mbam is blocked by group policy

discountdave · May 19, 2014

mbam & avg is blocked by group policy on home computer running windows 7 home premium on hp pavillion

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-05-2014

Ran by sales (administrator) on SALES-HP on 19-05-2014 15:15:44

Running from C:\Users\sales\Downloads

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Normal

The only official download link for FRST:

Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(SafeNet Inc.) C:\Windows\System32\hasplms.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe

(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe

() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccsvchst.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe

(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

(eM Client, Inc.) C:\Program Files (x86)\eM Client\MailClient.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\HelpPane.exe

(Microsoft Corporation) C:\Windows\System32\msinfo32.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)

HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [brStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3695984 2011-03-25] (brother)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-10-10] (RealNetworks, Inc.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)

HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-22] (Hewlett-Packard)

HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Microsoft Security Client <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Microsoft Security Client <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION

HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION

HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3219499873-3863117877-1659397665-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22415552 2014-04-25] (Google)

HKU\S-1-5-21-3219499873-3863117877-1659397665-1000\...\Run: [GoogleChromeAutoLaunch_B05F03DC0BADD43A18C36E2CAEE9D05D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-05-07] (Google Inc.)

Startup: C:\Users\sales\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - {AFB4C2EE-E6B4-45F8-983B-3EEA297C39A3} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms}

SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3324790&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2D58BE89-04BD-4B70-A58A-D8009E09E230&q={searchTerms}&SSPV=SE1HB2_sp_ie

SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}

SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {AFB4C2EE-E6B4-45F8-983B-3EEA297C39A3} URL =

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =

SearchScopes: HKCU - {E3CB66A1-DC1D-4C5D-A952-5C008AB004EC} URL = https://www.google.com/search?q={searchTerms}

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File

DPF: HKLM-x32 {F3DCFC89-8C6E-4052-9176-B7806D188FD5} http://wm.automanager.com/WebResource.axd?d=OU2kPZmYQVFCB3iAIMGanOMYu642AGrSEtw6vWb6c3HFhRrQcW4azBo8vIxzLh-YEqEtDxOMe4ZFUrzASa0pZylv63ljvrYlCPFnl2j2dZ5crQs-6-X6eqQ-l-32JkAnWDcEwZadM8-O8TKeUK02qPR979NIUT1K35rdJuO44-BiHJXC1iQjS2_zzHLgGeZN0&t=634874661098189687

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Tcpip\..\Interfaces\{0F714F2C-A054-476E-B84D-3D93F2A851AA}: [NameServer]192.168.1.1

Tcpip\..\Interfaces\{1998C269-2064-46DD-B440-BE1539AE9E85}: [NameServer]8.8.8.8,8.8.4.4

FireFox:

========

FF ProfilePath: C:\Users\sales\AppData\Roaming\Mozilla\Firefox\Profiles\kx0vt4q3.default

FF Keyword.URL: hxxp://search.yahoo.com/search?fr=mcafee&type=A112US1&p=

FF DefaultSearchEngine: Secure Search

FF SearchEngineOrder.1: Secure Search

FF NewTab: about:newtab

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()

FF Plugin-x32: @ei.MapsGalaxy_39.com/Plugin - C:\Program Files (x86)\MapsGalaxy_39EI\Installr\1.bin\NP39EISB.dll No File

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)

FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)

FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml

FF Extension: XPS Signature Manager - C:\Users\sales\AppData\Roaming\Mozilla\Firefox\Profiles\kx0vt4q3.default\Extensions\{79D76C20-ED22-BC03-E7C9-067CA68FA429} [2013-10-16]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\

FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\IPSFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\

FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-12-01]

FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext

FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-10-10]

FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\

FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:

=======

CHR HomePage: https://www.google.com/

CHR StartupUrls: "hxxp://www.google.com/"

CHR Extension: (Google Docs) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-01]

CHR Extension: (Google Drive) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-01]

CHR Extension: (YouTube) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-01]

CHR Extension: (Google Search) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-01]

CHR Extension: (SiteAdvisor) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-03-06]

CHR Extension: (Lippl) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifnodpmljckfckbpbapkdabdpfcaglab [2014-03-07]

CHR Extension: (Skype Click to Call) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-04-10]

CHR Extension: (Google Wallet) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-01]

CHR Extension: (Gmail) - C:\Users\sales\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-01]

CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-11]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-01]

CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\Exts\Chrome.crx [2014-04-11]

==================== Services (Whitelisted) =================

S2 0109031400177958mcinstcleanup; C:\windows\TEMP\010903~1.EXE [827456 2012-01-09] (McAfee, Inc.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)

R2 hasplms; C:\windows\system32\hasplms.exe [4412872 2012-08-22] (SafeNet Inc.)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2014-04-18] (Intel Corporation)

R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-04-25] (McAfee, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)

R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)

R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)

R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()

==================== Drivers (Whitelisted) ====================

S3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [57088 2012-06-15] (SafeNet Inc.)

