Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 Ran by Pettit Family (administrator) on PETTITFAMILY-HP on 23-11-2014 09:53:58 Running from C:\Users\Pettit Family\Downloads Loaded Profiles: Pettit Family & Elli (Available profiles: Pettit Family & Elli) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe (SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe (RealNetworks, Inc.) C:\Program Files (x86)\Online Games Manager\ogmservice.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation) C:\Windows\System32\wisptis.exe (CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (Microsoft Corporation) C:\Windows\System32\wisptis.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHBA.EXE (Kersh Wellness) C:\Program Files\Kersh Wellness\Activity Monitor Utility\Kersh.TrayApplication.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATILBE.EXE (Kersh Wellness) C:\Program Files\Kersh Wellness\Activity Monitor Utility\Kersh.TrayApplication.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Portrait Displays, Inc) C:\Program Files (x86)\Hewlett-Packard\HP My Display TouchSmart Edition\OSDManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (BullGuard Ltd.) C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\LittleHook.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-08-26] (Hewlett-Packard ) HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [fssui] => C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe [884584 2012-03-08] (Microsoft Corporation) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM\...\Run: [BullGuardUpdate2] => c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [2933072 2014-11-17] (BullGuard Ltd.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.) HKLM\...\Run: [BullGuard] => c:\program files\bullguard ltd\bullguard\BullGuard.exe [1351504 2014-11-17] (BullGuard Ltd.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [DT HPO] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [121648 2011-08-19] (Portrait Displays, Inc.) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-05] (PDF Complete Inc) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.) HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION) HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Run: [SkyDrive] => C:\Users\Pettit Family\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [277672 2014-09-24] (Microsoft Corporation) HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-08-04] (Apple Inc.) HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-04-26] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.) HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHBA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /schedule 300000 HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\TS_KeyLodaded\...\Run: [Exetender] => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup HKU\TS_KeyLodaded\...\Policies\system: [LogonHoursAction] 2 HKU\TS_KeyLodaded\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILBE.EXE [297024 2013-04-26] (SEIKO EPSON CORPORATION) HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Activity Monitor Utility.lnk ShortcutTarget: Activity Monitor Utility.lnk -> C:\Program Files\Kersh Wellness\Activity Monitor Utility\Kersh.TrayApplication.exe (Kersh Wellness) Startup: C:\Users\Elli.PettitFamily-HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (No File) ShellIconOverlayIdentifiers: [BackupOverlayErr] -> {8749448C-D907-45BF-A842-4D3898894AC8} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlayInProgress] -> {3FFBF330-7839-476B-BE14-2C8597CE11B6} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.) ShellIconOverlayIdentifiers: [BackupOverlaySynced] -> {C62CF4DB-48CB-4B03-BFD0-30A29125FA49} => C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll (BullGuard Ltd.) GroupPolicyUsers\S-1-5-21-1737900368-1643728146-1281706836-1005\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 HKU\S-1-5-21-1737900368-1643728146-1281706836-1005\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com HKU\TS_KeyLodaded\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1 HKU\TS_KeyLodaded\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1 URLSearchHook: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 - (No Name) - {00000000-6E41-4FD3-8538-502F5495E5FC} - No File HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1001 -> DefaultScope {9030DCAB-1770-8285-CB79-C4B3FE96F973} URL = http://www.bing.com/search?q={searchTerms}&pc=Z178&form=ZGAIDF&install_date=20111022&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1001 -> {9030DCAB-1770-8285-CB79-C4B3FE96F973} URL = http://www.bing.com/search?q={searchTerms}&pc=Z178&form=ZGAIDF&install_date=20111022&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> {1409340E-A225-42EF-8DC0-3B9F83B8F379} URL = http://ws.infospace.com/playsushi_tbar/ws/redir?