Jump to content

DRMAK

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by DRMAK

    Multiple Conhost/Malware Removal Process ?+++

    in Resolved Malware Removal Logs

    Posted

    Cut and Paste below is the FRST.text file generated after downloading and running the Farbar Recovery Scan Tool. I also attached the FRST.text file. I did not see any Addition.text file that the Infection Removal Post  said might be generated as well.

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
    Ran by mkegelmeyer (administrator) on MKEGELMEYE-5520 on 02-06-2014 23:07:23
    Running from C:\Users\MKegelmeyer\Downloads
    Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
    (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe
    (Kaseya International Limited) C:\Program Files (x86)\Kaseya\ITMNGS62408415716030\AgentMon.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (O2Micro International) C:\Windows\System32\drivers\o2flash.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
    (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
    () C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe
    (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
    ( ) C:\Program Files (x86)\Kaseya\ITMNGS62408415716030\extensions\Lua.exe
    ( ) C:\Program Files (x86)\Kaseya\ITMNGS62408415716030\extensions\Lua.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
    (NETGEAR,Inc.) C:\Program Files (x86)\NETGEAR\A6200\A6200.exe
    () C:\Users\MKegelmeyer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
    (Dell Inc.) C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe
    (Kaseya International Limited) C:\Program Files (x86)\Kaseya\ITMNGS62408415716030\KaUsrTsk.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Windows\CCM\CcmExec.exe
    (Microsoft Corporation) C:\Windows\CCM\RemCtrl\CmRcService.exe
    (Microsoft Corporation) C:\Windows\CCM\SCNotification.exe
    (Dropbox, Inc.) C:\Users\MKegelmeyer\AppData\Roaming\Dropbox\bin\Dropbox.exe
    (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
    (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    (Microsoft Corporation) C:\Windows\splwow64.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
    (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
    (Farbar) C:\Users\MKegelmeyer\Downloads\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [608112 2011-07-07] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-07-07] (IDT, Inc.)
    HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
    HKLM\...\Run: [GENIE] => C:\Program Files (x86)\NETGEAR\A6200\A6200.exe [348888 2013-02-18] (NETGEAR,Inc.)
    HKLM\...\Run: [LanuchApp] => C:\Program Files (x86)\NETGEAR\A6200\LanuchApp.exe [15136 2012-07-11] ()
    HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [KASHITMNGS62408415716030] => C:\Program Files (x86)\Kaseya\ITMNGS62408415716030\KaUsrTsk.exe [577536 2012-10-31] (Kaseya International Limited)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-04-23] (Apple Inc.)
    HKLM-x32\...\Run: [TkBellExe] => c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-09-12] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
    HKLM-x32\...\Run: [EPSON_UD_START] => C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UD.exe [534664 2011-11-17] (SEIKO EPSON CORPORATION)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-26] (Apple Inc.)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
    HKU\S-1-5-21-1982757585-2042905834-2141916652-10935\...\Run: [Amazon Cloud Player] => C:\Users\MKegelmeyer\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
    HKU\S-1-5-21-1982757585-2042905834-2141916652-10935\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
    HKU\S-1-5-21-1982757585-2042905834-2141916652-10935\...\MountPoints2: {313c5dc1-1fa6-11e2-ad26-ef024b18b194} - E:\LaunchU3.exe -a
    HKU\S-1-5-21-1982757585-2042905834-2141916652-10935\...\MountPoints2: {40581883-9433-11e3-9cbc-d067e5364b10} - E:\EMP_UDSe.exe /autorun
    HKU\S-1-5-21-1982757585-2042905834-2141916652-10935\...\MountPoints2: {5e7ba37a-0a91-11e2-8f7f-a2ab49b80a81} - E:\EMP_UDSe.exe /autorun
    HKU\S-1-5-21-1982757585-2042905834-2141916652-10935\...\MountPoints2: {b7979f5f-01af-11e2-86ef-806e6f6e6963} - D:\PhotoApp.exe -autorun
    HKU\S-1-5-21-1982757585-2042905834-2141916652-10935\...\MountPoints2: {ee832c38-cc41-11e1-aaee-806e6f6e6963} - D:\autorun.exe
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell System Manager.lnk
    ShortcutTarget: Dell System Manager.lnk -> C:\Program Files\Dell\Dell System Manager\DCPSysMgr.exe (Dell Inc.)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk
    ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe ()
    Startup: C:\Users\MKegelmeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    ShortcutTarget: Dropbox.lnk -> C:\Users\MKegelmeyer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    Startup: C:\Users\MKegelmeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
    ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