S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [296576 2012-06-15] (SafeNet Inc.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [237336 2014-04-18] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [192792 2014-03-27] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [236824 2014-03-27] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [324376 2014-03-27] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [130840 2014-03-31] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [32536 2014-03-27] (AVG Technologies CZ, s.r.o.)

S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\BASHDefs\20121005.002\BHDrvx64.sys [1385632 2012-10-05] (Symantec Corporation)

S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)

S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-09-26] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-09-27] (Symantec Corporation)

R2 hardlock; C:\windows\system32\drivers\hardlock.sys [321536 2011-09-28] (SafeNet Inc.)

S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\IPSDefs\20121027.001\IDSvia64.sys [513184 2012-09-26] (Symantec Corporation)

S4 LMIRfsClientNP; No ImagePath

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121027.007\ENG64.SYS [126112 2012-10-27] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.0.145\Definitions\VirusDefs\20121027.007\EX64.SYS [2084000 2012-10-27] (Symantec Corporation)

S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)

S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)

S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)

S3 SymDS; C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)

S3 SymEFA; C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)

S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-05-30] (Symantec Corporation)

R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [43640 2012-04-17] (Symantec Corporation)

S3 SymIRON; C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)

S3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)

S1 eubkqsfi; \??\C:\windows\system32\drivers\eubkqsfi.sys [X]

S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-05-19 15:15 - 2014-05-19 15:16 - 00029592 _____ () C:\Users\sales\Downloads\FRST.txt

2014-05-19 15:13 - 2014-05-19 15:15 - 00000000 ____D () C:\FRST

2014-05-19 15:07 - 2014-05-19 15:10 - 02067456 _____ (Farbar) C:\Users\sales\Downloads\FRST64.exe

2014-05-19 13:47 - 2014-05-19 13:47 - 00001181 _____ () C:\Users\sales\Downloads\Reset_Local_Group_Policy.vbs

2014-05-17 14:55 - 2014-05-17 14:55 - 00000000 ____D () C:\Users\sales\AppData\Roaming\dvdcss

2014-05-15 03:04 - 2014-05-06 00:40 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-05-15 03:04 - 2014-05-06 00:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-05-15 03:04 - 2014-05-05 23:25 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-05-15 03:04 - 2014-05-05 23:07 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-05-15 03:04 - 2014-05-05 23:00 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-05-15 03:04 - 2014-05-05 22:10 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-05-14 22:44 - 2014-05-09 02:14 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-05-14 22:44 - 2014-05-09 02:11 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-05-14 22:44 - 2014-04-11 22:22 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys

2014-05-14 22:44 - 2014-04-11 22:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys

2014-05-14 22:44 - 2014-04-11 22:19 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll

2014-05-14 22:44 - 2014-04-11 22:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll

2014-05-14 22:44 - 2014-04-11 22:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe

2014-05-14 22:44 - 2014-04-11 22:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll

2014-05-14 22:44 - 2014-04-11 22:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll

2014-05-14 22:44 - 2014-04-11 22:12 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll

2014-05-14 22:44 - 2014-04-11 22:10 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll

2014-05-14 22:44 - 2014-03-24 22:43 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll

2014-05-14 22:44 - 2014-03-24 22:09 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll

2014-05-14 22:44 - 2014-03-04 05:47 - 05550016 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe

2014-05-14 22:44 - 2014-03-04 05:44 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll

2014-05-14 22:44 - 2014-03-04 05:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll

2014-05-14 22:44 - 2014-03-04 05:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll

2014-05-14 22:44 - 2014-03-04 05:44 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll

2014-05-14 22:44 - 2014-03-04 05:44 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll

2014-05-14 22:44 - 2014-03-04 05:44 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll

2014-05-14 22:44 - 2014-03-04 05:44 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2014-05-14 22:44 - 2014-03-04 05:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll

2014-05-14 22:44 - 2014-03-04 05:43 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2014-05-14 22:44 - 2014-03-04 05:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll

2014-05-14 22:44 - 2014-03-04 05:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll

2014-05-14 22:44 - 2014-03-04 05:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll

2014-05-14 22:44 - 2014-03-04 05:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll

2014-05-14 22:44 - 2014-03-04 05:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll

2014-05-14 22:44 - 2014-03-04 05:43 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2014-05-14 22:44 - 2014-03-04 05:20 - 03969984 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe

2014-05-14 22:44 - 2014-03-04 05:20 - 03914176 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe

2014-05-14 22:44 - 2014-03-04 05:17 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll

2014-05-14 22:44 - 2014-03-04 05:17 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2014-05-14 22:44 - 2014-03-04 05:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll

2014-05-13 17:24 - 2014-05-15 03:21 - 00000112 _____ () C:\windows\setupact.log

2014-05-13 17:24 - 2014-05-13 17:24 - 00000000 _____ () C:\windows\setuperr.log

2014-05-12 16:34 - 2014-05-12 16:34 - 00000633 _____ () C:\Users\sales\Desktop\JRT.txt

2014-05-09 12:00 - 2014-05-07 14:17 - 00015185 _____ () C:\Users\sales\Documents\Work%20Plan%20DP.doc_0.odt

2014-05-09 12:00 - 2014-05-07 13:43 - 00025052 _____ () C:\Users\sales\Documents\Rambus%20-%20Quality%20Assurance%20Engineer%20-%20Brecksville,%20OH.doc_0.odt

2014-05-09 12:00 - 2014-05-02 19:45 - 00027454 _____ () C:\Users\sales\Documents\Means,%20Patrick.doc_0.odt

2014-05-06 03:01 - 2014-05-15 03:20 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-05-03 19:07 - 2014-05-10 19:13 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-02 11:04 - 2014-05-01 15:04 - 00021843 _____ () C:\Users\sales\Documents\NVIDIA%20-%20AUTOMOTIVE%20SALES%20DIRECTOR%20-%20Detroit,%20MI.doc_0.odt

2014-04-28 21:41 - 2014-04-28 21:41 - 00438608 _____ () C:\Users\sales\Downloads\9582606_Mazda_Protege_1994_1998_Service_Repair_Manual_Download_pdf.exe

2014-04-28 02:30 - 2014-04-28 02:12 - 00016236 _____ () C:\Users\sales\Documents\1998%20mazda%20protoge.doc_1.odt

2014-04-27 10:41 - 2014-04-27 10:41 - 00002223 _____ () C:\Users\sales\Desktop\HP Support Assistant.lnk

2014-04-27 10:36 - 2014-04-27 10:36 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

2014-04-27 10:35 - 2014-04-27 10:37 - 00000000 ____D () C:\Users\sales\AppData\Roaming\hpqLog

2014-04-26 19:46 - 2014-04-26 19:46 - 00000000 ____D () C:\Users\sales\AppData\Roaming\WinBatch

2014-04-26 19:22 - 2014-04-26 19:23 - 00000000 ____D () C:\Users\sales\AppData\Roaming\HP Support Assistant

2014-04-19 16:28 - 2014-05-17 10:41 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForsales

2014-04-19 16:28 - 2014-05-17 10:41 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForsales.job

2014-04-19 14:48 - 2014-04-19 17:56 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

2014-04-19 14:45 - 2014-04-18 11:56 - 00024204 _____ () C:\Users\sales\Documents\Dunlap,%20jeff.doc_0.odt

2014-04-19 14:44 - 2014-04-19 14:44 - 00000000 ____D () C:\Users\sales\AppData\Roaming\Intel Corporation

==================== One Month Modified Files and Folders =======

2014-05-19 15:16 - 2014-05-19 15:15 - 00029592 _____ () C:\Users\sales\Downloads\FRST.txt

2014-05-19 15:15 - 2014-05-19 15:13 - 00000000 ____D () C:\FRST

2014-05-19 15:10 - 2014-05-19 15:07 - 02067456 _____ (Farbar) C:\Users\sales\Downloads\FRST64.exe

2014-05-19 15:07 - 2013-12-01 16:43 - 00000896 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-05-19 15:07 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\tracing

