Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Kelly (administrator) on LIVING on 27-01-2015 22:22:00
Running from C:\Users\Kelly\Downloads
Loaded Profiles: Kelly (Available profiles: Kelly)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(MicroTools) C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
() C:\Users\Kelly\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Kelly\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BATINDICATOR] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR.exe [2068992 2011-12-14] (Hewlett-Packard)
HKLM-x32\...\Run: [BATINDICATORHL] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\BATINDICATOR_HIDList.exe [557056 2010-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [OSDTool] => C:\Program Files (x86)\Hewlett-Packard\HP Keyboard\CNYHKEY.exe [2101248 2012-06-13] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-16] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
HKU\S-1-5-21-4052977653-386163532-366534634-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-4052977653-386163532-366534634-1001\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [1435136 2014-10-03] ()
HKU\S-1-5-21-4052977653-386163532-366534634-1001\...\Run: [PCKeeper2] => "C:\Program Files\Kromtech\PCKeeper\PCKeeper.exe" /autorun
HKU\S-1-5-21-4052977653-386163532-366534634-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-4052977653-386163532-366534634-1001\...\Run: [GenieoUpdaterService] => C:\Users\Kelly\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [294240 2014-10-20] ()
HKU\S-1-5-21-4052977653-386163532-366534634-1001\...\Run: [GenieoSystemTray] => C:\Users\Kelly\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [539488 2014-10-20] ()
HKU\S-1-5-18\...\Run: [GenieoUpdaterService] => C:\Users\Kelly\AppData\Roaming\Genieo\Application\Updater\bin\genupdater.exe [294240 2014-10-20] ()
HKU\S-1-5-18\...\Run: [GenieoSystemTray] => C:\Users\Kelly\AppData\Roaming\Genieo\Application\TrayUi\bin\gentray.exe [539488 2014-10-20] ()
HKU\S-1-5-18\...\Run: [StartPoint] => C:\Users\Kelly\AppData\Local\StartPoint\startpoint\1.3.18.7\startpoint.exe
HKU\S-1-5-18\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1484.0.0.0\jsdrv.exe
HKU\S-1-5-18\...\Run: [GoobzoYouTubeAccelerator] => "C:\Program Files (x86)\YouTube Accelerator\YouTubeAccelerator.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyEnable: [S-1-5-21-4052977653-386163532-366534634-1001] => Internet Explorer proxy is enabled.
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.strtpoint.com/?v=insMac&t=1411&ap=578080078
HKU\S-1-5-21-4052977653-386163532-366534634-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.bing.com/?pc=COSP&ptag=D010715-AE3372CAF8274412FA2F&form=CONMHP&conlogo=CT3330942
HKU\S-1-5-21-4052977653-386163532-366534634-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM -> {E67F2FA0-804A-4E2B-BFFF-C16E8628E10A} URL =
http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {E67F2FA0-804A-4E2B-BFFF-C16E8628E10A} URL =
http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {6A293DF6-9396-4C80-B4CC-A51E96A84702} URL =
http://search.strtpoint.com/results.html?v=insMac&t=1411&ap=578080078&q={searchTerms}&r=663
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4052977653-386163532-366534634-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-4052977653-386163532-366534634-1001 -> {E67F2FA0-804A-4E2B-BFFF-C16E8628E10A} URL =
http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: adTech Class -> {934B156A-3D17-3981-B78A-5C138F423AD6} -> C:\Users\Kelly\AppData\Roaming\pdfie\PdfConv_64.dll ()
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: adTech Class -> {934B156A-3D17-3981-B78A-5C138F423AD6} -> C:\Users\Kelly\AppData\Roaming\pdfie\PdfConv_32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
FireFox:
========
FF ProfilePath: C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\2mgjvxz0.default-1420589058988
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: SourceApp 1.0.1 - C:\Users\Kelly\AppData\Roaming\Mozilla\Firefox\Profiles\2mgjvxz0.default-1420589058988\Extensions\{95282a5e-d707-43c0-b998-d6a934a963a8}.xpi [2015-01-09]
FF Extension: Super Web Accelerator ! - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\firefox [2014-12-22]
FF HKLM-x32\...\Firefox\Extensions: [
wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-28]
Chrome:
=======
CHR HomePage: Default -> hxxp://
www.google.com
CHR StartupUrls: Default -> "hxxp://
www.google.com"
CHR Profile: C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17]
CHR Extension: (Google Drive) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-18]
CHR Extension: (YouTube) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17]
CHR Extension: (Google Search) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17]
CHR Extension: (Avast Online Security) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-17]