    ==================== Internet (Whitelisted) ====================

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x093418F72BF3CC01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
    BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
    BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
    Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
    Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

    FireFox:
    ========
    FF ProfilePath: C:\Users\MKegelmeyer\AppData\Roaming\Mozilla\Firefox\Profiles\5xdmjrsm.default
    FF Homepage: google.com
    FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
    FF Plugin: @microsoft.com/GENUINE - disabled No File
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll (Catalina Marketing Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
    FF Extension: Add to Amazon Wish List Button - C:\Users\MKegelmeyer\AppData\Roaming\Mozilla\Firefox\Profiles\5xdmjrsm.default\Extensions\amznUWL2@amazon.com.xpi [2012-11-02]
    FF Extension: Pin It button - C:\Users\MKegelmeyer\AppData\Roaming\Mozilla\Firefox\Profiles\5xdmjrsm.default\Extensions\pinterest@robertnyman.com.xpi [2014-01-20]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2014-05-13]
    FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-05-13]
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-12]
    FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
    FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

    Chrome:
    =======
    CHR DefaultSearchKeyword: search.conduit.com
    CHR DefaultSearchProvider: Conduit
    CHR DefaultNewTabURL:
    CHR Extension: (RealDownloader) - C:\Users\MKegelmeyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-08-11]
    CHR Extension: (Skype Click to Call) - C:\Users\MKegelmeyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-08-11]
    CHR Extension: (Google Wallet) - C:\Users\MKegelmeyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-01]
    CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
    CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Services (Whitelisted) =================

    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
    R2 CcmExec; C:\Windows\CCM\CcmExec.exe [1571000 2013-09-11] (Microsoft Corporation)
    R2 CmRcService; C:\Windows\CCM\RemCtrl\CmRcService.exe [577720 2013-09-11] (Microsoft Corporation)
    R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.6\EMP_UDSA.exe [157696 2011-11-17] (SEIKO EPSON CORPORATION)
    R2 KAITMNGS62408415716030; C:\Program Files (x86)\Kaseya\ITMNGS62408415716030\AgentMon.exe [1101824 2013-04-18] (Kaseya International Limited)
    S3 lpasvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
    S3 lppsvc; C:\Program Files\Microsoft Policy Platform\policyHost.exe [50280 2012-08-02] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
    R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
    R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
    S3 smstsmgr; C:\Windows\CCM\TSManager.exe [276152 2013-09-11] (Microsoft Corporation)
    S3 vmvss; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
    R2 WNDA6200; C:\Program Files (x86)\NETGEAR\A6200\WifiService.exe [29984 2012-09-24] ()

    ==================== Drivers (Whitelisted) ====================

    S3 A6200; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [2567984 2013-02-28] (Broadcom Corporation)
    R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306536 2011-03-04] ()
    R3 EMP_MIRRUD; C:\Windows\System32\DRIVERS\EMP_MirrUD.sys [5632 2011-11-17] (Windows ® Codename Longhorn DDK provider)
    R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-11-17] (SEIKO EPSON CORPORATION)
    R3 KAPFA; C:\Windows\system32\drivers\KAPFA.SYS [35048 2013-01-07] (Kaseya)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-02] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
    R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
    R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
    R1 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-26] (CACE Technologies, Inc.)
    R3 prepdrvr; C:\Windows\System32\DRIVERS\prepdrv.sys [26984 2013-09-11] (Microsoft Corporation)
    S3 pvscsi; C:\Windows\system32\drivers\pvscsi.sys [39984 2010-05-09] (VMware, Inc.)
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 vmci; system32\DRIVERS\vmci.sys [X]