2014-05-19 15:03 - 2012-09-07 11:10 - 00003926 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6B5BE219-52AB-490D-B260-BEC593AB5E1D}

2014-05-19 14:34 - 2014-03-26 16:05 - 01481066 _____ () C:\windows\WindowsUpdate.log

2014-05-19 14:18 - 2013-02-01 15:12 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-05-19 13:47 - 2014-05-19 13:47 - 00001181 _____ () C:\Users\sales\Downloads\Reset_Local_Group_Policy.vbs

2014-05-19 08:26 - 2014-03-06 22:19 - 00000000 ____D () C:\ProgramData\MFAData

2014-05-19 08:07 - 2013-12-01 16:43 - 00000892 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-05-17 19:11 - 2012-10-01 10:06 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log

2014-05-17 14:55 - 2014-05-17 14:55 - 00000000 ____D () C:\Users\sales\AppData\Roaming\dvdcss

2014-05-17 10:41 - 2014-04-19 16:28 - 00003186 _____ () C:\windows\System32\Tasks\HPCeeScheduleForsales

2014-05-17 10:41 - 2014-04-19 16:28 - 00000332 _____ () C:\windows\Tasks\HPCeeScheduleForsales.job

2014-05-15 14:43 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-05-15 14:43 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-05-15 14:19 - 2013-12-01 16:39 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-05-15 10:14 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache

2014-05-15 04:22 - 2012-05-30 12:37 - 00000000 ____D () C:\ProgramData\PDFC

2014-05-15 03:34 - 2014-03-08 00:01 - 00000000 ____D () C:\Users\sales\AppData\Roaming\eM Client

2014-05-15 03:33 - 2014-03-12 14:04 - 00000000 ___RD () C:\Users\sales\Google Drive

2014-05-15 03:33 - 2012-12-27 16:05 - 00000328 _____ () C:\windows\Brownie.ini

2014-05-15 03:33 - 2012-09-07 11:10 - 00000000 ___RD () C:\Users\sales\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-05-15 03:33 - 2012-09-07 11:10 - 00000000 ___RD () C:\Users\sales\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2014-05-15 03:28 - 2009-07-14 01:13 - 00783360 _____ () C:\windows\system32\PerfStringBackup.INI

2014-05-15 03:21 - 2014-05-13 17:24 - 00000112 _____ () C:\windows\setupact.log

2014-05-15 03:21 - 2012-09-07 17:34 - 01376256 _____ () C:\windows\system32\Ikeext.etl

2014-05-15 03:21 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-05-15 03:20 - 2014-05-06 03:01 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-05-15 03:03 - 2013-07-27 03:00 - 00000000 ____D () C:\windows\system32\MRT

2014-05-15 03:01 - 2012-10-23 15:50 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-05-14 16:12 - 2013-12-01 16:45 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk

2014-05-14 09:18 - 2013-02-01 15:12 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-05-14 09:18 - 2013-02-01 15:12 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-05-14 09:18 - 2012-05-30 12:33 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-05-13 18:33 - 2014-03-22 18:32 - 00000000 ____D () C:\Users\sales\Documents\eM Client

2014-05-13 17:24 - 2014-05-13 17:24 - 00000000 _____ () C:\windows\setuperr.log

2014-05-13 17:16 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF

2014-05-12 16:34 - 2014-05-12 16:34 - 00000633 _____ () C:\Users\sales\Desktop\JRT.txt

2014-05-12 16:21 - 2012-09-15 15:03 - 00000000 ____D () C:\Users\sales\AppData\Local\CrashDumps

2014-05-10 19:13 - 2014-05-03 19:07 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-05-10 12:23 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\LiveKernelReports

2014-05-09 02:14 - 2014-05-14 22:44 - 00477184 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-05-09 02:11 - 2014-05-14 22:44 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-05-08 08:02 - 2013-12-01 16:43 - 00003892 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-05-08 08:02 - 2013-12-01 16:43 - 00003640 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-05-07 14:17 - 2014-05-09 12:00 - 00015185 _____ () C:\Users\sales\Documents\Work%20Plan%20DP.doc_0.odt

2014-05-07 13:43 - 2014-05-09 12:00 - 00025052 _____ () C:\Users\sales\Documents\Rambus%20-%20Quality%20Assurance%20Engineer%20-%20Brecksville,%20OH.doc_0.odt

