Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keeps opening temporary profile on bootup, and other signs of infection


  • This topic is locked This topic is locked
27 replies to this topic

#1 girthdevon

girthdevon

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 24 January 2014 - 03:58 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16428
Run by girthdevon at 8:42:45 on 2014-01-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.6049.3476 [GMT 0:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\splwow64.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Users\girthdevon\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
dRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
StartupFolder: C:\Users\GIRTHD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\girthdevon\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ie_banner_deny.htm
IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{A4D66B6D-64E7-4E1F-A8FA-2947C26550D2} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A4D66B6D-64E7-4E1F-A8FA-2947C26550D2}\44F4E4F46514E435D20534F5E4564777F627B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A4D66B6D-64E7-4E1F-A8FA-2947C26550D2}\46C696E6B6 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A4D66B6D-64E7-4E1F-A8FA-2947C26550D2}\6796277696E6D65646961633733333339383 : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{DA6C1A9E-3288-4C42-B270-699CD1BF3E29} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{DBAA2E4E-09E6-41D0-BFDC-1761AFB09EDE} : DHCPNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll
x64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
x64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Safe Money Plugin: {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll
x64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\girthdevon\AppData\Roaming\Mozilla\Firefox\Profiles\4cw06nj9.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/news/
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\girthdevon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\Windows\System32\drivers\jswpslwfx.sys [2012-4-19 26624]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2013-10-9 29792]
R1 klpd;klpd;C:\Windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\Windows\System32\drivers\kltdi.sys [2013-5-14 55904]
R1 kneps;kneps;C:\Windows\System32\drivers\kneps.sys [2013-6-6 178272]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2013-10-10 144152]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [2013-10-9 214512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-22 1128952]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2013-10-14 1228504]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2013-10-14 660184]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2013-8-27 93072]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-22 2656280]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [2013-11-20 167936]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\drivers\klkbdflt.sys [2013-10-9 29280]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2013-10-9 29280]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2012-12-6 2350176]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf_amd64.sys [2013-10-14 18456]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-2-16 676968]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-6-9 264008]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-11-20 1924096]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 240736]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-3-22 158976]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [2013-11-20 954368]
S3 pmxdrv;pmxdrv;C:\Windows\System32\drivers\pmxdrv.sys [2012-3-22 31152]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-28 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-28 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-28 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-24 1255736]
S4 klflt;klflt;C:\Windows\System32\drivers\klflt.sys [2013-6-8 112224]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-01-24 07:41:34    10315576    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3807AED7-833D-4D63-BFA0-FB4C60315BC1}\mpengine.dll
2014-01-19 16:07:52    1658880    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com\components\FFXPCOM.dll
2014-01-19 10:18:24    376768    ----a-w-    C:\Windows\System32\drivers\netio.sys
2014-01-19 10:18:18    99840    ----a-w-    C:\Windows\System32\drivers\usbccgp.sys
2014-01-19 10:18:18    7808    ----a-w-    C:\Windows\System32\drivers\usbd.sys
2014-01-19 10:18:18    53248    ----a-w-    C:\Windows\System32\drivers\usbehci.sys
2014-01-19 10:18:18    343040    ----a-w-    C:\Windows\System32\drivers\usbhub.sys
2014-01-19 10:18:18    325120    ----a-w-    C:\Windows\System32\drivers\usbport.sys
2014-01-19 10:18:18    30720    ----a-w-    C:\Windows\System32\drivers\usbuhci.sys
2014-01-19 10:18:18    25600    ----a-w-    C:\Windows\System32\drivers\usbohci.sys
2014-01-19 10:18:16    3156480    ----a-w-    C:\Windows\System32\win32k.sys
2013-12-26 11:25:42    --------    d-----w-    C:\ProgramData\Easybits Magic Desktop for HP
.
==================== Find3M  ====================
.
2013-12-19 10:27:18    178272    ----a-w-    C:\Windows\System32\drivers\kneps.sys
2013-12-18 06:13:56    270496    ------w-    C:\Windows\System32\MpSigStub.exe
2013-12-11 15:56:26    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-11 15:56:26    692616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-11 15:56:08    9272200    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57    708608    ----a-w-    C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02    5769216    ----a-w-    C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16    553472    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12    4243968    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16    1995264    ----a-w-    C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06    1928192    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57    2334208    ----a-w-    C:\Windows\System32\wininet.dll
2013-11-26 06:33:33    1820160    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-11-23 18:26:20    417792    ----a-w-    C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34    465920    ----a-w-    C:\Windows\System32\WMPhoto.dll
2013-11-21 17:11:19    458336    ----a-w-    C:\Windows\System32\drivers\kl1.sys
2013-11-12 02:23:09    2048    ----a-w-    C:\Windows\System32\tzres.dll
2013-11-12 02:07:29    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2013-10-30 02:32:01    335360    ----a-w-    C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52    301568    ----a-w-    C:\Windows\SysWow64\msieftp.dll
.
============= FINISH:  8:43:07.89 ===============



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,625 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:43 AM

Posted 29 January 2014 - 04:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521915 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 PM

Posted 06 February 2014 - 09:11 AM

Greetings girthdevon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Besides the Profile upon boot up, what other signs of infection are you noticing?

Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 girthdevon

girthdevon
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 06 February 2014 - 10:54 AM

Hi Gary, happy for you to call me Gareth...I had issues with a recent windows update, which gave me some problems and which I though was a malware problem. A google search showed that it was an issue with the update. I restored the computer to a day or two earlier and it appeared to help. But around the same time I had the problem with my administrator profile not opening on bootup, and opening a temporary profile. Only by repeated attempts have I been able to get back in. Other signs of an infection have been the Adobe Flash crashing often in Firefox, some slowness and hanging, and occasionally something is open when I wake the computer in the morning, that I didn't leave open the night previous - maybe just the Start menu.

 

I have left the computer on since I first posted on the 24th, until this morning - I transfered a new profile from a laptop yesterday, and rebooted this morning. Again I had problems accessing my profile.

 

Hope you can help...the scans as promised.

 

Thanks  Gareth

         

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-02-2014
Ran by girthdevon (administrator) on GIRTHDEVON-HP on 06-02-2014 15:21:46
Running from C:\Users\girthdevon\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\girthdevon\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\.DEFAULT\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
HKU\S-1-5-21-3391622022-124098457-2352117736-1000\...\Run: [ccleaner] - C:\Program Files\CCleaner\CCleaner64.exe [5973272 2013-12-17] (Piriform Ltd)
HKU\S-1-5-21-3391622022-124098457-2352117736-1000\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-3391622022-124098457-2352117736-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3391622022-124098457-2352117736-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\girthdevon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\girthdevon\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPDSK/2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {BF2043FE-8D04-42A7-AB36-692B55DB5D20} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {BF2043FE-8D04-42A7-AB36-692B55DB5D20} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {BF2043FE-8D04-42A7-AB36-692B55DB5D20} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-111095-2958-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-03-22] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\girthdevon\AppData\Roaming\Mozilla\Firefox\Profiles\4cw06nj9.default
FF Homepage: hxxp://www.bbc.co.uk/news/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\girthdevon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-en-GB.xml
FF Extension: United States English Spellchecker - C:\Users\girthdevon\AppData\Roaming\Mozilla\Firefox\Profiles\4cw06nj9.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-23]
FF Extension: Microsoft .NET Framework Assistant - C:\Users\girthdevon\AppData\Roaming\Mozilla\Firefox\Profiles\4cw06nj9.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2012-05-12]
FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-02-06]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-16]
FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-21]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-09] (Kaspersky Lab ZAO)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-10-07] (WildTangent)
S3 jswpsapi; C:\Program Files (x86)\NETGEAR\WNDA3200\jswpsapi.exe [954368 2009-11-05] (Atheros Communications, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-10-14] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-10-14] (Secunia)
R2 WDCS_WNDA3200; C:\Program Files (x86)\NETGEAR\WNDA3200\WifiDevChkSvc.exe [167936 2010-06-23] ()