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-06-02 23:06 - 2014-06-02 23:06 - 02068992 _____ (Farbar) C:\Users\MKegelmeyer\Downloads\FRST64(1).exe
    2014-05-31 16:52 - 2014-05-31 16:52 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-05-31 16:52 - 2014-05-31 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-05-31 16:51 - 2014-05-31 16:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-05-31 16:51 - 2014-05-31 16:52 - 00000000 ____D () C:\Program Files\iTunes
    2014-05-31 16:51 - 2014-05-31 16:52 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-05-31 16:51 - 2014-05-31 16:51 - 00000000 ____D () C:\Program Files\iPod
    2014-05-25 16:01 - 2014-05-25 16:01 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\Happy Artist Studio
    2014-05-25 15:59 - 2014-05-25 15:59 - 00003172 _____ () C:\Windows\System32\Tasks\{154955EA-1297-4810-B4B2-6DF0E3CF5E43}
    2014-05-25 15:51 - 2014-05-25 15:51 - 82540896 _____ () C:\Users\MKegelmeyer\Downloads\InstallSaleFrenzy.exe
    2014-05-24 19:22 - 2014-06-02 22:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-05-24 19:16 - 2014-05-24 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-24 19:16 - 2014-05-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-24 19:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-24 19:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-19 23:04 - 2014-05-19 23:04 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive
    2014-05-19 22:49 - 2014-05-19 22:50 - 37318840 _____ (Disney Interactive) C:\Users\MKegelmeyer\Downloads\DisneyInfinityInstaller.exe
    2014-05-19 22:38 - 2014-05-19 22:38 - 00000000 ____D () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012-5
    2014-05-19 01:41 - 2014-05-19 01:41 - 00000000 ____D () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012-1
    2014-05-19 01:40 - 2014-05-19 01:40 - 08333201 _____ () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012-1.zip
    2014-05-19 01:35 - 2014-05-19 01:35 - 08333201 _____ () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012(1).zip
    2014-05-19 01:33 - 2014-05-19 01:33 - 00000000 ____D () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012
    2014-05-19 01:32 - 2014-05-19 01:32 - 08333201 _____ () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012.zip
    2014-05-19 01:28 - 2014-05-19 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-05-19 01:28 - 2014-05-19 01:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-05-18 23:56 - 2014-05-27 02:08 - 00000000 ____D () C:\Users\MKegelmeyer\Desktop\Evals
    2014-05-16 13:08 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-05-16 13:08 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-05-16 13:05 - 2014-05-05 17:46 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-16 13:05 - 2014-05-05 17:21 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-16 13:05 - 2014-05-05 17:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-16 13:05 - 2014-05-05 16:32 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-16 13:05 - 2014-05-05 16:14 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-16 13:05 - 2014-05-05 16:14 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-05-15 21:15 - 2014-05-15 21:16 - 00020292 ____H () C:\Users\MKegelmeyer\Documents\~WRL4063.tmp
    2014-05-14 23:49 - 2014-05-28 12:06 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\DropboxMaster
    2014-05-13 13:18 - 2014-05-13 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-13 12:22 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-05-13 12:22 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-05-13 12:22 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-05-13 12:22 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-05-13 12:22 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-05-13 12:22 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-05-13 12:22 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-05-13 12:22 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-05-13 12:22 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-05-13 12:22 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-05-13 12:22 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-05-13 12:22 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-05-13 12:22 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-05-13 12:22 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-05-13 12:22 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-05-13 12:22 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-05-13 12:22 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-05-13 12:22 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-05-13 12:22 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-05-13 12:22 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-05-13 12:22 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-05-13 12:22 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-05-13 12:22 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-05-13 12:22 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-05-13 12:22 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll

    ==================== One Month Modified Files and Folders =======

    2014-06-02 23:07 - 2014-03-30 16:52 - 00022403 _____ () C:\Users\MKegelmeyer\Downloads\FRST.txt
    2014-06-02 23:07 - 2014-03-30 16:51 - 00000000 ____D () C:\FRST
    2014-06-02 23:07 - 2012-07-12 10:01 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Local\Temp
    2014-06-02 23:06 - 2014-06-02 23:06 - 02068992 _____ (Farbar) C:\Users\MKegelmeyer\Downloads\FRST64(1).exe
    2014-06-02 23:06 - 2012-08-01 18:51 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-06-02 22:51 - 2014-05-24 19:22 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-06-02 22:48 - 2012-09-28 12:15 - 00000000 ____D () C:\Users\MKegelmeyer\Documents\Outlook Files
    2014-06-02 22:25 - 2013-03-18 21:34 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-06-02 21:04 - 2012-07-12 09:56 - 01980323 _____ () C:\Windows\WindowsUpdate.log
    2014-06-02 17:56 - 2012-08-23 20:46 - 00000114 __RSH () C:\ProgramData\3002.xml
    2014-06-02 16:46 - 2012-07-12 09:52 - 00017920 _____ () C:\Windows\system32\rpcnetp.exe
    2014-06-02 13:21 - 2012-07-26 12:26 - 00000000 ____D () C:\Users\MKegelmeyer\Desktop\WORK
    2014-06-02 12:30 - 2012-07-12 09:56 - 00061186 __RSH () C:\ProgramData\ntuser.pol
    2014-06-02 12:07 - 2013-03-17 12:13 - 00000000 ____D () C:\Windows\ccmcache
    2014-06-02 12:06 - 2012-08-01 18:51 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-06-02 11:37 - 2012-07-12 09:54 - 00000232 _____ () C:\Windows\system32\config\netlogon.ftl
    2014-06-02 09:50 - 2012-07-12 10:04 - 00000000 ____D () C:\kworking
    2014-06-01 23:55 - 2012-08-12 01:13 - 00000000 ___RD () C:\Users\MKegelmeyer\Dropbox
    2014-06-01 18:31 - 2012-08-12 01:12 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\Dropbox
    2014-06-01 00:39 - 2014-02-21 22:09 - 00000000 ____D () C:\Users\MKegelmeyer\Desktop\GROUPON
    2014-05-31 19:46 - 2013-08-11 22:58 - 00003346 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1982757585-2042905834-2141916652-10935
    2014-05-31 19:46 - 2013-08-11 22:58 - 00003224 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1982757585-2042905834-2141916652-10935
    2014-05-31 16:52 - 2014-05-31 16:52 - 00001789 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-05-31 16:52 - 2014-05-31 16:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-05-31 16:52 - 2014-05-31 16:51 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
    2014-05-31 16:52 - 2014-05-31 16:51 - 00000000 ____D () C:\Program Files\iTunes
    2014-05-31 16:52 - 2014-05-31 16:51 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-05-31 16:51 - 2014-05-31 16:51 - 00000000 ____D () C:\Program Files\iPod
    2014-05-30 18:07 - 2012-08-30 13:02 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\Skype
    2014-05-28 12:10 - 2009-07-13 21:45 - 00029936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-05-28 12:10 - 2009-07-13 21:45 - 00029936 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-05-28 12:07 - 2009-07-13 22:13 - 00733104 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-05-28 12:06 - 2014-05-14 23:49 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\DropboxMaster
    2014-05-28 12:06 - 2012-08-12 01:12 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
    2014-05-28 12:06 - 2012-07-12 10:01 - 00000000 ___RD () C:\Users\MKegelmeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    2014-05-28 12:05 - 2013-03-17 12:13 - 00000570 _____ () C:\Windows\SMSCFG.ini
    2014-05-28 12:02 - 2014-03-30 14:41 - 00013292 _____ () C:\Windows\PFRO.log
    2014-05-28 12:02 - 2014-03-08 21:44 - 00001615 _____ () C:\Windows\setupact.log
    2014-05-28 12:02 - 2012-07-12 09:58 - 00069792 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
    2014-05-28 12:02 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-05-28 01:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-05-28 01:01 - 2014-02-21 22:41 - 00000000 ____D () C:\Users\MKegelmeyer\Desktop\LIVINGSOCIAL
    2014-05-27 02:08 - 2014-05-18 23:56 - 00000000 ____D () C:\Users\MKegelmeyer\Desktop\Evals
    2014-05-25 16:01 - 2014-05-25 16:01 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\Happy Artist Studio
    2014-05-25 15:59 - 2014-05-25 15:59 - 00003172 _____ () C:\Windows\System32\Tasks\{154955EA-1297-4810-B4B2-6DF0E3CF5E43}
    2014-05-25 15:59 - 2012-10-08 19:49 - 00000000 ____D () C:\Program Files (x86)\Shockwave.com
    2014-05-25 15:51 - 2014-05-25 15:51 - 82540896 _____ () C:\Users\MKegelmeyer\Downloads\InstallSaleFrenzy.exe
    2014-05-24 19:40 - 2012-02-26 20:00 - 00000000 ____D () C:\Windows\Minidump