CHR Extension: (Google Wallet) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17]
CHR Extension: (Google Quick Scroll) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\okanipcmceoeemlbjnmnbdibhgpbllgc [2015-01-27]
CHR Extension: (SourceApp) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\okaoifjanopnhpfhindbpjfkhgpdppaa [2014-12-17]
CHR Extension: (Gmail) - C:\Users\Kelly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-16]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-16] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-12] (Microsoft Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 print server; C:\WINDOWS\UpgradeSvr.exe [106688 2014-11-17] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-18] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_P4; C:\Program Files (x86)\YouTube Downloader Services\P4\youtubeserv.exe [2968696 2014-12-13] (MicroTools)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-16] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-16] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-16] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-16] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-24] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-16] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-16] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-16] ()
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 fileHiders; C:\Windows\System32\DRIVERS\fileHiders.sys [32464 2014-12-15] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-27] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S2 SPDRIVER_1484.0.0.0; \??\C:\Program Files (x86)\ShopperPro\JSDriver\1484.0.0.0\jsdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 22:22 - 2015-01-27 22:22 - 00021167 _____ () C:\Users\Kelly\Downloads\FRST.txt
2015-01-27 22:21 - 2015-01-27 22:21 - 00001457 _____ () C:\Users\Kelly\Desktop\FRST64.exe - Shortcut.lnk
2015-01-27 22:20 - 2015-01-27 22:20 - 02129920 _____ (Farbar) C:\Users\Kelly\Downloads\FRST64.exe
2015-01-27 22:14 - 2015-01-27 22:14 - 00000622 _____ () C:\Users\Kelly\Desktop\JRT.txt
2015-01-27 22:11 - 2015-01-27 22:11 - 00004966 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LIVING-Kelly Living
2015-01-27 22:10 - 2015-01-27 22:10 - 00003228 _____ () C:\WINDOWS\System32\Tasks\DriverMgr
2015-01-27 22:10 - 2015-01-27 22:10 - 00003222 _____ () C:\WINDOWS\System32\Tasks\WinKit
2015-01-27 22:10 - 2015-01-27 22:10 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Winsta
2015-01-27 22:10 - 2015-01-27 22:10 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\WinKit
2015-01-27 22:10 - 2015-01-27 22:10 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\pdfie
2015-01-27 22:10 - 2015-01-27 22:10 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Convertor
2015-01-27 21:53 - 2015-01-27 21:53 - 01707939 _____ (Thisisu) C:\Users\Kelly\Desktop\JRT.exe
2015-01-27 20:35 - 2015-01-27 20:35 - 00026415 _____ () C:\Users\Kelly\Desktop\mbam new.txt
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\Users\Public\Documents\YTAHelper
2015-01-27 17:01 - 2015-01-27 17:01 - 00172032 _____ (Jin Hui E-mail:
jinhui@jcomsoft.com Web:
http://www.jcomsoft.com) C:\WINDOWS\SysWOW64\AniGIF.ocx
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Users\Public\Documents\ShopperPro
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Users\Public\Documents\GOOBZO
2015-01-09 20:14 - 2015-01-09 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Itibiti VoIP Phone
2015-01-09 20:14 - 2015-01-09 20:15 - 00000000 ____D () C:\Program Files (x86)\Itibiti Soft Phone
2015-01-09 20:13 - 2015-01-09 20:13 - 00000000 ____D () C:\WINDOWS\Download
2015-01-06 19:23 - 2015-01-06 19:23 - 00003504 _____ () C:\WINDOWS\System32\Tasks\BBQLeads
2015-01-06 19:23 - 2015-01-06 19:23 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\WebTest
2015-01-06 19:15 - 2015-01-06 19:17 - 00000000 ____D () C:\Users\Kelly\AppData\Local\Lavasoft
2015-01-06 19:14 - 2015-01-06 19:14 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\Lavasoft
2015-01-06 19:14 - 2015-01-06 19:14 - 00000000 ____D () C:\ProgramData\Lavasoft
2015-01-06 19:04 - 2015-01-06 19:04 - 00000000 ____D () C:\Users\Kelly\Desktop\Old Firefox Data
2015-01-06 18:49 - 2015-01-06 18:49 - 00000000 __SHD () C:\Users\Kelly\AppData\Local\EmieBrowserModeList
2015-01-03 23:35 - 2015-01-03 23:35 - 00000000 ____D () C:\Program Files (x86)\Software Update Services
2014-12-30 23:52 - 2014-12-30 23:52 - 00002678 _____ () C:\Users\Kelly\Desktop\FSS2.txt
2014-12-30 23:41 - 2014-12-30 23:41 - 00001138 _____ () C:\Users\Kelly\Desktop\checkup.txt
2014-12-30 23:17 - 2014-12-30 23:17 - 00003886 _____ () C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 22:22 - 2014-12-23 01:03 - 00000000 ____D () C:\FRST
2015-01-27 22:21 - 2013-12-18 00:24 - 00560128 ___SH () C:\Users\Kelly\Downloads\Thumbs.db