_iceUrl=true& user_id=%userid&tool_id=60231&qkw={searchTerms} SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=05E7FC6C-C499-462A-93FA-F0436679BC86&apn_sauid=EED1AAE7-5FEA-4335-A615-3B7F99CF15F8 SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> {9030DCAB-1770-8285-CB79-C4B3FE96F973} URL = http://www.bing.com/search?q={searchTerms}&pc=Z178&form=ZGAIDF&install_date=20111022&iesrc={referrer:source} SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> {b167b83b-348e-4f8a-a00d-693f28ede787} URL = http://search.expatshield.com/g/results.php?c=s&q={searchTerms} SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\TS_KeyLodaded -> {0DA2AED0-C057-4FAD-8E6F-7CA1C6F8657B} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=05E7FC6C-C499-462A-93FA-F0436679BC86&apn_sauid=EED1AAE7-5FEA-4335-A615-3B7F99CF15F8 SearchScopes: HKU\TS_KeyLodaded -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\TS_KeyLodaded -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKU\S-1-5-21-1737900368-1643728146-1281706836-1005 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 68.105.28.12 68.105.29.12 68.105.28.11 FireFox: ======== FF ProfilePath: C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\9m16m6x0.default-1400773569444 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 -> c:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 -> C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1737900368-1643728146-1281706836-1001: @nsroblox.roblox.com/launcher -> C:\Users\Pettit Family\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy.dll ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1737900368-1643728146-1281706836-1001: @nsroblox.roblox.com/launcher64 -> C:\Users\Pettit Family\AppData\Local\Roblox\Versions\version-0aae98b55b324621\\NPRobloxProxy64.dll ( ROBLOX Corporation) FF Plugin HKU\S-1-5-21-1737900368-1643728146-1281706836-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pettit Family\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\S-1-5-21-1737900368-1643728146-1281706836-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Elli.PettitFamily-HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKU\TS_KeyLodaded: @nsroblox.roblox.com/launcher -> C:\Users\Elli\AppData\Local\Roblox\Versions\version-25fee90509674ec1\\NPRobloxProxy.dll ( Roblox Corporation) FF Plugin HKU\TS_KeyLodaded: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Elli\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\Pettit Family\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC) FF Extension: Star Stable Online - C:\Users\Pettit Family\AppData\Roaming\Mozilla\Firefox\Profiles\9m16m6x0.default-1400773569444\Extensions\plugin@starstable.com [2014-06-12] FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com [2014-11-22] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-11-10] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-11-10] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-11-10] FF HKLM-x32\...\Firefox\Extensions: [antiphishing@bullguard] - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard FF Extension: BullGuard Safe Browsing - c:\program files\bullguard ltd\bullguard\Files32\Antiphishing\FF\antiphishing@bullguard [2014-07-09] FF HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Thunderbird\Extensions: [{380AE6CB-09B9-4373-B360-D01C2462A6E7}] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\backup\thunderbirdbkplugin FF Extension: BullGuard Backup - C:\Program Files\BullGuard Ltd\BullGuard\Files32\backup\thunderbirdbkplugin [2014-07-09] FF HKU\S-1-5-21-1737900368-1643728146-1281706836-1001\...\Thunderbird\Extensions: [{0E810812-F4BB-4309-942A-755587587A5E}] - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter FF Extension: BullGuard Spamfilter - C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2014-07-09] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Profile: C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21] CHR Extension: (YouTube) - C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-16] CHR Extension: (Webpage Screenshot) - C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-09-06] CHR Extension: (Google Search) - C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-16] CHR Extension: (Website Logon) - C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpgfhihjicjofdejkbjgnjlaglaciobe [2012-06-16] CHR Extension: (Google Wallet) - C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-18] CHR Extension: (Gmail) - C:\Users\Pettit Family\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-16] CHR HKLM-x32\...\Chrome\Extension: [jpgfhihjicjofdejkbjgnjlaglaciobe] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2011-06-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [779088 2014-11-17] (BullGuard Ltd.) R2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [592208 2014-11-17] (BullGuard Ltd.) R2 BsCache; C:\Program Files\BullGuard Ltd\BullGuard\BsCache.dll [156496 2014-11-17] (BullGuard Ltd.) R2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [421200 2014-11-17] (BullGuard Ltd.) R2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [756048 2014-11-17] (BullGuard Ltd.) R2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [757584 2014-11-17] (BullGuard Ltd.) R2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [538960 2014-11-17] (BullGuard Ltd.) R2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [280912 2014-11-17] (BullGuard Ltd.) R2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [384848 2014-11-17] (BullGuard Ltd.