Jump to content

riverdog1234

Members
 View Profile  See their activity

  • Posts

    5

  • Joined

  • Last visited

Reputation

0 Neutral
  1. riverdog1234
    Yes, all seems good now. I think we can consider this issue resolved. Thanks much for the help!
  2. riverdog1234
    Yes, machine did need to restart. Did so normally. Attached is fixlog.txt Fixlog.txt
  3. riverdog1234
    Thanks. Machine is running much better now. FRST.txt and Addition.txt logfiles are attached. Addition.txt FRST.txt
  4. riverdog1234
    Thanks. ComboFix log file is attached. ComboFix.txt
  5. riverdog1234
    Running MWB Premium. Getting continuous notifications regrading fffSee.com outbound. I Ran FRST. Here is FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014Ran by Patrick (administrator) on PATRICK_LAPTOP on 05-11-2014 10:47:27Running from C:\Users\Patrick\DesktopLoaded Profile: Patrick (Available profiles: Patrick)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Safe Mode (with Networking)Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2013-02-01] ()HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-01-23] (IDT, Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)HKLM\...\Run: [Hightail Sync Agent] => C:\Program Files (x86)\Hightail Desktop App\Hightail.exe [7107640 2014-02-25] (Hightail, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-07-03] (Synaptics Incorporated)HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-05-09] (Hewlett-Packard)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2013-01-23] (Intel Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [iFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2013-01-23] (Hewlett-Packard Company)HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [522736 2011-04-18] ()HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-12] (Google Inc.)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [Push Client] => C:\Users\Patrick\AppData\Local\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\MountPoints2: D - D:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\MountPoints2: {d726caa6-12d3-11e4-bff1-402cf4c4d9f1} - D:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\MountPoints2: {e53c125f-55a9-11e3-81bd-402cf4c4d9f1} - D:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecliStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDL MultiTerm 2011 Widget.lnkShortcutTarget: SDL MultiTerm 2011 Widget.lnk -> C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe (SDL)Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnkShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Patrick\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.nytimes.com/SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDFSearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDFSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDFSearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDFSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDFSearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDFBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/event/ieatgpc1.cabTcpip\Parameters: [DhcpNameServer] 24.92.226.11 24.92.226.12Tcpip\..\Interfaces\{E96F5685-C65F-4776-A433-E6FD5A090BE9}: [NameServer] 24.92.226.11,24.92.226.12 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Patrick\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExtFF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-23]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-01-27] Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No FileCHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-07-12]CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [File not signed]S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)S2 FortiSslvpnDaemon; C:\windows\SysWOW64\FortiSSLVPNdaemon.exe [866920 2012-02-07] (Fortinet Inc.)S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]S2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320512 2011-05-09] (Hewlett-Packard) [File not signed]S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)S2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)S2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-19] (Infineon Technologies AG)S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)S2 NalServ; C:\windows\SysWOW64\nalserv.exe [147056 2014-04-10] (Nalpeiron Ltd.)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)S2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)S2 SCPwrSetSvr; C:\windows\system32\SCPwrSetSvr.exe [99096 2014-04-18] ()S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2013-01-23] (IDT, Inc.) [File not signed]S2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2013-01-23] (ArcSoft, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2013-01-23] (ArcSoft, Inc.)S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-01-23] (JMicron Technology Corp.)S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [39936 2014-04-18] (Generic) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 10:47 - 2014-11-05 10:47 - 00024053 _____ () C:\Users\Patrick\Desktop\FRST.txt2014-11-05 10:47 - 2014-11-05 10:47 - 00000000 ____D () C:\FRST2014-11-05 10:46 - 2014-11-05 10:46 - 00509984 _____ () C:\windows\Minidump\110514-34413-01.dmp2014-11-05 10:43 - 2014-11-05 10:43 - 05591672 _____ (Swearware) C:\Users\Patrick\Desktop\ComboFix.exe2014-11-05 10:42 - 2014-11-05 10:42 - 02114560 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe2014-11-05 10:42 - 2014-11-05 10:42 - 01375089 _____ () C:\Users\Patrick\Desktop\AdwCleaner.exe2014-11-05 10:03 - 2014-11-05 