2015-01-27 22:19 - 2013-12-10 11:46 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-01-27 22:10 - 2014-12-22 22:52 - 00000000 ____D () C:\Users\Kelly\AppData\Roaming\jellylam
2015-01-27 22:10 - 2014-12-19 00:23 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2015-01-27 22:10 - 2014-12-17 21:55 - 00003764 _____ () C:\WINDOWS\System32\Tasks\Convertor
2015-01-27 22:10 - 2014-12-17 21:55 - 00003280 _____ () C:\WINDOWS\System32\Tasks\Winsta Update
2015-01-27 22:10 - 2013-12-18 02:04 - 00000000 ___DO () C:\Users\Kelly\SkyDrive
2015-01-27 22:10 - 2013-08-22 10:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2015-01-27 22:09 - 2013-11-25 02:04 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4052977653-386163532-366534634-1001
2015-01-27 22:04 - 2014-02-02 21:25 - 00475648 ___SH () C:\Users\Kelly\Desktop\Thumbs.db
2015-01-27 22:00 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-27 21:58 - 2014-12-17 21:45 - 00000920 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-27 21:58 - 2014-12-17 21:45 - 00000916 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-27 21:51 - 2013-12-17 21:46 - 00000000 ____D () C:\Users\Kelly\Tracing
2015-01-27 21:04 - 2012-08-24 18:00 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2015-01-27 21:02 - 2014-12-17 21:44 - 00003198 _____ () C:\WINDOWS\UpgradeSvr.exe.log
2015-01-27 21:02 - 2013-11-14 02:20 - 01005720 _____ () C:\WINDOWS\PFRO.log
2015-01-27 21:02 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-27 21:01 - 2014-12-22 22:35 - 00000000 ____D () C:\AdwCleaner
2015-01-27 21:01 - 2013-12-18 01:05 - 00000000 ____D () C:\Users\Kelly
2015-01-27 21:00 - 2012-08-24 18:09 - 00000000 ____D () C:\ProgramData\Temp
2015-01-27 20:47 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-27 20:33 - 2014-12-22 00:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-27 20:33 - 2014-12-21 23:58 - 00000000 ____D () C:\Users\Kelly\Desktop\mbar
2015-01-27 20:33 - 2014-12-18 23:41 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-27 20:19 - 2013-12-10 11:46 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-01-27 20:04 - 2014-12-18 23:41 - 00097496 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-01-27 20:02 - 2013-11-25 01:58 - 00003918 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0739E881-050B-4741-8D6F-9172584A47C7}
2015-01-27 19:54 - 2014-12-21 00:47 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-01-27 17:34 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\IME
2015-01-27 17:33 - 2013-08-22 08:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-27 17:33 - 2013-08-22 08:25 - 00000229 _____ () C:\WINDOWS\win.ini
2015-01-27 17:25 - 2014-12-17 21:46 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-27 17:19 - 2013-12-18 01:22 - 01418273 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-27 17:12 - 2014-01-28 19:51 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-01-27 16:58 - 2014-12-17 21:54 - 00000030 _____ () C:\WINDOWS\UpdateSvrCfg.dat
2015-01-27 16:57 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-09 20:13 - 2014-12-17 21:44 - 00000000 ____D () C:\Program Files (x86)\Ainishare
2015-01-09 20:11 - 2014-12-21 01:27 - 00000000 ____D () C:\Users\Kelly\AppData\Local\CrashDumps
2015-01-05 19:42 - 2014-01-16 17:59 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2015-01-05 19:41 - 2014-01-16 17:59 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-05 18:38 - 2014-12-17 22:01 - 00000000 ____D () C:\ProgramData\Optimizer
2015-01-05 18:37 - 2014-12-17 22:04 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-01-03 23:35 - 2014-12-17 22:01 - 00000000 ____D () C:\Program Files (x86)\YouTube Downloader Services
2015-01-03 07:34 - 2014-02-11 20:34 - 00003160 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForKelly
2015-01-03 07:34 - 2014-02-11 20:34 - 00000346 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForKelly.job
2014-12-30 23:43 - 2014-12-23 23:32 - 00002678 _____ () C:\Users\Kelly\Desktop\FSS.txt
==================== Files in the root of some directories =======
2014-04-07 18:51 - 2014-04-07 19:04 - 0000822 _____ () C:\ProgramData\hpzinstall.log
2012-08-24 19:13 - 2012-08-24 19:13 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some content of TEMP:
====================
C:\Users\Kelly\AppData\Local\Temp\cabex.dll
C:\Users\Kelly\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Kelly\AppData\Local\Temp\GsDownload.dll
C:\Users\Kelly\AppData\Local\Temp\InstallGenieo.exe
C:\Users\Kelly\AppData\Local\Temp\Itibiti_Knctr_B.exe
C:\Users\Kelly\AppData\Local\Temp\Quarantine.exe
C:\Users\Kelly\AppData\Local\Temp\Setup.exe
C:\Users\Kelly\AppData\Local\Temp\SpOrder.dll
C:\Users\Kelly\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Kelly\AppData\Local\Temp\sqlite3.dll
C:\Users\Kelly\AppData\Local\Temp\unelevate.exe
C:\Users\Kelly\AppData\Local\Temp\ytaiesmt_smtyc_setup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-27 21:17
==================== End Of Log ============================