==================== Drivers (Whitelisted) ====================

R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-21] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2013-12-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-09] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-09] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-03-22] ()
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-10-14] (Secunia)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 15:21 - 2014-02-06 15:22 - 00019026 _____ () C:\Users\girthdevon\Downloads\FRST.txt
2014-02-06 15:21 - 2014-02-06 15:21 - 00000000 ____D () C:\FRST
2014-02-06 15:20 - 2014-02-06 15:20 - 02082304 _____ (Farbar) C:\Users\girthdevon\Downloads\FRST64.exe
2014-02-06 08:36 - 2014-02-06 08:36 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{85612A4D-4D3B-4955-B3CD-72812F618F0B}
2014-02-06 08:29 - 2014-02-06 08:29 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\Macromedia
2014-02-06 08:26 - 2014-02-06 08:26 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\Mozilla
2014-02-06 08:21 - 2014-02-06 08:26 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Mozilla
2014-02-06 08:21 - 2014-02-06 08:21 - 00058800 _____ () C:\Users\Gareth Donovan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 08:21 - 2014-02-06 08:21 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE02BEB1-5A3F-4E63-B257-5C276D66A16E}
2014-02-06 08:21 - 2014-02-06 08:21 - 00002332 _____ () C:\Users\Gareth Donovan\Desktop\Safe Money.lnk
2014-02-06 08:21 - 2014-02-06 08:21 - 00001415 _____ () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ___RD () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ___RD () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Thunderbird
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Canon
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Apple Computer
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Adobe
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\VirtualStore
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\Thunderbird
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\PDFC
2014-02-06 08:20 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan
2014-02-06 08:20 - 2014-02-06 08:20 - 00000020 ___SH () C:\Users\Gareth Donovan\ntuser.ini
2014-02-06 08:20 - 2012-03-22 15:06 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Macromedia
2014-02-06 08:20 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-06 08:20 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-06 07:58 - 2014-02-06 07:58 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63D14528-D218-42CA-A450-B68F6676C57D}
2014-02-06 07:53 - 2014-02-06 07:53 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\Apple
2014-02-06 07:52 - 2014-02-06 07:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-06 07:51 - 2014-02-06 07:51 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\Apple Computer
2014-02-06 07:50 - 2014-02-06 07:53 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Apple Computer
2014-02-06 07:50 - 2014-02-06 07:50 - 00058800 _____ () C:\Users\Bethan Donovan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 07:50 - 2014-02-06 07:50 - 00001415 _____ () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ___RD () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ___RD () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Canon
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\PDFC
2014-02-06 07:49 - 2014-02-06 07:49 - 00000020 ___SH () C:\Users\Bethan Donovan\ntuser.ini
2014-02-06 07:49 - 2014-02-06 07:49 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\VirtualStore
2014-02-06 07:48 - 2014-02-06 07:48 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1636B5EE-7563-4164-9C71-A3EF75CBC0DA}
2014-02-05 16:28 - 2014-02-06 07:50 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Adobe
2014-02-05 16:26 - 2014-02-06 07:50 - 00000000 ____D () C:\Users\Bethan Donovan
2014-02-05 16:26 - 2012-03-22 15:06 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Macromedia
2014-02-05 16:26 - 2009-07-14 04:54 - 00000000 ___RD () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-05 16:26 - 2009-07-14 04:49 - 00000000 ___RD () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-05 09:23 - 2014-02-06 07:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 06:56 - 2014-02-05 06:56 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-03 17:35 - 2014-02-03 17:35 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\{0969F422-15BD-4091-915A-4FE88CC48DC6}
2014-02-01 09:27 - 2014-02-01 09:27 - 00002219 _____ () C:\Users\girthdevon\Desktop\HP Support Assistant.lnk
2014-02-01 09:24 - 2014-02-01 09:24 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-01-24 11:05 - 2014-01-24 11:05 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\Adobe
2014-01-24 09:28 - 2014-01-24 09:28 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\Apple Computer
2014-01-24 09:28 - 2014-01-24 09:28 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\Apple
2014-01-24 08:43 - 2014-01-24 08:46 - 00022961 _____ () C:\Users\girthdevon\Desktop\dds.txt
2014-01-24 08:43 - 2014-01-24 08:46 - 00009287 _____ () C:\Users\girthdevon\Desktop\attach.txt
2014-01-24 08:41 - 2014-01-24 08:41 - 00688992 ____R (Swearware) C:\Users\girthdevon\Downloads\dds.com
2014-01-24 08:30 - 2014-01-24 08:30 - 00003168 _____ () C:\Windows\System32\Tasks\{4CFC255C-B571-4D07-A040-EFEDF6CE7870}
2014-01-24 08:25 - 2014-01-24 08:30 - 00014921 _____ () C:\Users\girthdevon\Downloads\hijackthis.log
2014-01-24 08:23 - 2014-01-24 08:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\girthdevon\Downloads\HijackThis.exe
2014-01-24 08:11 - 2014-01-24 08:11 - 00050688 _____ (Atribune.org) C:\Users\girthdevon\Downloads\ATF-Cleaner(1).exe
2014-01-19 20:48 - 2014-01-19 20:48 - 04645232 _____ (Piriform Ltd) C:\Users\girthdevon\Downloads\ccsetup409.exe
2014-01-19 18:58 - 2014-01-19 18:58 - 00228698 _____ () C:\Users\girthdevon\Desktop\cc_20140119_185750.reg
2014-01-19 14:27 - 2014-02-05 09:27 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForgirthdevon
2014-01-19 14:27 - 2014-02-05 09:27 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForgirthdevon.job
2014-01-19 13:40 - 2014-01-19 13:48 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{79A2F1B2-34EC-4D16-B951-DBC4341AE81C}
2014-01-19 10:18 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-19 10:18 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-19 10:18 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-19 10:18 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-19 10:18 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-19 10:18 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-19 10:18 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-19 10:18 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-19 10:18 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-19 10:16 - 2014-01-19 10:16 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E7FC1EA6-56B4-42F1-BFE4-C7D15F87266D}
2014-01-19 10:09 - 2014-01-19 10:09 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E922528E-07B5-42D8-BAF4-19702E84E097}
2014-01-19 10:07 - 2014-01-19 10:14 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP.002
2014-01-19 09:56 - 2014-01-19 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-01-19 09:52 - 2014-01-19 09:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-01-19 09:52 - 2014-01-19 09:52 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-01-19 09:25 - 2014-01-19 09:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Symantec
2014-01-19 09:14 - 2014-01-19 09:21 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP.001
2014-01-16 14:57 - 2014-01-16 14:57 - 00058800 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Canon
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\PDFC
2014-01-16 14:56 - 2014-01-19 10:07 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-16 14:56 - 2014-01-19 10:07 - 00000000 ____D () C:\Users\Guest
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-01-16 14:56 - 2012-03-22 15:06 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Macromedia
2014-01-16 14:33 - 2014-01-16 14:40 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP.000
2014-01-16 13:47 - 2014-01-16 13:47 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP\AppData\Roaming\SUPERAntiSpyware.com
2014-01-16 13:46 - 2014-01-16 14:31 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP

==================== One Month Modified Files and Folders =======

2014-02-06 15:22 - 2014-02-06 15:21 - 00019026 _____ () C:\Users\girthdevon\Downloads\FRST.txt
2014-02-06 15:21 - 2014-02-06 15:21 - 00000000 ____D () C:\FRST
2014-02-06 15:20 - 2014-02-06 15:20 - 02082304 _____ (Farbar) C:\Users\girthdevon\Downloads\FRST64.exe
2014-02-06 14:56 - 2013-11-04 11:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-06 14:28 - 2012-04-19 08:05 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{354FB5FA-A837-49A0-8948-BF9C3C61BEE6}
2014-02-06 13:56 - 2013-12-03 07:52 - 01666558 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 13:39 - 2012-04-19 14:39 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-02-06 08:47 - 2012-05-05 16:02 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\CrashDumps
2014-02-06 08:47 - 2012-04-25 09:26 - 00000000 ___DC () C:\Users\girthdevon\AppData\Local\MigWiz
2014-02-06 08:47 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 08:47 - 2009-07-14 04:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 08:46 - 2012-05-15 09:22 - 00000000 ___RD () C:\Users\girthdevon\Dropbox
2014-02-06 08:46 - 2012-05-15 09:19 - 00000000 ____D () C:\Users\girthdevon\AppData\Roaming\Dropbox
2014-02-06 08:46 - 2009-07-14 05:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-06 08:44 - 2009-07-14 05:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-06 08:40 - 2012-03-22 15:07 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-06 08:40 - 2009-07-14 05:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 08:36 - 2014-02-06 08:36 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{85612A4D-4D3B-4955-B3CD-72812F618F0B}
2014-02-06 08:29 - 2014-02-06 08:29 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\Macromedia
2014-02-06 08:26 - 2014-02-06 08:26 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\Mozilla
2014-02-06 08:26 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Mozilla
2014-02-06 08:21 - 2014-02-06 08:21 - 00058800 _____ () C:\Users\Gareth Donovan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 08:21 - 2014-02-06 08:21 - 00003982 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE02BEB1-5A3F-4E63-B257-5C276D66A16E}
2014-02-06 08:21 - 2014-02-06 08:21 - 00002332 _____ () C:\Users\Gareth Donovan\Desktop\Safe Money.lnk
2014-02-06 08:21 - 2014-02-06 08:21 - 00001415 _____ () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ___RD () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ___RD () C:\Users\Gareth Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Thunderbird
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Canon
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Apple Computer
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Roaming\Adobe
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\VirtualStore
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\Thunderbird
2014-02-06 08:21 - 2014-02-06 08:21 - 00000000 ____D () C:\Users\Gareth Donovan\AppData\Local\PDFC
2014-02-06 08:21 - 2014-02-06 08:20 - 00000000 ____D () C:\Users\Gareth Donovan
2014-02-06 08:20 - 2014-02-06 08:20 - 00000020 ___SH () C:\Users\Gareth Donovan\ntuser.ini
2014-02-06 07:58 - 2014-02-06 07:58 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{63D14528-D218-42CA-A450-B68F6676C57D}
2014-02-06 07:53 - 2014-02-06 07:53 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\Apple
2014-02-06 07:53 - 2014-02-06 07:50 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Apple Computer
2014-02-06 07:52 - 2014-02-06 07:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-06 07:51 - 2014-02-06 07:51 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\Apple Computer
2014-02-06 07:50 - 2014-02-06 07:50 - 00058800 _____ () C:\Users\Bethan Donovan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-02-06 07:50 - 2014-02-06 07:50 - 00001415 _____ () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ___RD () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ___RD () C:\Users\Bethan Donovan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Canon
2014-02-06 07:50 - 2014-02-06 07:50 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\PDFC
2014-02-06 07:50 - 2014-02-05 16:28 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Adobe
2014-02-06 07:50 - 2014-02-05 16:26 - 00000000 ____D () C:\Users\Bethan Donovan
2014-02-06 07:50 - 2013-12-01 16:42 - 00002332 _____ () C:\Users\Bethan Donovan\Desktop\Safe Money.lnk
2014-02-06 07:49 - 2014-02-06 07:49 - 00000020 ___SH () C:\Users\Bethan Donovan\ntuser.ini
2014-02-06 07:49 - 2014-02-06 07:49 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Local\VirtualStore
2014-02-06 07:48 - 2014-02-06 07:48 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1636B5EE-7563-4164-9C71-A3EF75CBC0DA}
2014-02-06 07:47 - 2012-03-22 15:10 - 00000000 ____D () C:\ProgramData\truesuite
2014-02-06 07:46 - 2012-04-24 19:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 07:46 - 2012-04-24 17:22 - 00000000 ____D () C:\Users\girthdevon\AppData\Roaming\SoftGrid Client
2014-02-06 07:37 - 2014-02-05 09:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 17:59 - 2013-10-28 13:03 - 00000000 ____D () C:\Users\Bethan Donovan\Downloads\Audacity
2014-02-05 17:44 - 2012-05-08 20:22 - 00000000 ____D () C:\Users\Bethan Donovan\Documents\Bethans Folder
2014-02-05 17:44 - 2011-11-27 14:04 - 00000000 ____D () C:\Users\Bethan Donovan\Documents\Homework fbs 2011-2012
2014-02-05 17:44 - 2010-01-10 19:07 - 00000000 ____D () C:\Users\Bethan Donovan\Documents\OneNote Notebooks
2014-02-05 16:27 - 2010-01-10 19:05 - 00000000 ____D () C:\Users\Bethan Donovan\AppData\Roaming\Template
2014-02-05 16:27 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\registration
2014-02-05 09:27 - 2014-01-19 14:27 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForgirthdevon
2014-02-05 09:27 - 2014-01-19 14:27 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForgirthdevon.job
2014-02-05 06:56 - 2014-02-05 06:56 - 05556104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-02-05 06:56 - 2013-11-04 11:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 06:56 - 2013-11-04 11:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 06:56 - 2013-11-04 11:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-03 18:54 - 2005-05-02 20:54 - 00000000 ____D () C:\Users\girthdevon\Documents\Gareths
