jakerupe

Everttihng seems good, thanks and yes you can close thread

eset reults.... C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win64/Patched.I trojan Security Check log.... Results of screen317's Security Check version 0.99.84 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 60 Adobe Reader XI Google Chrome 35.0.1916.114 Google Chrome 35.0.1916.153 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials msseces.exe Windows Defender MSMpEng.exe Microsoft Security Client Antimalware MsMpEng.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

I was able to export.... Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 6/14/2014 Scan Time: 7:33:07 PM Logfile: e.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.06.14.07 Rootkit Database: v2014.06.02.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: jrupert Scan Type: Threat Scan Result: Completed Objects Scanned: 365718 Time Elapsed: 10 min, 9 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end)

So music and ads are gone since this reboot from the fixlog, MBAM did not find anythinng and it wont let me copy anything to the clipboard?

It made me reboot but here is the log, running MBAM now Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02 Ran by jrupert at 2014-06-14 19:23:12 Run:1 Running from C:\Users\jrupert\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** Start Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll 2014-06-09 15:48 - 2014-06-10 18:23 - 00037376 _____ () C:\windows\system32\tpjvh.wbi 2014-05-24 10:54 - 2014-06-14 18:03 - 00000084 _____ () C:\windows\system32\optfi.uzj 2014-05-24 10:43 - 2014-06-10 18:23 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz 2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu 2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr C:\Users\jrupert\AppData\Local\Temp\Extract.exe C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\jrupert\AppData\Local\Temp\SP64316.exe C:\Users\jrupert\AppData\Local\Temp\SP64639.exe C:\Users\jrupert\AppData\Local\Temp\SP64676.exe C:\Users\Owner\AppData\Local\Temp\uninstall.exe C:\Users\StephanieM\AppData\Local\Temp\Extract.exe C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe End ***************** C:\Windows\System32\rpcss.dll => Moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll C:\windows\system32\tpjvh.wbi => Moved successfully. C:\windows\system32\optfi.uzj => Moved successfully. Could not move "C:\windows\system32\nrqyuxi.tvz" => Scheduled to move on reboot. C:\windows\system32\sokot.mtu => Moved successfully. Could not move "C:\windows\system32\cruyjpa.akr" => Scheduled to move on reboot. C:\Users\jrupert\AppData\Local\Temp\Extract.exe => Moved successfully. C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe => Moved successfully. C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully. C:\Users\jrupert\AppData\Local\Temp\SP64316.exe => Moved successfully. C:\Users\jrupert\AppData\Local\Temp\SP64639.exe => Moved successfully. C:\Users\jrupert\AppData\Local\Temp\SP64676.exe => Moved successfully. C:\Users\Owner\AppData\Local\Temp\uninstall.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\Extract.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe => Moved successfully. C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully. => Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-14 19:28:56)<= C:\windows\system32\nrqyuxi.tvz => Is moved successfully. C:\windows\system32\cruyjpa.akr => Is moved successfully. ==== End of Fixlog ====

Sorry...seartch result Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02 Ran by jrupert at 2014-06-14 18:58:48 Running from C:\Users\jrupert\Desktop Boot Mode: Normal ================== Search Files: "rpcss.dll" ============= C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll [2010-11-20 22:24][2010-11-20 22:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed] C:\Windows\System32\rpcss.dll [2010-11-20 22:24][2010-11-20 22:24] 0520192 ____A (Microsoft Corporation) 6BE8548CC4D44912BFA8B7818BD5E614 ====== End Of Search ======

I noticed that dll called out in the first log, here is the new log; Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by jrupert (administrator) on LAPTOP19 on 14-06-2014 18:52:28 Running from C:\Users\jrupert\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (AMD) C:\Windows\System32\atieclxx.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation) HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-12-27] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-27] (Synaptics Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630952 2012-07-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] () HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-21] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-10-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®)) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14] CHR Extension: (Google Drive) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21] CHR Extension: (YouTube) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14] CHR Extension: (McAfee Security Scan+) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-06-14] CHR Extension: (Google Search) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14] CHR Extension: (Grepolis Report Converter) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eediamimojgbnjfaalcnlonenfdcogop [2014-04-15] CHR Extension: (Google Wallet) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14] CHR Extension: (Gmail) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed] R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-14] (SurfRight B.V.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed] S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed] R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2013-07-26] (ArcSoft, Inc.) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-07-26] (Advanced Micro Devices, Inc.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2013-07-26] (ArcSoft, Inc.) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.) R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-14 18:12 - 2014-06-14 18:14 - 00033096 _____ () C:\Users\jrupert\Desktop\Addition.txt 2014-06-14 18:08 - 2014-06-14 18:52 - 00019339 _____ () C:\Users\jrupert\Desktop\FRST.txt 2014-06-14 18:08 - 2014-06-14 18:52 - 00000000 ____D () C:\FRST 2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe 2014-06-14 17:50 - 2014-06-14 18:15 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar 2014-06-14 17:50 - 2014-06-14 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-06-14 14:53 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-14 14:41 - 2014-06-14 18:44 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-14 14:40 - 2014-06-14 17:50 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-06-14 14:40 - 2014-06-14 17:49 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-14 14:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-06-14 14:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-09 15:48 - 2014-06-10 18:23 - 00037376 _____ () C:\windows\system32\tpjvh.wbi 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx 2014-05-24 10:54 - 2014-06-14 18:03 - 00000084 _____ () C:\windows\system32\optfi.uzj 2014-05-24 10:43 - 2014-06-10 18:23 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz 2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu 2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr 2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun 2014-05-22 16:19 - 2014-05-22 16:22 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp 2014-05-22 16:14 - 2014-05-22 16:15 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif 2014-05-19 07:36 - 2014-05-19 08:00 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015 2014-05-18 12:16 - 2014-05-18 14:30 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015 ==================== One Month Modified Files and Folders ======= 2014-06-14 18:52 - 2014-06-14 18:08 - 00019339 _____ () C:\Users\jrupert\Desktop\FRST.txt 2014-06-14 18:52 - 2014-06-14 18:08 - 00000000 ____D () C:\FRST 2014-06-14 18:52 - 2014-04-14 16:12 - 00000000 ____D () C:\Users\jrupert\AppData\Local\Temp 2014-06-14 18:44 - 2014-06-14 14:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-14 18:44 - 2013-12-08 14:14 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-14 18:29 - 2013-10-16 08:32 - 01389254 _____ () C:\windows\WindowsUpdate.log 2014-06-14 18:15 - 2014-06-14 17:50 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar 2014-06-14 18:15 - 2014-06-14 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-06-14 18:14 - 2014-06-14 18:12 - 00033096 _____ () C:\Users\jrupert\Desktop\Addition.txt 2014-06-14 18:09 - 2013-12-08 14:14 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe 2014-06-14 18:03 - 2014-05-24 10:54 - 00000084 _____ () C:\windows\system32\optfi.uzj 2014-06-14 18:02 - 2012-04-24 16:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-14 17:50 - 2014-06-14 14:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-06-14 17:49 - 2014-06-14 14:40 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-06-14 15:00 - 2014-06-14 14:53 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-06-14 14:38 - 2014-04-14 18:21 - 00000000 ____D () C:\Users\jrupert\Documents\Bluetooth Folder 2014-06-14 13:47 - 2009-07-14 00:13 - 00786726 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-06-14 13:44 - 2013-10-16 09:09 - 00000000 ____D () C:\ProgramData\McAfee 2014-06-14 13:44 - 2012-04-24 16:56 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-06-14 13:44 - 2012-04-24 16:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-14 13:44 - 2012-04-24 16:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-06-14 13:44 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-14 13:39 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-14 13:39 - 2009-07-13 23:51 - 00064951 _____ () C:\windows\setupact.log 2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-14 03:01 - 2014-04-14 16:13 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{27BB9FF6-E2B7-482F-B2C3-ACF4B1CDE0C8} 2014-06-12 12:24 - 2013-12-12 14:34 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-06-12 12:23 - 2014-04-17 12:32 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk 2014-06-10 18:23 - 2014-06-09 15:48 - 00037376 _____ () C:\windows\system32\tpjvh.wbi 2014-06-10 18:23 - 2014-05-24 10:43 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx 2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu 2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr 2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun 2014-05-22 16:22 - 2014-05-22 16:19 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp 2014-05-22 16:15 - 2014-05-22 16:14 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif 2014-05-19 08:00 - 2014-05-19 07:36 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015 2014-05-18 14:30 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015 Some content of TEMP: ==================== C:\Users\jrupert\AppData\Local\Temp\Extract.exe C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\jrupert\AppData\Local\Temp\SP64316.exe C:\Users\jrupert\AppData\Local\Temp\SP64639.exe C:\Users\jrupert\AppData\Local\Temp\SP64676.exe C:\Users\Owner\AppData\Local\Temp\uninstall.exe C:\Users\StephanieM\AppData\Local\Temp\Extract.exe C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0520192 ____A (Microsoft Corporation) 6BE8548CC4D44912BFA8B7818BD5E614 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 17:52 ==================== End Of Log ============================

