013-06-28 08:09 - 00001020 _____ () C:\Users\Kelly\Desktop\Dropbox.lnk

2014-01-10 15:22 - 2013-06-28 08:06 - 00000829 _____ () C:\windows\wininit.ini

2014-01-10 15:22 - 2013-06-28 08:05 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-01-10 15:22 - 2013-06-16 13:06 - 00000000 ___RD () C:\Users\Kelly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-06 22:32 - 2013-06-18 09:25 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Apple Computer

 

Some content of TEMP:

====================

C:\Users\Kelly\AppData\Local\Temp\11805uninstall.exe

C:\Users\Kelly\AppData\Local\Temp\65578uninstall.exe

C:\Users\Kelly\AppData\Local\Temp\AtpTimerInfo.dll

C:\Users\Kelly\AppData\Local\Temp\Creative Cloud Helper.exe

C:\Users\Kelly\AppData\Local\Temp\CreativeCloudSet-Up.exe

C:\Users\Kelly\AppData\Local\Temp\Extract.exe

C:\Users\Kelly\AppData\Local\Temp\G2MInstallerExtractor.exe

C:\Users\Kelly\AppData\Local\Temp\SP58268.exe

C:\Users\Kelly\AppData\Local\Temp\sp58915.exe

C:\Users\Kelly\AppData\Local\Temp\SP59828.exe

C:\Users\Kelly\AppData\Local\Temp\SP60317.exe

C:\Users\Kelly\AppData\Local\Temp\SP60769.exe

C:\Users\Kelly\AppData\Local\Temp\SP61151.exe

C:\Users\Kelly\AppData\Local\Temp\SP61441.exe

C:\Users\Kelly\AppData\Local\Temp\SP61822.exe

C:\Users\Kelly\AppData\Local\Temp\SP61962.exe

C:\Users\Kelly\AppData\Local\Temp\SP62098.exe

C:\Users\Kelly\AppData\Local\Temp\SP62370.exe

C:\Users\Kelly\AppData\Local\Temp\SP62449.exe

C:\Users\Kelly\AppData\Local\Temp\SP62685.exe

C:\Users\Kelly\AppData\Local\Temp\SP62915.exe

C:\Users\Kelly\AppData\Local\Temp\SP62916.exe

C:\Users\Kelly\AppData\Local\Temp\SP62981.exe

C:\Users\Kelly\AppData\Local\Temp\SP63213.exe

C:\Users\Kelly\AppData\Local\Temp\SP63337.exe

C:\Users\Kelly\AppData\Local\Temp\SP63637.exe

C:\Users\Kelly\AppData\Local\Temp\SP63661.exe

C:\Users\Kelly\AppData\Local\Temp\SP63709.exe

C:\Users\Kelly\AppData\Local\Temp\SP63779.exe

C:\Users\Kelly\AppData\Local\Temp\SP63820.exe

C:\Users\Kelly\AppData\Local\Temp\SP64284.exe

C:\Users\Kelly\AppData\Local\Temp\Sqlite3.dll

C:\Users\Kelly\AppData\Local\Temp\UninstallHPSA.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-01 15:18

 

==================== End Of Log ============================

 

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 04

Ran by Kelly at 2014-02-02 13:58:00

Running from C:\Users\Kelly\Desktop

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: AVG Internet Security 2013 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}

AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG Internet Security 2013 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

FW: AVG Internet Security 2013 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}

 

==================== Installed Programs ======================

 

4500_G510nz_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden

4500G510nz (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden

4500G510nz_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

Adobe Acrobat XI Pro (x32 Version: 11.0 - Adobe Systems Incorporated)

Adobe Acrobat XI Pro (x32 Version: 11.0.05 - Adobe Systems)

Adobe Creative Cloud (x32 Version: 2.2.1.260 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.05) (x32 Version: 11.0.05 - Adobe Systems Incorporated)

Amazon Cloud Player (HKCU Version: 1.7.0.344 - Amazon Services LLC)

Apple Application Support (x32 Version: 3.0 - Apple Inc.)