2014-02-03 17:35 - 2014-02-03 17:35 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\{0969F422-15BD-4091-915A-4FE88CC48DC6}
2014-02-01 09:27 - 2014-02-01 09:27 - 00002219 _____ () C:\Users\girthdevon\Desktop\HP Support Assistant.lnk
2014-02-01 09:27 - 2012-03-22 14:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-01 09:27 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\Help
2014-02-01 09:24 - 2014-02-01 09:24 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}
2014-02-01 09:24 - 2012-03-22 14:57 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-02-01 09:23 - 2012-03-22 14:58 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-02-01 09:23 - 2011-02-11 16:32 - 00000000 ____D () C:\SWSETUP
2014-01-31 21:57 - 2012-07-29 18:13 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-31 21:57 - 2012-05-11 15:15 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-01-31 21:56 - 2012-04-28 13:53 - 00000000 ____D () C:\Users\girthdevon\AppData\Roaming\HpUpdate
2014-01-31 21:56 - 2012-04-28 13:53 - 00000000 ____D () C:\Users\girthdevon\AppData\Roaming\HP Support Assistant
2014-01-30 11:58 - 2012-11-23 10:10 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForGIRTHDEVON-HP$.job
2014-01-30 11:58 - 2012-11-11 08:33 - 00003228 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForGIRTHDEVON-HP$
2014-01-29 22:58 - 2008-01-31 13:37 - 00000000 ____D () C:\Users\girthdevon\Documents\GDM Tax Return and docs
2014-01-29 11:59 - 2005-05-02 20:54 - 00000000 ____D () C:\Users\girthdevon\Documents\GDM Purchases
2014-01-24 23:47 - 2012-04-19 07:59 - 00000000 ____D () C:\Users\girthdevon
2014-01-24 11:05 - 2014-01-24 11:05 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\Adobe
2014-01-24 09:28 - 2014-01-24 09:28 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\Apple Computer
2014-01-24 09:28 - 2014-01-24 09:28 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\Apple
2014-01-24 08:46 - 2014-01-24 08:43 - 00022961 _____ () C:\Users\girthdevon\Desktop\dds.txt
2014-01-24 08:46 - 2014-01-24 08:43 - 00009287 _____ () C:\Users\girthdevon\Desktop\attach.txt
2014-01-24 08:41 - 2014-01-24 08:41 - 00688992 ____R (Swearware) C:\Users\girthdevon\Downloads\dds.com
2014-01-24 08:30 - 2014-01-24 08:30 - 00003168 _____ () C:\Windows\System32\Tasks\{4CFC255C-B571-4D07-A040-EFEDF6CE7870}
2014-01-24 08:30 - 2014-01-24 08:25 - 00014921 _____ () C:\Users\girthdevon\Downloads\hijackthis.log
2014-01-24 08:23 - 2014-01-24 08:23 - 00388608 _____ (Trend Micro Inc.) C:\Users\girthdevon\Downloads\HijackThis.exe
2014-01-24 08:23 - 2012-04-19 08:04 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\VirtualStore
2014-01-24 08:11 - 2014-01-24 08:11 - 00050688 _____ (Atribune.org) C:\Users\girthdevon\Downloads\ATF-Cleaner(1).exe
2014-01-23 16:55 - 2005-05-02 20:54 - 00000000 ____D () C:\Users\girthdevon\Documents\GDM Sales
2014-01-19 20:49 - 2012-05-15 08:45 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-01-19 20:49 - 2012-05-15 08:45 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-19 20:48 - 2014-01-19 20:48 - 04645232 _____ (Piriform Ltd) C:\Users\girthdevon\Downloads\ccsetup409.exe
2014-01-19 18:58 - 2014-01-19 18:58 - 00228698 _____ () C:\Users\girthdevon\Desktop\cc_20140119_185750.reg
2014-01-19 17:23 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-19 16:14 - 2013-05-28 06:55 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-19 16:14 - 2012-05-15 09:22 - 00001041 _____ () C:\Users\girthdevon\Desktop\Dropbox.lnk
2014-01-19 16:14 - 2012-05-15 09:20 - 00000000 ____D () C:\Users\girthdevon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-19 16:14 - 2012-04-19 08:05 - 00000000 ___RD () C:\Users\girthdevon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-19 16:07 - 2009-07-14 04:45 - 00277168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-19 13:48 - 2014-01-19 13:40 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{79A2F1B2-34EC-4D16-B951-DBC4341AE81C}
2014-01-19 10:19 - 2013-07-12 07:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-19 10:17 - 2012-05-05 10:31 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-19 10:16 - 2014-01-19 10:16 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E7FC1EA6-56B4-42F1-BFE4-C7D15F87266D}
2014-01-19 10:14 - 2014-01-19 10:07 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP.002
2014-01-19 10:09 - 2014-01-19 10:09 - 00003966 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E922528E-07B5-42D8-BAF4-19702E84E097}
2014-01-19 10:07 - 2014-01-16 14:56 - 00000000 ___RD () C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-19 10:07 - 2014-01-16 14:56 - 00000000 ____D () C:\Users\Guest
2014-01-19 10:06 - 2012-04-24 20:04 - 00000000 ____D () C:\Windows\system32\Macromed
2014-01-19 10:06 - 2012-04-19 14:29 - 00000000 ____D () C:\Users\girthdevon\AppData\Local\Mozilla
2014-01-19 10:06 - 2009-07-14 03:20 - 00000000 ____D () C:\Windows\AppCompat
2014-01-19 09:56 - 2014-01-19 09:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\Macromedia
2014-01-19 09:52 - 2014-01-19 09:52 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Mozilla
2014-01-19 09:52 - 2014-01-19 09:52 - 00000000 ____D () C:\Users\Guest\AppData\Local\Mozilla
2014-01-19 09:25 - 2014-01-19 09:25 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Symantec
2014-01-19 09:21 - 2014-01-19 09:14 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP.001
2014-01-18 19:47 - 2005-05-02 20:55 - 00000000 ____D () C:\Users\girthdevon\Documents\Playlists
2014-01-16 14:57 - 2014-01-16 14:57 - 00058800 _____ () C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Canon
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Apple Computer
2014-01-16 14:57 - 2014-01-16 14:57 - 00000000 ____D () C:\Users\Guest\AppData\Local\PDFC
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D () C:\Users\Guest\AppData\Roaming\Adobe
2014-01-16 14:56 - 2014-01-16 14:56 - 00000000 ____D () C:\Users\Guest\AppData\Local\VirtualStore
2014-01-16 14:40 - 2014-01-16 14:33 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP.000
2014-01-16 14:31 - 2014-01-16 13:46 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP
2014-01-16 13:47 - 2014-01-16 13:47 - 00000000 ____D () C:\Users\TEMP.girthdevon-HP\AppData\Roaming\SUPERAntiSpyware.com
2014-01-08 18:45 - 2012-07-19 19:04 - 00000000 ____D () C:\Users\girthdevon\Documents\Scratch Projects