    2014-05-24 19:16 - 2014-05-24 19:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-05-24 19:16 - 2014-05-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-05-24 19:16 - 2012-08-26 03:37 - 00000000 ____D () C:\Users\MKegelmeyer\AppData\Roaming\Malwarebytes
    2014-05-24 19:16 - 2012-08-26 03:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-05-20 18:19 - 2012-07-23 23:03 - 00000000 ____D () C:\Users\MKegelmeyer\Desktop\other
    2014-05-20 18:16 - 2013-10-01 23:31 - 00000000 ____D () C:\Users\MKegelmeyer\Desktop\AudioNote - Notepad and Voice Recorder (Download)
    2014-05-19 23:04 - 2014-05-19 23:04 - 00000000 ____D () C:\Program Files (x86)\Disney Interactive
    2014-05-19 23:04 - 2012-08-06 18:13 - 00000000 ___HD () C:\Program Files (x86)\installshield installation information
    2014-05-19 22:50 - 2014-05-19 22:49 - 37318840 _____ (Disney Interactive) C:\Users\MKegelmeyer\Downloads\DisneyInfinityInstaller.exe
    2014-05-19 22:38 - 2014-05-19 22:38 - 00000000 ____D () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012-5
    2014-05-19 17:34 - 2012-10-29 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-05-19 01:41 - 2014-05-19 01:41 - 00000000 ____D () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012-1
    2014-05-19 01:40 - 2014-05-19 01:40 - 08333201 _____ () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012-1.zip
    2014-05-19 01:35 - 2014-05-19 01:35 - 08333201 _____ () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012(1).zip
    2014-05-19 01:33 - 2014-05-19 01:33 - 00000000 ____D () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012
    2014-05-19 01:32 - 2014-05-19 01:32 - 08333201 _____ () C:\Users\MKegelmeyer\Downloads\WSE_Jan_2012.zip
    2014-05-19 01:28 - 2014-05-19 01:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-05-19 01:28 - 2014-05-19 01:28 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-05-18 19:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2014-05-16 19:47 - 2012-07-12 10:01 - 00000000 ___RD () C:\Users\MKegelmeyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
    2014-05-16 19:42 - 2012-07-12 09:52 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.dll
    2014-05-16 19:41 - 2012-07-12 09:52 - 00017920 _____ () C:\Windows\SysWOW64\rpcnetp.exe
    2014-05-16 19:40 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-05-16 13:08 - 2012-02-24 12:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-05-16 12:45 - 2012-07-12 10:01 - 00003114 __RSH () C:\Users\MKegelmeyer\ntuser.pol
    2014-05-16 12:45 - 2012-07-12 10:01 - 00000000 ____D () C:\Users\MKegelmeyer
    2014-05-15 21:16 - 2014-05-15 21:15 - 00020292 ____H () C:\Users\MKegelmeyer\Documents\~WRL4063.tmp
    2014-05-13 13:18 - 2014-05-13 13:18 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-05-13 12:25 - 2013-03-18 21:34 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-05-13 12:25 - 2013-03-18 21:34 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-05-13 12:25 - 2012-02-24 12:21 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-05-13 12:02 - 2012-08-01 18:51 - 00003904 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
    2014-05-13 12:01 - 2012-08-01 18:51 - 00003652 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
    2014-05-13 11:26 - 2012-07-12 10:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-05-12 07:26 - 2014-05-24 19:16 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-05-12 07:26 - 2014-05-24 19:16 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-05-12 07:25 - 2012-08-26 03:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-05-05 17:46 - 2014-05-16 13:05 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-05-05 17:21 - 2014-05-16 13:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-05-05 17:21 - 2014-05-16 13:05 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-05-05 16:32 - 2014-05-16 13:05 - 12347392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-05-05 16:14 - 2014-05-16 13:05 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-05-05 16:14 - 2014-05-16 13:05 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\kcssetup.exe
    C:\Users\MKegelmeyer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxypdvw.dll
    C:\Users\MKegelmeyer\AppData\Local\Temp\lowproc.exe
    C:\Users\MKegelmeyer\AppData\Local\Temp\Quarantine.exe
    C:\Users\MKegelmeyer\AppData\Local\Temp\stubhelper.dll


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


    LastRegBack: 2014-05-29 11:01

    ==================== End Of Log ============================

    CONHOSTRemoval.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.