Apple Mobile Device Support (Version: 7.1.0.32 - Apple Inc.)

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden

ArcSoft TotalMedia (x32 Version: 2.0.39.42 - ArcSoft)

ArcSoft Webcam Sharing Manager (x32 Version: 2.0.0.39 - ArcSoft)

AVG 2013 (Version: 13.0.3462 - AVG Technologies) Hidden

AVG 2013 (Version: 13.0.3684 - AVG Technologies) Hidden

AVG 2013 (Version: 2013.0.3462 - AVG Technologies)

Bing Bar (x32 Version: 7.3.124.0 - Microsoft Corporation)

Bonjour (Version: 3.0.0.10 - Apple Inc.)

BrowserSafeguard with RocketTab (x32 Version:  - Browsersafeguard) <==== ATTENTION

BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden

Carbonite (x32 Version: 5.5.0 build 3621  (Oct-10-2013) - Carbonite)

Citrix Online Launcher (x32 Version: 1.0.122 - Citrix)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft)

Device Access Manager for HP ProtectTools (Version: 7.0.0.4 - Hewlett-Packard Company)

DocMgr (x32 Version: 130.0.000.000 - Hewlett-Packard) Hidden

DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

Drive Encryption For HP ProtectTools (Version: 7.0.41.36204 - Hewlett-Packard Company)

Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)

Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)

Evernote v. 4.6.5 (x32 Version: 4.6.5.8353 - Evernote Corp.)

Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company)

Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden

FedEx Office Printer (x32 Version: 1.0.010 - FedEx Office)

Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

GoToMeeting 5.8.0.1189 (HKCU Version: 5.8.0.1189 - CitrixOnline)

Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

HP 3D DriveGuard (Version: 5.1.12.1 - Hewlett-Packard Company)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Connection Manager (x32 Version: 4.5.25.1 - Hewlett-Packard Company)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Customer Participation Program 13.0 (Version: 13.0 - HP)

HP Document Manager 2.0 (Version: 2.0 - HP)

HP Documentation (x32 Version: 1.1.1.0 - Hewlett-Packard)

HP ESU for Microsoft Windows 7 (x32 Version: 2.3.1 - Hewlett-Packard Company)

HP File Sanitizer (x32 Version: 8.1.1.1 - Hewlett-Packard Company)

HP HD Webcam Driver (x32 Version: 6.0.1113.1_WHQL - Sonix)

HP Hotkey Support (x32 Version: 5.0.20.1 - Hewlett-Packard Company)

HP Officejet 4500 G510n-z (Version: 13.0 - HP)

HP Postscript Converter (Version: 3.0.3384 - Hewlett-Packard) Hidden

HP Power Assistant (Version: 2.5.0.16 - Hewlett-Packard Company)

HP ProtectTools Security Manager (Version: 7.0.1.1199 - Hewlett-Packard Company)

HP ProtectTools Security Manager (Version: 7.0.1.1199 - Hewlett-Packard Company) Hidden

HP Setup (x32 Version: 9.1.15453.4066 - Hewlett-Packard Company)

HP Smart Web Printing 4.5 (Version: 4.5 - HP)

HP SoftPaq Download Manager (x32 Version: 3.4.4.0 - Hewlett-Packard Company)

HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)

HP Software Setup (x32 Version: 8.5.2.1 - Hewlett-Packard Company)

HP Support Assistant (x32 Version: 7.0.39.15 - Hewlett-Packard Company)

HP System Default Settings (x32 Version: 2.6.1 - Hewlett-Packard Company)

HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)

HP Wallpaper (x32 Version: 3.0.0.1 - Hewlett-Packard Company)

HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden

HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden

iCloud (Version: 3.1.0.40 - Apple Inc.)

IDT Audio (x32 Version: 1.0.6435.0 - IDT)

Intel® Management Engine Components (x32 Version: 8.1.30.1349 - Intel Corporation)

Intel® OpenCL CPU Runtime (x32 Version:  - Intel Corporation)

Intel® Processor Graphics (x32 Version: 8.15.10.2712 - Intel Corporation)

Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006 - Intel Corporation)

Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.6.245 - Intel Corporation)

Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden

iTunes (Version: 11.1.4.62 - Apple Inc.)