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-19 02:41

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-02-2014
Ran by girthdevon at 2014-02-06 15:22:22
Running from C:\Users\girthdevon\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.9 (x32 Version:  - )
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
AuthenTec TrueAPI (Version: 1.3.0.116 - AuthenTec, Inc.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bing Bar (x32 Version: 7.0.610.0 - Microsoft Corporation)
Blasterball 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Canon Easy-PhotoPrint EX (x32 Version:  - )
Canon Easy-WebPrint EX (x32 Version:  - )
Canon IJ Network Scanner Selector EX (x32 Version:  - )
Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.)
Canon MG5300 series MP Drivers (Version:  - Canon Inc.)
Canon MG5300 series On-screen Manual (x32 Version:  - )
Canon MG5300 series User Registration (x32 Version:  - )
Canon MP Navigator EX 5.0 (x32 Version:  - )
Canon My Printer (x32 Version:  - )
Canon Solution Menu EX (x32 Version:  - )
CCleaner (Version: 4.09 - Piriform)
Chronicles of Albian (x32 Version: 2.2.0.95 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
ESET Online Scanner v3 (x32 Version:  - )
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (x32 Version: 1.0.2.5 - WildTangent)
HP LinkUp (x32 Version: 2.01.028 - Hewlett-Packard)
HP Odometer (x32 Version: 2.10.0000 - Hewlett-Packard)
HP Product Detection (x32 Version: 11.14.0001 - HP)
HP Setup (x32 Version: 8.7.4747.3786 - Hewlett-Packard Company)
HP Setup Manager (x32 Version: 1.1.13880.3792 - Hewlett-Packard Company)
HP SimplePass PE 2011 (x32 Version: 5.3.0.194 - Hewlett-Packard)
HP Support Assistant (x32 Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (x32 Version: 10.1.1000 - Hewlett-Packard)
HP Update (x32 Version: 5.002.003.003 - Hewlett-Packard)
HP Vision Hardware Diagnostics (Version: 2.9.0.0 - Hewlett-Packard)
Intel® Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2867 - Intel Corporation)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Jewel Quest Solitaire (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Kobo (x32 Version: 1.6 - Kobo Inc.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3925 - CyberLink Corp.) Hidden
Magic Desktop (x32 Version: 3.0 - EasyBits Software AS)
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (x32 Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-GB) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 24.3.0 - Mozilla)
Mozilla Thunderbird 24.3.0 (x86 en-US) (x32 Version: 24.3.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97 - WildTangent) Hidden
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95 - WildTangent) Hidden
NETGEAR WNDA3200 wireless adapter Setup (x32 Version: 1.0.0.11 - NETGEAR)
PDF Complete Special Edition (x32 Version: 4.0.54 - PDF Complete, Inc)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5331 - CyberLink Corp.) Hidden
PressReader (x32 Version: 5.10.1217.0 -  NewspaperDirect Inc.)
QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)
Ralink 802.11n Wireless LAN Card (x32 Version: 4.0.3.0 - Ralink)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6463 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4320 - CyberLink Corp.) Hidden
Remote Graphics Receiver (x32 Version: 5.4.5 - Hewlett-Packard)
Scratch (x32 Version: 1.4.0.0 - MIT Media Lab Lifelong Kindergarten Group)
Secunia PSI (3.0.0.8013) (x32 Version: 3.0.0.8013 - Secunia)
Skype Click to Call (x32 Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.3 (x32 Version: 6.3.105 - Skype Technologies S.A.)
Slingo Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
SUPERAntiSpyware (Version: 5.6.1040 - SUPERAntiSpyware.com)
TomTom HOME (x32 Version: 2.9.7 - TomTom)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97 - WildTangent) Hidden
VIP Access SDK (1.0.1.4)  (x32 Version: 1.0.1.4 - Symantec Inc.)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App for HP (x32 Version: 4.0.10.25 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Restore Points  =========================

28-01-2014 11:40:50 Windows Update
29-01-2014 23:29:57 Windows Backup
30-01-2014 02:29:04 Windows Backup
30-01-2014 02:33:53 Windows Backup
31-01-2014 16:57:36 Windows Update
01-02-2014 09:24:32 Installed HP Support Assistant
01-02-2014 09:26:30 Windows Modules Installer
01-02-2014 09:27:00 Windows Modules Installer
04-02-2014 21:23:26 Windows Update