2014-05-06 00:40 - 2014-05-15 03:04 - 23544320 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-05-06 00:17 - 2014-05-15 03:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-05-05 23:25 - 2014-05-15 03:04 - 17382912 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-05-05 23:07 - 2014-05-15 03:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-05-05 23:00 - 2014-05-15 03:04 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-05-05 22:10 - 2014-05-15 03:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-05-05 20:04 - 2014-03-12 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive

2014-05-02 19:45 - 2014-05-09 12:00 - 00027454 _____ () C:\Users\sales\Documents\Means,%20Patrick.doc_0.odt

2014-05-01 15:04 - 2014-05-02 11:04 - 00021843 _____ () C:\Users\sales\Documents\NVIDIA%20-%20AUTOMOTIVE%20SALES%20DIRECTOR%20-%20Detroit,%20MI.doc_0.odt

2014-04-28 21:41 - 2014-04-28 21:41 - 00438608 _____ () C:\Users\sales\Downloads\9582606_Mazda_Protege_1994_1998_Service_Repair_Manual_Download_pdf.exe

2014-04-28 02:12 - 2014-04-28 02:30 - 00016236 _____ () C:\Users\sales\Documents\1998%20mazda%20protoge.doc_1.odt

2014-04-27 10:41 - 2014-04-27 10:41 - 00002223 _____ () C:\Users\sales\Desktop\HP Support Assistant.lnk

2014-04-27 10:41 - 2012-05-30 12:17 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-04-27 10:41 - 2012-05-30 12:16 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support

2014-04-27 10:41 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\Help

2014-04-27 10:37 - 2014-04-27 10:35 - 00000000 ____D () C:\Users\sales\AppData\Roaming\hpqLog

2014-04-27 10:37 - 2012-05-30 12:16 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard

2014-04-27 10:36 - 2014-04-27 10:36 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}

2014-04-27 10:35 - 2012-05-30 12:16 - 00000000 ____D () C:\ProgramData\Hewlett-Packard

2014-04-27 10:35 - 2011-02-11 12:32 - 00000000 ____D () C:\SWSETUP

2014-04-26 19:47 - 2012-05-30 12:39 - 00000000 ___RD () C:\Program Files\Online Services

2014-04-26 19:47 - 2012-05-30 12:25 - 00000000 ___RD () C:\Program Files (x86)\Online Services

2014-04-26 19:46 - 2014-04-26 19:46 - 00000000 ____D () C:\Users\sales\AppData\Roaming\WinBatch

2014-04-26 19:23 - 2014-04-26 19:22 - 00000000 ____D () C:\Users\sales\AppData\Roaming\HP Support Assistant

2014-04-26 19:23 - 2012-09-08 15:50 - 00000000 ____D () C:\Users\sales\AppData\Roaming\HpUpdate

2014-04-24 08:35 - 2014-03-31 08:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2014-04-19 17:56 - 2014-04-19 14:48 - 00000000 ____D () C:\ProgramData\AVG Security Toolbar

2014-04-19 16:28 - 2012-09-06 17:37 - 00000000 ____D () C:\Users\sales\AppData\Local\Hewlett-Packard

2014-04-19 14:44 - 2014-04-19 14:44 - 00000000 ____D () C:\Users\sales\AppData\Roaming\Intel Corporation

2014-04-19 03:02 - 2011-02-11 13:15 - 00775482 _____ () C:\windows\SysWOW64\PerfStringBackup.INI

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe

[2014-05-14 22:44] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-05-19 01:17

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-05-2014

Ran by sales at 2014-05-19 15:16:42

Running from C:\Users\sales\Downloads

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Microsoft Security Essentials (Disabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

AS: Microsoft Security Essentials (Disabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 4.0.0.1390 - Adobe Systems Incorporated)

Adobe AIR (x32 Version: 4.0.0.1390 - Adobe Systems Incorporated) Hidden

Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)

AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4570 - AVG Technologies)

AVG 2014 (Version: 14.0.3950 - AVG Technologies) Hidden

AVG 2014 (Version: 14.0.4570 - AVG Technologies) Hidden

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Belkin 54Mbps Wireless Network Adapter (HKLM-x32\...\{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}) (Version: 3.00.07 - Belkin)

Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden

Brother HL-3045CN (HKLM-x32\...\{440A8E8B-B234-45D7-A886-CF3C86327E1B}) (Version: 1.00 - Brother)

CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)

Celtx (2.9.7) (HKLM-x32\...\Celtx (2.9.7)) (Version: 2.9.7 (en-US) - Greyfirst)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden

Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden

eM Client (HKLM-x32\...\{ED4E91E9-8404-4931-BD72-0DFF3CF8B4A7}) (Version: 6.0.19861.0 - eM Client Inc.)