JMicron Flash Media Controller Driver (x32 Version: 1.0.76.1 - JMicron Technology Corp.)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden

Microsoft Antimalware Service Multi-Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden

Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden

Microsoft Outlook 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden

Microsoft Security Client MUI Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (Version: 2.1.1116.0 - Microsoft Corporation)

Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)

MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)

Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden

Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden

OCR Software by I.R.I.S. 13.0 (Version: 13.0 - HP)

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Corporate Edition (x32 Version: 4.1.49 - PDF Complete, Inc)

Privacy Manager for HP ProtectTools (Version: 7.0.1.892 - Hewlett-Packard Company)

QuickBooks (x32 Version: 22.0.4015.2206 - Intuit Inc.) Hidden

QuickBooks Pro 2012 (x32 Version: 22.0.4015.2206 - Intuit Inc.)

QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)

Ralink Bluetooth Stack64 (Version: 9.0.725.0 - Ralink Corporation)

Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.5.0 - Ralink)

Realtek Ethernet Controller All-In-One Windows Driver (x32 Version: 7.58.411.2012 - Realtek)

Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden

SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden

Shop for HP Supplies (Version: 13.0 - HP)

ShopAtHome.com BrowserAppCore Service Chrome (x32 Version:  - ShopAtHome.com)

Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)

SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)

Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden

Synaptics Pointing Device Driver (Version: 17.0.18.8 - Synaptics Incorporated)

Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02 - Hewlett-Packard Company)

Theft Recovery for HP ProtectTools (x32 Version: 7.0.1.02 - Hewlett-Packard Company) Hidden

Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

Validity Fingerprint Sensor Driver (Version: 4.4.228.0 - Validity Sensors, Inc.)

Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1 - AVG Technologies)

WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden

WinZip 15.0 (Version: 15.0.10039 - WinZip Computing, S.L. )

Yahoo! Toolbar (x32 Version:  - )

 

==================== Restore Points  =========================

 

16-01-2014 18:53:55 Windows Update

20-01-2014 17:20:11 Windows Update

21-01-2014 15:10:34 Windows Modules Installer

24-01-2014 16:03:50 Windows Update

27-01-2014 17:21:47 Windows Update

30-01-2014 05:28:25 Windows Live Essentials

30-01-2014 05:31:05 Installed DirectX

01-02-2014 02:14:50 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0ACB2906-E11D-454B-A7D2-1E2C9FF024C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {1EFE1D95-DB7E-4789-BA6F-071CFA2B2CCD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {2949AB55-38B1-4273-97B6-4CA6DC111443} - System32\Tasks\HPCeeScheduleForKelly => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {65B57935-CF7E-4FDF-95AD-D28283E2782C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {831EE8F4-CDD6-4505-8DB9-2AE086D9C70C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)

Task: {8B8EB310-E030-4BBC-B3D3-B641DF92A337} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)

Task: {A3E4C037-00E6-4C3A-8B5E-CBF0A483D061} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)

Task: {BBE8F062-1759-4429-B7A4-42B01457C51F} - System32\Tasks\Microsoft\Microsoft Antimalware\MpIdleTask => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)

Task: {D7E82843-DECA-45C1-A5E6-5CB05185EC1F} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe <==== ATTENTION

Task: {DF54DAE8-3436-4534-8BE5-E981C0A0ABD6} - System32\Tasks\Reset ShopAtHome BAC => C:\Users\Kelly\AppData\Roaming\ShopAtHome.com BrowserAppCore Service\SahProcessManager.exe [2013-08-26] (ShopAtHome.com)

Task: {F18CC64F-C6CD-412A-9661-95071F145581} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)

Task: {F47A9BE7-A9CC-4513-8578-F792877D3C60} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)

Task: {F5B5FEDE-7C60-4547-9C41-B462491B3D87} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-20] (Google Inc.)