==================== Hosts content: ==========================

2009-07-14 02:34 - 2013-11-05 09:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {17018C90-0E47-4385-86AA-E8EB86C1A580} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {3814604C-1731-4555-A272-FF2EB05B046B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {5B8CD182-256D-4788-AA28-756C74F80E70} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {628E6321-BDCB-4CFD-B182-6995400C2456} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {6E5D7187-76D6-481E-AFB3-A212878F0BEE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B971E2C3-8452-47D3-BB4D-35E58BF84BCB} - System32\Tasks\HPCeeScheduleForGIRTHDEVON-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {C38102D4-657D-4B10-8412-12CF7E2FC434} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {C822E666-E785-4FF0-A0E2-6C8076977C6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CEC24AE7-0FC7-470C-8221-EF71159F543A} - System32\Tasks\HPCeeScheduleForgirthdevon => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {F879127F-0D64-4B7C-BE0D-AE581025136F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForGIRTHDEVON-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForgirthdevon.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2013-11-20 18:24 - 2010-08-17 02:14 - 00249856 _____ () C:\Program Files (x86)\NETGEAR\WNDA3200\WPSLib.dll
2013-10-18 23:55 - 2013-10-18 23:55 - 25100288 _____ () C:\Users\girthdevon\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-05 09:23 - 2014-02-05 09:23 - 03019376 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-02-05 09:23 - 2014-02-05 09:23 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-02-05 09:23 - 2014-02-05 09:23 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-11-16 10:03 - 2013-12-05 19:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2014 08:40:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Faulting module name: TrueSuiteService.exe, version: 5.3.0.194, time stamp: 0x4df09290
Exception code: 0xc0000417
Fault offset: 0x0001280a
Faulting process id: 0x3a8
Faulting application start time: 0xTrueSuiteService.exe0
Faulting application path: TrueSuiteService.exe1
Faulting module path: TrueSuiteService.exe2
Report Id: TrueSuiteService.exe3

Error: (02/06/2014 08:36:29 AM) (Source: ESENT) (User: )
Description: WinMail (4824) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (02/06/2014 08:36:24 AM) (Source: ESENT) (User: )
Description: WinMail (4024) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service) (User: girthdevon-HP)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service) (User: girthdevon-HP)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service) (User: girthdevon-HP)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The process cannot access the file because it is being used by another process.

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\girthdevon\ntuser.dat

Error: (02/06/2014 08:24:03 AM) (Source: Microsoft-Windows-User Profiles Service) (User: girthdevon-HP)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (02/06/2014 08:24:03 AM) (Source: Microsoft-Windows-User Profiles Service) (User: girthdevon-HP)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (02/06/2014 08:24:03 AM) (Source: Microsoft-Windows-User Profiles Service) (User: girthdevon-HP)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

 DETAIL - The process cannot access the file because it is being used by another process.


System errors:
=============
Error: (02/06/2014 08:40:50 AM) (Source: Service Control Manager) (User: )
Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2014 07:47:40 AM) (Source: Service Control Manager) (User: )
Description: The TrueSuiteService service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/06/2014 07:43:55 AM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (02/06/2014 07:42:08 AM) (Source: Microsoft-Windows-Bits-Client) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user girthdevon-HP\girthdevon (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (02/04/2014 08:44:31 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (02/04/2014 08:44:28 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (02/03/2014 02:56:36 PM) (Source: NetBT) (User: )
Description: A duplicate name has been detected on the TCP network.  The IP address of
the computer that sent the message is in the data. Use nbtstat -n in a
command window to see which name is in the Conflict state.

Error: (02/01/2014 09:24:29 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (02/01/2014 09:24:09 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2

Error: (02/01/2014 09:24:09 AM) (Source: Service Control Manager) (User: )
Description: The HP Support Assistant Service service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (02/06/2014 08:40:38 AM) (Source: Application Error)(User: )
Description: TrueSuiteService.exe5.3.0.1944df09290TrueSuiteService.exe5.3.0.1944df09290c00004170001280a3a801cf231713aab4fcC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exeC:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe5a519fba-8f0a-11e3-ac13-e839355ae59f

Error: (02/06/2014 08:36:29 AM) (Source: ESENT)(User: )
Description: WinMail4824WindowsMail0:

Error: (02/06/2014 08:36:24 AM) (Source: ESENT)(User: )
Description: WinMail4024WindowsMail0:

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service)(User: girthdevon-HP)
Description:

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service)(User: girthdevon-HP)
Description:

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service)(User: girthdevon-HP)
Description: The process cannot access the file because it is being used by another process.

Error: (02/06/2014 08:35:51 AM) (Source: Microsoft-Windows-User Profiles Service)(User: NT AUTHORITY)
Description: The process cannot access the file because it is being used by another process.
C:\Users\girthdevon\ntuser.dat

Error: (02/06/2014 08:24:03 AM) (Source: Microsoft-Windows-User Profiles Service)(User: girthdevon-HP)
Description:

Error: (02/06/2014 08:24:03 AM) (Source: Microsoft-Windows-User Profiles Service)(User: girthdevon-HP)
Description:

Error: (02/06/2014 08:24:03 AM) (Source: Microsoft-Windows-User Profiles Service)(User: girthdevon-HP)
Description: The process cannot access the file because it is being used by another process.