Malware bytes does not find the problem but the mailicious site blocekr is popoing up stopping things outbound. one is hoeger.biz. Anyway I ran FARBAR and here is the FRST log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02 Ran by jrupert (administrator) on LAPTOP19 on 14-06-2014 18:08:29 Running from C:\Users\jrupert\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (AMD) C:\Windows\System32\atiesrxx.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe (Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe (ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (AMD) C:\Windows\System32\atieclxx.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe (DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SurfRight B.V.) C:\Users\jrupert\Downloads\Spy Ware\HitmanPro_x64.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Malwarebytes Corp.) C:\Users\jrupert\Downloads\Spy Ware\mbar-1.07.0.1012.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Malwarebytes Corporation) C:\Users\jrupert\Desktop\mbar\mbar.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company) HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe" HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation) HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-12-27] (IDT, Inc.) HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-27] (Synaptics Incorporated) HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630952 2012-07-09] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] () HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.) HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-21] (Hewlett-Packard) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-10-31] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation) HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard) HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe, Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X] HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®)) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\S-1-5-21-3519878213-2112013395-2533214694-1142\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware) HKU\S-1-5-21-3519878213-2112013395-2533214694-1142-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1 StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 10.0.0.1 FireFox: ======== FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14] CHR Extension: (Google Drive) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14] CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21] CHR Extension: (YouTube) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14] CHR Extension: (McAfee Security Scan+) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-06-14] CHR Extension: (Google Search) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14] CHR Extension: (Grepolis Report Converter) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eediamimojgbnjfaalcnlonenfdcogop [2014-04-15] CHR Extension: (Google Wallet) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14] CHR Extension: (Gmail) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14] ==================== Services (Whitelisted) ================= R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com) S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider) R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed] R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.) S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-14] (SurfRight B.V.) R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company) R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed] S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed] R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed] R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed] R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2013-07-26] (ArcSoft, Inc.) R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed] ==================== Drivers (Whitelisted) ==================== R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-07-26] (Advanced Micro Devices, Inc.) R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2013-07-26] (ArcSoft, Inc.) R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company) R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-06-14] () R3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [92888 2014-06-14] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.) R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.) R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation) R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-14 18:08 - 2014-06-14 18:09 - 00020367 _____ () C:\Users\jrupert\Desktop\FRST.txt 2014-06-14 18:08 - 2014-06-14 18:08 - 00000000 ____D () C:\FRST 2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe 2014-06-14 17:50 - 2014-06-14 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-06-14 17:50 - 2014-06-14 17:50 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar 2014-06-14 17:41 - 2014-06-14 17:41 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-06-14 14:53 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-14 14:41 - 2014-06-14 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-14 14:40 - 2014-06-14 17:50 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-06-14 14:40 - 2014-06-14 17:49 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-14 14:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-06-14 14:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-09 15:48 - 2014-06-10 18:23 - 00037376 _____ () C:\windows\system32\tpjvh.wbi 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx 2014-05-24 10:54 - 2014-06-14 18:03 - 00000084 _____ () C:\windows\system32\optfi.uzj 2014-05-24 10:43 - 2014-06-10 18:23 