Task: {FA58ABE7-CF4A-4E1B-A269-4056C03446B2} - System32\Tasks\AdobeAAMUpdater-1.0-Kellylaptop-Kelly => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)

Task: {FD125710-5910-43BA-9FC0-31CC98850F0D} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\HPCeeScheduleForKelly.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2012-03-26 22:33 - 2012-03-26 22:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2012-02-10 17:26 - 2012-02-10 17:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll

2013-10-16 18:02 - 2013-10-16 18:02 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2012-09-19 17:37 - 2012-09-19 17:37 - 00029960 _____ () C:\windows\system32\BsTrace.dll

2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-09-24 13:27 - 2012-09-24 13:27 - 00335176 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\USB\tl_filter.dll

2012-05-02 16:28 - 2012-05-02 16:28 - 00012800 _____ () C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\Driver\AMP\IVTAMPRL.dll

2010-09-06 12:18 - 2010-09-06 12:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll

2013-03-27 10:54 - 2013-03-27 10:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll

2013-03-27 10:26 - 2013-03-27 10:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll

2013-03-27 10:52 - 2013-03-27 10:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll

2013-03-27 10:57 - 2013-03-27 10:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll

2013-03-27 10:55 - 2013-03-27 10:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll

2013-03-27 10:30 - 2013-03-27 10:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll

2013-03-27 10:31 - 2013-03-27 10:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_regex-vc90-mt-p-1_33.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QBCompressor.dll

2011-08-19 20:30 - 2011-08-19 20:30 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\zlib1.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00380744 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\BackupLib.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00138568 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\QBMAPILibrary.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\boost_serialization-vc90-mt-p-1_33.dll

2013-11-08 08:48 - 2013-11-08 08:48 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2012\mbpopup.dll

2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Kelly\AppData\Roaming\Dropbox\bin\libcef.dll

2012-09-19 17:37 - 2012-09-19 17:37 - 00079624 _____ () C:\windows\system32\BsProfilefunc.dll

2012-09-19 17:37 - 2012-09-19 17:37 - 00363784 _____ () C:\windows\system32\BsExtendFunc.dll

2013-10-17 16:45 - 2013-10-17 16:45 - 32726528 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\libcef.dll

2013-03-13 13:42 - 2013-06-05 14:21 - 00071560 _____ () C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\zlib1.dll

2013-04-08 09:16 - 2013-04-08 09:16 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll

2013-08-15 11:04 - 2013-08-15 11:04 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll

2012-04-16 05:52 - 2012-02-01 20:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2013-02-23 11:57 - 2013-10-28 08:02 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-01-29 09:19 - 2014-01-23 00:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll

2014-01-29 09:19 - 2014-01-23 00:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll

2014-01-29 09:19 - 2014-01-23 00:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll

2014-01-29 09:19 - 2014-01-23 00:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll

2014-01-29 09:19 - 2014-01-23 00:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll

2014-01-29 09:19 - 2014-01-23 00:56 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

 

==================== Faulty Device Manager Devices =============

 

Name: Officejet 4500 G510n-z

Description: Officejet 4500 G510n-z

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

Name: Officejet 6500 E709n

Description: Officejet 6500 E709n

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (02/02/2014 01:51:38 PM) (Source: Application Error) (User: )

Description: Faulting application name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2

Faulting module name: agent.exe, version: 255.0.100.64950, time stamp: 0x4af4f0d2

Exception code: 0xc0000005

Fault offset: 0x00005bd6

Faulting process id: 0x213c

Faulting application start time: 0xagent.exe0

Faulting application path: agent.exe1

Faulting module path: agent.exe2

Report Id: agent.exe3

 

 

System errors:

=============

Error: (02/02/2014 01:43:47 PM) (Source: DCOM) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

 

 

Microsoft Office Sessions:

=========================

Error: (02/02/2014 01:51:38 PM) (Source: Application Error)(User: )