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation) R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation) R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129840 2011-08-19] (Portrait Displays, Inc.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-26] (SEIKO EPSON CORPORATION) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2375168 2011-03-07] (Realsil Microelectronics Inc.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software) R2 ogmservice; C:\Program Files (x86)\Online Games Manager\ogmservice.exe [581568 2014-03-27] (RealNetworks, Inc.) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-05] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AFW; C:\Windows\System32\DRIVERS\afw.sys [41680 2014-09-08] (Agnitum Ltd.) R3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [469712 2014-09-08] (Agnitum Ltd.) U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) R1 BdAgent; C:\Windows\System32\DRIVERS\BdAgent.sys [117184 2014-05-15] (BullGuard Ltd.) R3 BdNet; C:\Windows\System32\DRIVERS\BdNet.sys [34896 2014-03-19] (BullGuard Ltd.) R1 BdSpy; C:\Windows\System32\drivers\BdSpy.sys [67680 2014-02-26] (BullGuard Ltd.) S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows (R) Codename Longhorn DDK provider) S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R1 NovaShieldFilterDriver; C:\Windows\System32\DRIVERS\NSKernel.sys [321112 2014-10-29] (BullGuard Ltd.) R1 NovaShieldTDIDriver; C:\Windows\System32\DRIVERS\NSNetmon.sys [27544 2014-10-29] (BullGuard Ltd.) R3 NWVoltron; C:\Windows\system32\drivers\NWVoltron.sys [28440 2011-06-23] () S3 NWWakeFilterV; C:\Windows\system32\drivers\NWWakeFilterV.sys [16152 2011-06-23] (n/a) S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2011-12-15] () R3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [350160 2014-02-26] (BitDefender S.R.L.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-23 09:53 - 2014-11-23 09:54 - 00037347 _____ () C:\Users\Pettit Family\Downloads\FRST.txt 2014-11-23 09:53 - 2014-11-23 09:53 - 02118144 _____ (Farbar) C:\Users\Pettit Family\Downloads\FRST64.exe 2014-11-23 08:50 - 2014-11-23 08:50 - 00000512 _____ () C:\Windows\system32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD 2014-11-22 13:49 - 2014-11-23 01:50 - 00000000 ____D () C:\Users\Pettit Family\AppData\Local\{C0DC11AE-8CD0-4423-A087-2A16F76F7B50} 2014-11-22 08:50 - 2014-11-23 08:52 - 00000000 ____D () C:\Users\Elli.PettitFamily-HP\AppData\Local\{DAD845FA-568D-4E05-918E-8E2B63D32461} 2014-11-22 08:50 - 2014-11-22 08:50 - 00000000 _____ () C:\Users\Elli.PettitFamily-HP\Sti_Trace.log 2014-11-22 08:43 - 2014-11-22 19:06 - 00000906 _____ () C:\Windows\setupact.log 2014-11-22 08:43 - 2014-11-22 08:43 - 00000000 _____ () C:\Windows\setuperr.log 2014-11-22 08:42 - 2014-11-22 08:42 - 00000376 _____ () C:\Windows\PFRO.log 2014-11-22 01:48 - 2014-11-22 01:48 - 00000000 ____D () C:\Users\Pettit Family\AppData\Local\{18176554-E88D-4A1F-AFA2-4E5B03A0731A} 2014-11-21 11:42 - 2014-11-21 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-11-21 11:42 - 2014-11-21 11:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-21 11:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-21 11:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-11-21 11:42 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-11-19 18:42 - 2014-11-22 08:43 - 00000364 _____ () C:\Windows\Tasks\HPCeeScheduleForPettit Family.job 2014-11-19 18:42 - 2014-11-21 11:07 - 00003234 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPettit Family 2014-11-19 08:28 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-19 08:28 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-19 08:28 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-19 08:28 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-17 19:39 - 2014-11-19 08:27 - 00000000 ____D () C:\Users\Pettit Family\AppData\Local\{7D3C5DF1-BE95-44FC-862B-12A1264C131A} 2014-11-17 07:10 - 2014-11-17 07:10 - 00153712 _____ (BullGuard Ltd.) C:\Windows\system32\BgGamingMonitor.dll 2014-11-17 07:10 - 2014-11-17 07:10 - 00140280 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BgGamingMonitor.dll 2014-11-17 07:10 - 2014-11-17 07:10 - 00076624 _____ (BullGuard Ltd.) C:\Windows\system32\BGLsp.dll 2014-11-17 07:10 - 2014-11-17 07:10 - 00064336 _____ (BullGuard Ltd.) C:\Windows\SysWOW64\BGLsp.dll 2014-11-17 06:51 - 2014-11-17 06:51 - 00000000 ____D () C:\Users\Pettit Family\AppData\Local\{D6A61631-124D-483B-A1A5-7C574D73A09E} 2014-11-15 12:05 - 2014-11-15 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2014-11-12 07:50 - 2014-11-12 07:50 - 00000000 __SHD () C:\Users\Pettit Family\AppData\Local\EmieBrowserModeList 