10:03 - 00003288 ____N () C:\bootsqm.dat2014-11-05 10:00 - 2014-11-05 10:00 - 00000000 __SHD () C:\found.0002014-11-05 08:34 - 2014-11-05 10:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-11-05 08:33 - 2014-11-05 08:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-05 08:33 - 2014-11-05 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-05 08:33 - 2014-11-05 08:33 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-05 08:33 - 2014-11-05 08:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-05 08:33 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-11-05 08:33 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-11-05 08:33 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-11-05 06:04 - 2014-11-05 09:18 - 00000000 ____D () C:\ProgramData\BotoCava2014-11-05 06:02 - 2014-11-05 09:18 - 00000000 ____D () C:\ProgramData\DeybAdca2014-11-05 01:53 - 2014-11-05 09:18 - 00000000 ____D () C:\ProgramData\VekezVikxo2014-11-04 19:37 - 2014-11-05 08:10 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-21 09:50 - 2014-10-21 09:51 - 50837415 _____ () C:\Users\Patrick\Desktop\1.04_EM3_with_preserves.zip2014-10-21 09:45 - 2014-10-21 09:46 - 31726483 _____ () C:\Users\Patrick\Desktop\generic_update.zip2014-10-16 14:34 - 2014-10-16 14:45 - 00000000 ____D () C:\Users\Patrick\Desktop\LUX2014-10-15 08:11 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-10-15 08:11 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi2014-10-15 08:11 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi2014-10-15 08:11 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2014-10-15 08:11 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2014-10-15 08:11 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll2014-10-15 08:11 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll2014-10-15 08:11 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys2014-10-15 08:11 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll2014-10-15 08:11 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll2014-10-15 08:11 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll2014-10-15 08:11 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-10-15 08:11 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe2014-10-15 08:11 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe2014-10-15 08:11 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys2014-10-15 08:11 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll2014-10-15 08:11 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll2014-10-15 08:11 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll2014-10-15 08:11 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll2014-10-15 08:11 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll2014-10-15 08:11 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2014-10-15 08:11 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2014-10-15 08:11 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe2014-10-15 08:11 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe2014-10-15 08:11 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll2014-10-15 08:11 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll2014-10-15 08:11 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll2014-10-15 08:10 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-10-15 08:10 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2014-10-15 08:10 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-10-15 08:10 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-10-15 08:10 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-10-15 08:10 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-10-15 08:10 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-10-15 08:10 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-10-15 08:10 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-10-15 08:10 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-10-15 08:10 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-10-15 08:10 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-10-15 08:10 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-10-15 08:10 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-10-15 08:10 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-10-15 08:10 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-10-15 08:10 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-10-15 08:10 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-10-15 08:10 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-10-15 08:10 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-10-15 08:10 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-10-15 08:10 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-10-15 08:10 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-10-15 08:10 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-10-15 08:10 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-10-15 08:10 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-10-15 08:10 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-10-15 08:10 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-10-15 08:10 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-10-15 08:10 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-10-15 08:10 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-10-15 08:10 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-10-15 08:10 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-10-15 08:10 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-10-15 08:10 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-10-15 