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz 2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu 2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr 2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun 2014-05-22 16:19 - 2014-05-22 16:22 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp 2014-05-22 16:14 - 2014-05-22 16:15 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif 2014-05-19 07:36 - 2014-05-19 08:00 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015 2014-05-18 12:16 - 2014-05-18 14:30 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015 ==================== One Month Modified Files and Folders ======= 2014-06-14 18:10 - 2014-04-14 16:12 - 00000000 ____D () C:\Users\jrupert\AppData\Local\Temp 2014-06-14 18:09 - 2014-06-14 18:08 - 00020367 _____ () C:\Users\jrupert\Desktop\FRST.txt 2014-06-14 18:09 - 2013-12-08 14:14 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-14 18:08 - 2014-06-14 18:08 - 00000000 ____D () C:\FRST 2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe 2014-06-14 18:03 - 2014-05-24 10:54 - 00000084 _____ () C:\windows\system32\optfi.uzj 2014-06-14 18:02 - 2013-10-16 08:32 - 01379371 _____ () C:\windows\WindowsUpdate.log 2014-06-14 18:02 - 2012-04-24 16:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-06-14 17:51 - 2014-06-14 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-06-14 17:50 - 2014-06-14 17:50 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar 2014-06-14 17:50 - 2014-06-14 14:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-06-14 17:49 - 2014-06-14 14:40 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware 2014-06-14 17:41 - 2014-06-14 17:41 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro 2014-06-14 15:25 - 2014-06-14 14:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware 2014-06-14 15:00 - 2014-06-14 14:53 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe 2014-06-14 14:38 - 2014-04-14 18:21 - 00000000 ____D () C:\Users\jrupert\Documents\Bluetooth Folder 2014-06-14 13:47 - 2009-07-14 00:13 - 00786726 _____ () C:\windows\system32\PerfStringBackup.INI 2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan 2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan 2014-06-14 13:44 - 2013-10-16 09:09 - 00000000 ____D () C:\ProgramData\McAfee 2014-06-14 13:44 - 2012-04-24 16:56 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe 2014-06-14 13:44 - 2012-04-24 16:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-06-14 13:44 - 2012-04-24 16:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater 2014-06-14 13:44 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup 2014-06-14 13:41 - 2013-12-08 14:14 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-14 13:39 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-06-14 13:39 - 2009-07-13 23:51 - 00064951 _____ () C:\windows\setupact.log 2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe 2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java 2014-06-14 03:01 - 2014-04-14 16:13 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{27BB9FF6-E2B7-482F-B2C3-ACF4B1CDE0C8} 2014-06-12 12:24 - 2013-12-12 14:34 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-06-12 12:23 - 2014-04-17 12:32 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk 2014-06-10 18:23 - 2014-06-09 15:48 - 00037376 _____ () C:\windows\system32\tpjvh.wbi 2014-06-10 18:23 - 2014-05-24 10:43 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx 2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx 2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu 2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr 2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun 2014-05-22 16:22 - 2014-05-22 16:19 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp 2014-05-22 16:15 - 2014-05-22 16:14 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif 2014-05-19 08:00 - 2014-05-19 07:36 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015 2014-05-18 14:30 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015 Some content of TEMP: ==================== C:\Users\jrupert\AppData\Local\Temp\Extract.exe C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\jrupert\AppData\Local\Temp\SP64316.exe C:\Users\jrupert\AppData\Local\Temp\SP64639.exe C:\Users\jrupert\AppData\Local\Temp\SP64676.exe C:\Users\Owner\AppData\Local\Temp\uninstall.exe C:\Users\StephanieM\AppData\Local\Temp\Extract.exe C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll [2010-11-20 22:24] - [2010-11-20 22:24] - 0520192 ____A (Microsoft Corporation) 6BE8548CC4D44912BFA8B7818BD5E614 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected. C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 17:52 ==================== End Of Log ============================ And here is the addition log Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02 Ran by jrupert at 2014-06-14 18:12:45 Running from C:\Users\jrupert\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160} AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated) Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden AMD AVIVO64 Codecs (Version: 12.2.0.20708 - Advanced Micro Devices, Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{95AC3836-C8D1-6BE1-C4F0-101061A445E7}) (Version: 8.0.871.0 - Advanced Micro Devices, Inc.) AMD Media Foundation Decoders (Version: 1.0.70708.2225 - Advanced Micro Devices, Inc.) Hidden AMD Steady Video Plug-In (Version: 2.03.0000 - AMD) Hidden AMD USB 3.0 Device Detector (Version: 2.1.28.0 - Advanced Micro Devices, Inc.) Hidden AMD VISION Engine Control Center (x32 Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft) ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company) Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company) Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard) Evernote v. 4.6.5 (HKLM-x32\...