CodeIntegrity Errors:
===================================
  Date: 2014-02-05 18:31:08.998
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 18:31:08.995
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 18:31:08.993
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 18:31:08.971
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 18:31:08.969
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-05 18:31:08.967
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:16:11.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:16:11.078
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:16:11.076
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-02-01 09:16:11.052
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 6048.82 MB
Available physical RAM: 3806.49 MB
Total Pagefile: 12095.81 MB
Available Pagefile: 9553.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:919.68 GB) (Free:715.44 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:11.74 GB) (Free:1.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (WNDA3200) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 2AE08545)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=920 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 PM

Posted 06 February 2014 - 04:00 PM

Hi Gareth,

Sounds like you have a lot going on with your computer. Can you please tell me the User Profile name you normally used that is not launching. Also, I am not sure what you mean by the below. How did you transfer the profile, what is that profile name, and when you say "my profile" is that the original profile or the newly transferred one?
 

I transfered a new profile from a laptop yesterday, and rebooted this morning. Again I had problems accessing my profile.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 girthdevon

girthdevon
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 06 February 2014 - 04:37 PM

Hi Gary, the profile that I am having trouble with is the name 'girthdevon' - this is my profile. I transfered my daughters profile from a laptop to the pc - the name of this profile is 'bethan donovan'. I also created another profile under the name 'gareth donovan', with the intention of using this in future......

 

Sorry to confuse you...

 

Thanks  Gareth



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 PM

Posted 06 February 2014 - 07:21 PM

You are not being confusing, I just need to make sure I understand exactly what is going on before we start manipulating profiles.

 

Currently the only profile with problems is girthdevon? Are you having any difficulties logging into the bethany donovan or gareth donovan profiles?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 girthdevon

girthdevon
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 06 February 2014 - 07:26 PM

No problems with the other two, just the 'Girthdevon', which is the main administrator account.

 

Thanks  Gareth 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 PM

Posted 06 February 2014 - 07:36 PM

Very good then. Thanks for taking the time to clarify it for me. Our goal is to have your computer perform the way it used to with the girthdevon User Profile.

We are all set to do this.

===================================================

New User Profile Windows 7/Vista

--------------
  • Reboot your computer and log in as bethany donovan
  • Click Start, Control Panel, then Folder Options
  • Click View, place a checkmark next to Show hidden files and folders, uncheck Hide protected operating system files, and uncheck Hide extensions for known file types
  • Click OK
  • Using Windows Explorer navigate to C:\Users\girthdevon
  • Holding down the Ctrl key, left click each entry in the folder EXCEPT for the following, if they exist:

Ntuser.dat
Ntuser.dat.log
Ntuser.ini

  • Right click and select Copy
  • Left click on C:\Users\gareth donovan
  • Right click on the screen to the right and select Paste
  • Close any open windows, reboot your computer, and log in to gareth donovan
  • Check to see if your computer is working like it did in the girthdevon User Profile.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Edited by Oh My, 07 February 2014 - 01:33 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 girthdevon

girthdevon
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 07 February 2014 - 06:32 AM

Hi, I had read about doing this, but was a bit hesitant to do it alone....

 

I see numerous folders beginning with Ntuser.dat, and then LOG1 and LOG2. Some are BFL files and REGTRANS-MS files. Do I copy these or not.

 

I don't see Ntuser.ini......just a folder Ntuser, which is configuration settings

 

Thanks  Gareth 

 

 



#11 girthdevon

girthdevon
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 07 February 2014 - 06:34 AM

I attempted to copy and paste all the other folders, while waiting your reply. I suspect it may take a short while. But I had a message saying that I was transfering a file ntuser.ini, and did I want to replace or keep both files. I didn't see that I had copied that file.

 

????

 

Thanks  Gareth

   



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 PM

Posted 07 February 2014 - 01:36 PM

Hi Gareth,

Yes, we are inadvertently trying to copy the ntuser.ini file. I modified the instructions to add this: 

Click View, place a checkmark next to Show hidden files and folders, uncheck Hide protected operating system files, and uncheck Hide extensions for known file types


And please copy and paste everything in the folder except for the identified exclusions.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 girthdevon

girthdevon
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 07 February 2014 - 08:16 PM

Hi, I think  have done this then. I did not include any of the folders you said to exclude. The profile has opened with most things working as they did.

 

Some files on itunes are not playing correctly in the new profile.]

 

Thanks   Gareth 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:43 PM

Posted 07 February 2014 - 08:29 PM

Hi Gareth.

iTunes complications are common, unfortunately. We may need to reinstall the program if we can't sort through it any other way.

Are you concerned about any other issues besides that?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 girthdevon

girthdevon
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Local time:05:43 AM

Posted 08 February 2014 - 11:36 AM

Hi Gary, it all seems fine in the new profile (Gareth Donovan), the I Tunes issue I can sort myself OK. I have alot of music on my computer, much of it that I have created myself. I had problems when I transfered it all from an old XP computer before, and I can see an easy fix for the files not playing.

 

I am just trying to migrate my Thunderbird mail profile across now, and everything should be OK.

 

This is new ground for me, I don't mind having a go at most things and learning how...but i've not had a problem like this before and I was reluctant to have a go. Having now read a little about it, it looks like I can create a new administrator account and then delete the old one. Is this where we are heading ??

 

I have been told by a friend that it is safer to use a standard account for day to day use, not the administrator account. So if a similar problem occurs again, it is an easier process to transfer to another account and delete the corrupted one.

 

Is this a problem normally caused by malware, or something else ??  

 

Thanks for your patience and help - I am out this evening, I will check for a reply when I am home later.

 

Thanks  Gareth 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users