08:10 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-10-15 08:10 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-10-15 08:10 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-10-15 08:10 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-10-15 08:10 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-10-15 08:10 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-10-15 08:10 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-10-15 08:10 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-10-15 08:10 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-10-15 08:10 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-10-15 08:10 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-10-15 08:10 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-10-15 08:10 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-10-15 08:10 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-10-15 08:10 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-15 08:10 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-10-15 08:10 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-10-15 08:10 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-10-15 08:10 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-10-15 08:10 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-10-15 08:10 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-10-15 08:10 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-10-15 08:10 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-10-15 08:10 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-10-15 08:10 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll2014-10-15 08:10 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2014-10-15 08:10 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe2014-10-15 08:10 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe2014-10-15 08:10 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll2014-10-15 08:10 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2014-10-15 08:10 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll2014-10-15 08:10 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe2014-10-15 08:10 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll2014-10-15 08:10 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx2014-10-15 08:10 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll2014-10-15 08:10 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL2014-10-15 08:10 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll2014-10-15 08:10 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll2014-10-15 08:10 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll2014-10-15 08:10 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx2014-10-15 08:10 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll2014-10-15 08:10 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL2014-10-15 08:10 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe2014-10-15 08:10 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe2014-10-15 08:10 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll2014-10-15 08:09 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll2014-10-15 08:09 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll2014-10-15 08:09 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll2014-10-15 08:09 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll2014-10-15 08:09 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2014-10-15 08:09 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll2014-10-15 08:09 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll2014-10-15 08:09 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll2014-10-15 08:09 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe2014-10-15 08:09 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2014-10-15 08:09 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe2014-10-15 08:09 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll2014-10-15 08:09 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe2014-10-15 08:09 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-10-15 08:09 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll2014-10-15 08:09 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-10-15 08:09 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-10-15 08:09 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys2014-10-15 08:09 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys2014-10-15 08:08 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll2014-10-15 08:08 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll2014-10-12 09:09 - 2014-10-12 09:09 - 00002159 _____ () C:\Users\Public\Desktop\SDL Trados Studio 2011.lnk2014-10-07 08:50 - 2014-10-07 08:50 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 10:46 - 2014-09-13 09:52 - 561448986 _____ () C:\windows\MEMORY.DMP2014-11-05 10:46 - 2014-09-13 09:52 - 00000000 ____D () C:\windows\Minidump2014-11-05 10:45 - 2012-03-08 01:56 - 00205546 _____ () C:\windows\PFRO.log2014-11-05 10:44 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\LiveKernelReports2014-11-05 10:43 - 2012-03-08 01:19 - 01077790 _____ () C:\windows\WindowsUpdate.log2014-11-05 10:43 - 2009-07-14 00:13 - 00786622 _____ () C:\windows\system32\PerfStringBackup.INI2014-11-05 10:39 - 2013-01-21 22:34 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-05 10:36 - 2013-01-21 22:34 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-05 10:36 - 2011-03-06 17:20 - 00000000 ____D () C:\ProgramData\PDFC2014-11-05 10:35 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-11-05 10:35 - 2009-07-13 23:51 - 00080626 _____ () C:\windows\setupact.log2014-11-05 10:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Help2014-11-05 10:16 - 2009-07-13 23:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-05 10:16 - 2009-07-13 23:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-05 08:02 - 2013-02-12 23:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-11-05 07:53 - 2013-01-21 22:15 - 00000000 ____D () C:\Users\Patrick\Documents\Outlook Files2014-11-04 21:48 - 2013-01-22 21:42 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log2014-11-04 21:46 - 2013-02-19 21:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-11-04 20:03 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD2014-11-01 20:27 - 2013-01-23 11:57 - 00003198 _____ () C:\windows\System32\Tasks\HPCeeScheduleForPatrick2014-11-01 20:27 - 2013-01-23 11:57 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleForPatrick.job2014-10-30 06:25 - 2013-01-21 18:19 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe2014-10-22 10:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF2014-10-19 18:34 - 2013-01-21 22:34 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-19 18:34 - 2013-01-21 22:34 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-16 03:17 - 2013-01-22 01:46 - 00000000 ____D () C:\windows\rescache2014-10-16 02:35 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-10-16 02:33 - 2009-07-13 23:45 - 00457544 _____ () C:\windows\system32\FNTCACHE.DAT2014-10-16 02:30 - 2014-05-07 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism2014-10-16 02:11 - 2013-01-21 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-16 02:05 - 2013-08-11 02:00 - 00000000 ____D () C:\windows\system32\MRT2014-10-16 02:00 - 2013-01-25 17:22 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-10-13 16:58 - 2013-01-21 17:58 - 00003230 _____ () C:\windows\System32\Tasks\HPCeeScheduleForPATRICK_LAPTOP$2014-10-13 16:58 - 2013-01-21 17:58 - 00000354 _____ () C:\windows\Tasks\HPCeeScheduleForPATRICK_LAPTOP$.job2014-10-07 08:50 - 2013-01-21 18:00 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Adobe Files to move or delete:====================C:\Users\Patrick\gotomypc_280.exeC:\Users\Patrick\gotomypc_626.exeC:\Users\Patrick\gotomypc_635.exe Some content of TEMP:====================C:\Users\Patrick\AppData\Local\Temp\1vi7f-5c.dllC:\Users\Patrick\AppData\Local\Temp\6uwe7vr0.dllC:\Users\Patrick\AppData\Local\Temp\AtpTimerInfo.dllC:\Users\Patrick\AppData\Local\Temp\Extract.exeC:\Users\Patrick\AppData\Local\Temp\HPHelpUpdater.exeC:\Users\Patrick\AppData\Local\Temp\LiveUpdater.exeC:\Users\Patrick\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Patrick\AppData\Local\Temp\Resource.exeC:\Users\Patrick\AppData\Local\Temp\SP52308.exeC:\Users\Patrick\AppData\Local\Temp\SP52407.exeC:\Users\Patrick\AppData\Local\Temp\SP52437.exeC:\Users\Patrick\AppData\Local\Temp\SP52509.exeC:\Users\Patrick\AppData\Local\Temp\SP52637.exeC:\Users\Patrick\AppData\Local\Temp\SP52641.exeC:\Users\Patrick\AppData\Local\Temp\SP53227.exeC:\Users\Patrick\AppData\Local\Temp\SP53380.exeC:\Users\Patrick\AppData\Local\Temp\SP53394.exeC:\Users\Patrick\AppData\Local\Temp\SP53451.exeC:\Users\Patrick\AppData\Local\Temp\SP53526.exeC:\Users\Patrick\AppData\Local\Temp\SP53918.exeC:\Users\Patrick\AppData\Local\Temp\SP54203.exeC:\Users\Patrick\AppData\Local\Temp\SP54317.exeC:\Users\Patrick\AppData\Local\Temp\SP54841.exeC:\Users\Patrick\AppData\Local\Temp\SP54922.exeC:\Users\Patrick\AppData\Local\Temp\SP55182.exeC:\Users\Patrick\AppData\Local\Temp\SP56395.exeC:\Users\Patrick\AppData\Local\Temp\SP56689.exeC:\Users\Patrick\AppData\Local\Temp\SP56729.exeC:\Users\Patrick\AppData\Local\Temp\SP56811.exeC:\Users\Patrick\AppData\Local\Temp\SP56988.exeC:\Users\Patrick\AppData\Local\Temp\SP57014.exeC:\Users\Patrick\AppData\Local\Temp\SP57495.exeC:\Users\Patrick\AppData\Local\Temp\SP57498.exeC:\Users\Patrick\AppData\Local\Temp\SP57555.exeC:\Users\Patrick\AppData\Local\Temp\SP57556.exeC:\Users\Patrick\AppData\Local\Temp\SP58116.exeC:\Users\Patrick\AppData\Local\Temp\SP58268.exeC:\Users\Patrick\AppData\Local\Temp\SP58778.exeC:\Users\Patrick\AppData\Local\Temp\SP58782.exeC:\Users\Patrick\AppData\Local\Temp\sp58915.exeC:\Users\Patrick\AppData\Local\Temp\SP59033.exeC:\Users\Patrick\AppData\Local\Temp\SP59043.exeC:\Users\Patrick\AppData\Local\Temp\SP59202.exeC:\Users\Patrick\AppData\Local\Temp\SP59213.exeC:\Users\Patrick\AppData\Local\Temp\SP59291.exeC:\Users\Patrick\AppData\Local\Temp\SP59339.exeC:\Users\Patrick\AppData\Local\Temp\SP59346.exeC:\Users\Patrick\AppData\Local\Temp\SP59426.exeC:\Users\Patrick\AppData\Local\Temp\SP60365.exeC:\Users\Patrick\AppData\Local\Temp\SP60686.exeC:\Users\Patrick\AppData\Local\Temp\SP60775.exeC:\Users\Patrick\AppData\Local\Temp\SP61138.exeC:\Users\Patrick\AppData\Local\Temp\SP61823.exeC:\Users\Patrick\AppData\Local\Temp\SP62357.exeC:\Users\Patrick\AppData\Local\Temp\SP62449.exeC:\Users\Patrick\AppData\Local\Temp\SP62738.exeC:\Users\Patrick\AppData\Local\Temp\SP63565.exeC:\Users\Patrick\AppData\Local\Temp\SP63779.exeC:\Users\Patrick\AppData\Local\Temp\sp64126.exeC:\Users\Patrick\AppData\Local\Temp\SP64284.exeC:\Users\Patrick\AppData\Local\Temp\SP64287.exeC:\Users\Patrick\AppData\Local\Temp\SP64757.exeC:\Users\Patrick\AppData\Local\Temp\SP65266.exeC:\Users\Patrick\AppData\Local\Temp\SP66111.exeC:\Users\Patrick\AppData\Local\Temp\UninstallHPSA.exeC:\Users\Patrick\AppData\Local\Temp\UninstallHPTCA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 11:43 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.