\{F47455A0-B827-11E2-870C-984BE15F174E}) (Version: 4.6.5.8353 - Evernote Corp.) Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company) Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.) Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.) HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company) HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden HP Connection Manager (HKLM-x32\...\{8C18FA50-5107-473C-B2A2-A8A32B0791E6}) (Version: 4.5.29.1 - Hewlett-Packard Company) HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden HP Documentation (HKLM-x32\...\{2421482F-D125-4021-B835-B7D701E54308}) (Version: 1.1.1.0 - Hewlett-Packard) HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company) HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company) HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix) HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company) HP Postscript Converter (Version: 3.0.3384 - Hewlett-Packard) Hidden HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company) HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company) HP ProtectTools Security Manager (Version: 7.0.1.1199 - Hewlett-Packard Company) Hidden HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company) HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company) HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company) HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company) HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company) HP Support Solutions Framework (HKLM-x32\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company) HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company) HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company) IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT) Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle) Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.) Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Antimalware Service Multi-Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation) Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Security Client MUI Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden Pervasive PSQL v10 SP2 Client (32-bit) (HKLM-x32\...\Pervasive PSQL v10 SP2 Client (32-bit)) (Version: 10.20.034 - Pervasive Software) Pervasive PSQL v10 SP2 Client (32-bit) (x32 Version: 10.20.034 - Pervasive Software) Hidden Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications) Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros) Quantum Workstation (HKLM-x32\...\{A2D7D4A1-D1E4-11D5-908E-00201852A8A3}) (Version: - ) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek) SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden Skype™ 5.6 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.6.110 - Skype Technologies S.A.) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated) Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company) Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.) Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation) ==================== Restore Points ========================= 23-05-2014 02:00:34 Windows Update 26-05-2014 17:32:57 Windows Update 30-05-2014 17:32:23 Windows Update 03-06-2014 22:45:01 Windows Update 06-06-2014 23:19:40 Windows Update 10-06-2014 23:31:15 Windows Update 14-06-2014 18:22:43 Removed Java 6 Update 5 14-06-2014 18:37:13 Installed Java 7 Update 60 ==================== Hosts content: ========================== 2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0C81CA9C-2FE5-4514-86EB-CFE312C6C712} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {22421CEF-670D-4707-8E64-6E989367850E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {399AB1D1-BB58-4D77-8E4E-ED554C0244A2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {4081D07C-B5FC-498C-A6C8-7BD13C8030B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {6B0EE557-A3C9-4055-A593-588D3CDD8BF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.) Task: {6B14AB07-EE18-4D54-9ACA-9CC28CC85135} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company) Task: {7A692A1A-9046-4324-AB9F-C6460F6C5568} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-14] (Adobe Systems Incorporated) Task: {96BD8E27-F9F3-4DA3-8E8F-8DDD2D285F1A} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] () Task: {D821E7A7-4467-4694-A1D8-B5FAF840C5AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.) Task: {DA6B58FA-9D5E-48A3-BFE6-E3CF352AE522} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {DDE20845-D51B-4304-A435-5F2DC4E20ACF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: {E36DB129-8B15-4FFB-ADF2-FEDA1ACC9495} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation) Task: {E794721E-FF82-4C8E-977C-7F219694C926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-01-17 17:57 - 2012-01-17 17:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll 2013-03-27 13:11 - 2013-03-27 13:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll 2011-10-12 04:03 - 2011-10-12 04:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll 2010-09-06 14:18 - 2010-09-06 14:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll 2013-03-27 12:28 - 2013-03-27 12:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe 2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2012-02-10 16:26 - 2012-02-10 16:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll 2013-09-25 04:09 - 2013-09-25 04:09 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll 2012-05-04 18:42 - 2012-05-04 18:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll 2012-05-04 18:42 - 2012-05-04 18:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll 2012-07-09 00:24 - 2012-07-09 00:24 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll 2013-10-15 17:21 - 2013-07-26 02:10 - 00607744 _____ () C:\windows\system32\spool\DRIVERS\x64\3\JobCapsA.dll 2013-03-27 12:54 - 2013-03-27 12:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll 2013-03-27 12:26 - 2013-03-27 12:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll 2013-03-27 12:52 - 2013-03-27 12:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll 2013-03-27 12:57 - 2013-03-27 12:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll 2013-03-27 12:55 - 2013-03-27 12:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll 2013-03-27 12:30 - 2013-03-27 12:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll 2013-03-27 12:31 - 2013-03-27 12:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll 2013-06-05 11:35 - 2013-06-05 11:35 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll 2014-06-11 10:11 - 2014-06-05 08:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll 2014-06-11 10:11 - 2014-06-05 08:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll 2014-06-11 10:11 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll 2014-06-11 10:11 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll 2014-06-11 10:11 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/14/2014 01:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/14/2014 01:37:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: BFMGRAPHICS) Description: Application or service 'Java Update Checker' could not be shut down. Error: (06/14/2014 11:41:12 AM) (Source: SideBySide) (EventID: 72) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error: (06/13/2014 09:49:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (06/13/2014 08:32:50 AM) (Source: SideBySide) (EventID: 72) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error: (06/13/2014 02:15:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (06/12/2014 07:28:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (06/12/2014 00:30:58 AM) (Source: SideBySide) (EventID: 72) (User: ) Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3. The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows. Error: (06/11/2014 07:06:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: The specified server cannot perform the requested operation. . Error: (06/11/2014 07:06:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: This operation returned because the timeout period expired. . System errors: ============= Error: (06/14/2014 05:39:53 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain BFMGRAPHICS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (06/14/2014 03:10:37 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/14/2014 01:42:16 PM) (Source: TermService) (EventID: 1067) (User: ) Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . Error: (06/14/2014 01:41:27 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: BFMGRAPHICS) Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator. Error: (06/14/2014 01:39:33 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY) Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller). Error: (06/14/2014 01:39:32 PM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain BFMGRAPHICS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (06/14/2014 01:39:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: The Offline Files service terminated with the following error: %%3 Error: (06/14/2014 10:28:37 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain BFMGRAPHICS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Error: (06/14/2014 06:38:47 AM) (Source: TermService) (EventID: 1067) (User: ) Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted. . Error: (06/14/2014 06:28:12 AM) (Source: NETLOGON) (EventID: 5719) (User: ) Description: This computer was not able to set up a secure session with a domain controller in domain BFMGRAPHICS due to the following: %%1311 This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain. Microsoft Office Sessions: ========================= Error: (06/14/2014 01:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/14/2014 01:37:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: BFMGRAPHICS) Description: 1C:\Program Files (x86)\Java\jre1.6.0_01\bin\jucheck.exeJava Update Checker02117105560 Error: (06/14/2014 11:41:12 AM) (Source: SideBySide) (EventID: 72) (User: ) Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10 Error: (06/13/2014 09:49:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 90080108 Error: (06/13/2014 08:32:50 AM) (Source: SideBySide) (EventID: 72) (User: ) Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10 Error: (06/13/2014 02:15:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (06/12/2014 07:28:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80004005 Error: (06/12/2014 00:30:58 AM) (Source: SideBySide) (EventID: 72) (User: ) Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10 Error: (06/11/2014 07:06:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crtThe specified server cannot perform the requested operation. Error: (06/11/2014 07:06:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: ) Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crtThis operation returned because the timeout period expired. ==================== Memory info =========================== Percentage of memory in use: 57% Total physical RAM: 7628.11 MB Available physical RAM: 3241.84 MB Total Pagefile: 15254.41 MB Available Pagefile: 10056.35 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:681.22 GB) (Free:584.14 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32 Drive g: (HP_RECOVERY) (Fixed) (Total:15.12 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: C645CB67) Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=2 GB) - (Type=0C) ==================== End Of Log ============================