Description: agent.exe255.0.100.649504af4f0d2agent.exe255.0.100.649504af4f0d2c000000500005bd6213c01cf2047cc8ca51dC:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exeC:\ProgramData\Macrovision\FLEXnet Connect\6\agent.exe0b564c93-8c3b-11e3-a9af-f4b7e22cc22e

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 40%

Total physical RAM: 8073.51 MB

Available physical RAM: 4797.26 MB

Total Pagefile: 16145.2 MB

Available Pagefile: 12128.81 MB

Total Virtual: 8192 MB

Available Virtual: 8191.82 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:443.57 GB) (Free:281.27 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32

Drive f: (OJ4500G510n-z) (CDROM) (Total:0.44 GB) (Free:0 GB) CDFS

Drive g: (HP_RECOVERY) (Fixed) (Total:19.9 GB) (Free:3.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E201C75A)

Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=444 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=20 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

 

==================== End Of Log ============================

Link to post
Share on other sites

Thanks for the logs, we continue:

 

There are two security systems with AV components, that is counterproductive and will cause issues for your system, one must go ASAP. As AVG is a full suite I suggest you remove Microsoft Security Essentials, use the removal tool available at the following link:

 

http://www.bleepingcomputer.com/download/microsoft-security-essentials-removal-tool/

 

Next,

 

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Next,

 

Run AdwCleaner again, after the scan use the "Clean" option to ensure all found entries are removed,

 

Next,

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Full scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Let me see the logs from the above steps, let me know if MSE was uninstalled successfully. Also if there are any remaining issues or concerns...

 

Kevin

fixlist.txt

Link to post
Share on other sites


Kevin:

 

I have followed all of your instructions and I just opened Google Chrome to come back to this post and mysearchdial is still opening on Chrome.  IE is working properly now and no longer shows mysearchdial.  It appears that MSE was uninstalled but on the last restart of the computer an error message appears telling me that MSE must be reinstalled and halts the startup process until I say press okay.  I am so frustrated.  I downloaded something from CNET which I have always trusted before and learned a serious lesson. See below Malwarebytes Log.   Please tell me what I should do now....  Thanks,  Kelly


 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.02.02.05

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Kelly :: KELLYLAPTOP [administrator]

 

Protection: Enabled

 

2/2/2014 4:44:52 PM

mbam-log-2014-02-02 (16-44-52).txt

 

Scan type: Full scan (C:\|E:\|F:\|G:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 458911

Time elapsed: 1 hour(s), 38 minute(s), 

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 3

HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\BROWSERSAFEGUARD (PUP.Optional.BrowserSafeGuard.A) -> Quarantined and deleted successfully.

 

Registry Values Detected: 1

HKLM\SOFTWARE\Browsersafeguard|sourceid (PUP.Optional.BrowserSafeGuard.A) -> Data: google_browsersafeguard-display-us-bleeping-728x90-36639128953 -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 1

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

 

Files Detected: 4

C:\$RECYCLE.BIN\S-1-5-21-3693788669-2927186860-3419542279-1002\$R1BJPDB.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.

C:\Users\Kelly\Desktop\Setup.exe (PUP.Optional.OptimumInstaller.A) -> Quarantined and deleted successfully.

C:\Users\Kelly\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Quarantined and deleted successfully.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk (PUP.Optional.BrowserSafeGuard) -> Quarantined and deleted successfully.

 

(end)
Link to post
Share on other sites

Yes, I did run it and it did remove it.  It no longer shows up in my programs.  However, when my computer reboots I get the error message:

 

An error has occurred in the program.  Try to open it again.  If this problem continues, you'll need to re-install Microsoft Security Client.

 

Error code:  0x8008064e

 

When I looked up this error code.- it says the error means that MSE is uninstalled.  

 

I tried running the removal tool again just to make sure that one of the other problems we have been dealing with hadn't kept it from removing completely but it didn't work.  I believe that upon reboot some other program is trying to start MSE unsuccessfully.  How can I figure out which one and stop it from happening?

 

Thanks,

 

Kelly

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.