2014-11-12 01:22 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-12 01:22 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-12 01:22 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-12 01:22 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-12 01:22 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-12 01:22 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-12 01:22 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-12 01:22 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-12 01:22 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-12 01:22 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-12 01:22 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-12 01:22 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-12 01:20 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-11-12 01:20 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-11-12 01:20 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-11-12 01:20 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-11-12 01:20 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-11-12 01:20 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-11-12 01:20 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-11-12 01:20 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-11-12 01:20 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-11-12 01:20 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-11-12 01:20 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-11-12 01:20 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-11-12 01:20 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-11-12 01:20 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-11-12 01:20 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-11-12 01:20 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-11-12 01:20 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-11-12 01:20 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-11-12 01:20 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-11-12 01:20 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-11-12 01:20 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-11-12 01:20 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-11-12 01:20 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-11-12 01:20 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-11-12 01:20 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-11-12 01:20 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-11-12 01:20 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-11-12 01:20 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-11-12 01:20 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-11-12 01:20 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-11-12 01:20 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-11-12 01:20 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-11-12 01:20 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-11-12 01:20 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-11-12 01:20 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-11-12 01:20 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-11-12 01:20 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-11-12 01:20 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-11-12 01:20 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-11-12 01:20 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-11-12 01:20 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-11-12 01:20 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-11-12 01:20 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-11-12 01:20 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-11-12 01:20 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-11-12 01:20 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-11-12 01:20 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-11-12 01:20 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-11-12 01:20 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-11-12 01:20 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-11-12 01:20 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-11-12 01:20 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-11-12 01:20 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-11-12 01:20 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-11-12 01:20 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-11-12 01:20 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-11-12 01:20 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-12 01:20 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-12 01:20 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-12 01:20 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-12 01:20 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-12 01:20 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-12 01:20 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-12 01:20 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-12 01:20 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-12 01:20 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-12 01:20 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-12 01:20 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-12 01:20 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-12 01:20 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-12 01:20 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-12 01:20 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-12 01:20 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-12 01:20 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-12 01:20 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-12 01:20 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-12 01:20 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-12 01:20 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-12 01:20 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-12 01:20 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-12 01:20 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-12 01:20 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-12 01:19 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-12 01:19 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-12 01:19 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-12 01:19 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-12 01:19 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-12 01:19 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-12 01:19 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-10 10:00 - 2014-11-10 10:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-09 12:16 - 2014-11-09 12:16 - 00001154 _____ () C:\Users\Pettit Family\Desktop\Continue File Opener Installation.lnk 2014-11-08 09:04 - 2014-11-08 09:03 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-11-08 09:03 - 2014-11-08 09:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-11-08 09:03 - 2014-11-08 09:03 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-11-08 09:03 - 2014-11-08 09:03 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-11-08 09:03 - 2014-11-08 09:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-11-08 09:03 - 2014-11-08 09:03 - 00000000 ____D () C:\Program Files (x86)\Java 2014-11-05 08:23 - 2014-11-05 08:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud 2014-11-03 08:41 - 2014-11-03 08:41 - 00000000 ___HD () C:\OneDriveTemp 2014-10-29 06:51 - 2014-10-29 06:51 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk 2014-10-29 06:51 - 2014-10-29 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2014-10-29 06:51 - 2014-10-29 06:51 - 00000000 ____D () C:\Program Files (x86)\QuickTime ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-23 09:54 - 2014-07-09 11:50 - 00000000 ____D () C:\ProgramData\BullGuard 2014-11-23 09:54 - 2014-05-13 18:51 - 00000000 ____D () C:\FRST 2014-11-23 09:49 - 2012-04-09 07:56 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-11-23 09:46 - 2012-06-16 18:54 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-23 09:43 - 2013-02-20 18:14 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6F5B2C29-EA6F-4DD3-A37B-B54C70B064C4} 2014-11-23 09:36 - 2014-07-09 11:53 - 00000000 ____D () C:\Users\Pettit Family\AppData\Roaming\BullGuard 2014-11-23 09:31 - 2014-08-10 14:31 - 00000911 _____ () C:\Windows\Tasks\EPSON XP-310 Series Update {A580DEFA-24DA-4340-9332-F07688C3B58C}.job 2014-11-23 09:31 - 2014-08-10 14:31 - 00000725 _____ () C:\Windows\Tasks\EPSON XP-310 Series Invitation {A580DEFA-24DA-4340-9332-F07688C3B58C}.job 2014-11-23 09:31 - 2012-08-25 11:15 - 00000000 ____D () C:\Users\Pettit Family\AppData\Roaming\Nitro PDF 2014-11-23 09:31 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\FxsTmp 2014-11-23 09:23 - 2013-06-26 10:07 - 00000334 _____ () C:\Windows\Tasks\PrintProjects Communicator.job 2014-11-23 08:07 - 2014-05-12 07:10 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-23 03:00 - 2011-12-15 01:53 - 01242988 _____ () C:\Windows\WindowsUpdate.log 2014-11-23 02:24 - 2013-07-28 20:01 - 00005034 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for PettitFamily-HP-Pettit Family PettitFamily-HP 2014-11-22 19:09 - 2009-07-13 21:13 - 00805098 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-22 17:35 - 2012-04-07 08:38 - 00000000 ____D () C:\Users\Pettit Family\Desktop\UNUSED ITEMS 2014-11-22 17:34 - 2013-10-13 09:51 - 00000000 ____D () C:\Users\Pettit Family\Desktop\KATHRYN STUFF 2014-11-22 14:40 - 2012-04-07 07:59 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-22 14:39 - 2012-04-28 13:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-22 13:02 - 2012-06-16 18:54 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-22 13:02 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-22 13:02 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-22 08:51 - 2013-07-17 18:57 - 00000000 ___RD () C:\Users\Pettit Family\SkyDrive 2014-11-22 08:51 - 2011-12-15 02:17 - 00000000 ____D () C:\ProgramData\PDFC 2014-11-22 08:50 - 2013-02-20 18:14 - 00000902 __RSH () C:\Users\Elli.PettitFamily-HP\ntuser.pol 2014-11-22 08:50 - 2013-02-20 18:14 - 00000000 ____D () C:\Users\Elli.PettitFamily-HP 2014-11-22 08:49 - 2012-06-16 08:08 - 00000632 __RSH () C:\Users\Pettit Family\ntuser.pol 2014-11-22 08:49 - 2012-04-06 16:56 - 00000000 ____D () C:\Users\Pettit Family 2014-11-22 08:48 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-22 08:46 - 2014-07-09 12:06 - 00270724 _____ () C:\Windows\system32\config\afw_db.conf 2014-11-22 08:46 - 2014-07-09 12:06 - 00000400 _____ () C:\Windows\system32\config\afw_hm.conf 2014-11-22 08:43 - 2011-12-15 02:22 - 00000000 ____D () C:\ProgramData\truesuite 2014-11-21 12:16 - 2012-04-08 16:56 - 00000000 ____D () C:\Users\Pettit Family\Desktop\DESK TOP PICS 2014-11-21 12:15 - 2013-11-29 09:06 - 00000000 ____D () C:\Users\Pettit Family\Desktop\MISC DESK TOP STUFF 2014-11-21 12:14 - 2014-03-01 10:00 - 00000000 ____D () C:\Users\Pettit Family\Desktop\HEALTHCARE 2014-11-21 12:13 - 2012-04-06 17:03 - 00003986 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5E8967F3-C229-4BAC-827F-3C3BDF860FD8} 2014-11-21 12:12 - 2012-05-02 10:31 - 00000000 ____D () C:\Users\Pettit Family\Desktop\KRIS STUFF 2014-11-21 12:03 - 2013-10-03 15:22 - 00000000 ____D () C:\Users\Pettit Family\Desktop\ELLI STUFF 2014-11-21 11:42 - 2012-04-06 17:26 - 00000000 ___RD () C:\Users\Pettit Family\Desktop\CRAIGS LIST PICS 2014-11-21 10:59 - 2014-05-12 06:54 - 00000000 ____D () C:\AdwCleaner 2014-11-21 10:12 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-11-20 15:50 - 2014-05-20 16:19 - 00000000 ____D () C:\Users\Pettit Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox 2014-11-20 15:50 - 2014-05-15 16:55 - 00001371 _____ () C:\Users\Pettit Family\Desktop\ROBLOX Player.lnk 2014-11-17 20:05 - 2013-07-17 18:44 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-11-15 14:03 - 2012-05-02 08:40 - 00000000 ____D () C:\Users\Pettit Family\AppData\Roaming\Skype 2014-11-15 12:06 - 2012-05-02 08:40 - 00000000 ____D () C:\ProgramData\Skype 2014-11-15 12:05 - 2014-04-13 05:17 - 00002515 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-11-15 12:05 - 2012-05-02 08:40 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-11-12 11:49 - 2012-04-09 07:56 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-11-12 11:49 - 2012-04-09 07:56 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-11-12 11:49 - 2011-12-15 02:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-11-12 11:41 - 2012-06-16 18:54 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-11-12 11:41 - 2012-06-16 18:54 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-11-12 07:47 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache 2014-11-12 06:45 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-12 03:26 - 2009-07-13 20:45 - 00463592 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-12 03:25 - 2012-05-03 11:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-12 03:24 - 2014-05-07 02:00 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-12 03:06 - 2013-07-20 02:07 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-12 03:01 - 2012-04-15 07:52 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-11-09 13:32 - 2013-10-03 15:39 - 00000000 ____D () C:\Users\Pettit Family\AppData\Local\Microsoft Help 2014-11-09 10:23 - 2012-04-07 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software 2014-11-09 10:23 - 2012-04-07 09:54 - 00000000 ____D () C:\Program Files (x86)\Epson Software 2014-11-09 10:23 - 2012-04-07 09:54 - 00000000 ____D () C:\Program Files (x86)\epson 2014-11-09 10:23 - 2011-12-15 01:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-11-08 09:08 - 2013-10-19 11:06 - 00000000 ____D () C:\ProgramData\Oracle 2014-11-06 13:25 - 2012-12-05 08:02 - 00003232 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForPETTITFAMILY-HP$ 2014-11-06 13:25 - 2012-12-05 08:02 - 00000356 _____ () C:\Windows\Tasks\HPCeeScheduleForPETTITFAMILY-HP$.job 2014-11-04 14:30 - 2010-11-20 19:27 - 00275080 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-30 20:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-10-29 17:18 - 2012-04-06 17:49 - 00001165 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-29 06:24 - 2014-10-13 05:46 - 00321112 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSKernel.sys 2014-10-29 06:24 - 2014-10-13 05:46 - 00027544 _____ (BullGuard Ltd.) C:\Windows\system32\Drivers\NSNetmon.sys 2014-10-26 11:43 - 2014-10-19 10:24 - 00000000 ____D () C:\Users\Pettit Family\Desktop\TAX RETURNS 2014-10-25 16:07 - 2014-09-07 13:40 - 00000173 _____ () C:\Users\Pettit Family\AppData\Local\msmathematics.qat.Pettit Family 2014-10-24 05:55 - 2014-10-21 21:09 - 00000000 ____D () C:\Users\Pettit Family\AppData\Local\{4F9C1441-384A-4DCE-89CD-E98545DAC2BA} Some content of TEMP: ==================== C:\Users\Pettit Family\AppData\Local\Temp\Quarantine.exe C:\Users\Pettit Family\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-15 15:19 ==================== End Of Log ============================