Email Extractor 14 1.0 (HKLM-x32\...\Email Extractor 14) (Version: 1.0 - Emailextractor14.com)

Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden

FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden

Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden

Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.4.1230 - DVDVideoSoft Ltd.)

GIMP 2.6.10 (HKLM-x32\...\WinGimp-2.0_is1) (Version: 2.6.10 - The GIMP Team)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)

Google Drive (HKLM-x32\...\{418BAAD1-754D-48B4-B078-46EF4F25AF42}) (Version: 1.15.6556.8063 - Google, Inc.)

Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden

gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden

HP Application Assistant (HKLM\...\{6032497A-4479-462B-ADB8-A0A372BB9A23}) (Version: 1.0.409.3882 - Hewlett-Packard)

HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden

HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)

HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden

HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)

HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden

HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)

HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)

HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)

HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.1.21091.0 - Hewlett-Packard Company)

HP MovieStore (x32 Version: 2.1.091 - Hewlett-Packard) Hidden

HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)

HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)

HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)

HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)

HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)

HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)

HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)

HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)

HP Update (HKLM-x32\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)

HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)

HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation)

Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2653 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)

Java 7 Update 9 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Klok 2 (HKLM-x32\...\Klok2.DD7F2188B985C2439837C76B42A187050457E61B.1) (Version: 2.5.9 - Mcgraphix, Inc.)

Klok 2 (x32 Version: 2.5.9 - Mcgraphix, Inc.) Hidden

LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)

LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden

Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)

McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.186 - McAfee, Inc.)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)

Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden

Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)

Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden

Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden

Mozilla Firefox 23.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 23.0.1 (x86 en-US)) (Version: 23.0.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0.1 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.9.0.9 - Symantec Corporation)

OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)

opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden

PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden

RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden

RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden

RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden

RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6531 - Realtek Semiconductor Corp.)

RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden

Recovery Manager (x32 Version: 5.5.0.5010 - CyberLink Corp.) Hidden

Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)

Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)

The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden

Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden

TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)

VSDC Free Video Editor version 2.1.1.66 (HKLM-x32\...\VSDC Free Video Editor_is1) (Version: 2.1.1.66 - Flash-Integro LLC)

Web Data Extractor 8.3 (HKLM-x32\...\{2D889173-0C85-4325-8EAE-E6B68BCA71B7}) (Version: 8.3.0.1 - spadixbd.com)

WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points =========================

09-05-2014 07:30:40 Windows Update

12-05-2014 16:09:10 Windows Update

12-05-2014 21:21:17 Removed Klok 2

15-05-2014 07:00:19 Windows Update

18-05-2014 07:32:42 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2014-03-26 20:19 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {4CB52D63-6BC7-481C-96E4-26BAC5132ECB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {4E9EFD7F-D9D6-42C0-9C0A-C8BF01468ED8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\WSCStub.exe [2012-09-26] (Symantec Corporation)

Task: {52E4B02A-7FD1-45BA-AF75-27F53CDA1484} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3219499873-3863117877-1659397665-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {6A2F99C1-4BB2-4BFB-8718-EDBC5C14F5CB} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)

Task: {78E50912-0EBC-49BD-A533-C63894153FAB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)

Task: {846A2131-AF58-447A-929B-BE41C93A8346} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3219499873-3863117877-1659397665-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)

Task: {9D4EB275-2ABB-4F9A-9D33-BDD2970095A2} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe [2012-02-03] (Symantec Corporation)

Task: {A0C370A8-521C-4766-9E13-81B01FBF744E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\SymErr.exe [2012-02-03] (Symantec Corporation)

Task: {A13C2988-20A5-4ED0-85D9-21225A174569} - System32\Tasks\eM Client Database Backup => C:\Program Files (x86)\eM Client\DbBackup.exe [2014-01-28] ()

Task: {AE581E60-48A4-41A2-ADDE-29FC51804EB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {B0271DD7-3BE5-480F-B841-F99926D0A464} - System32\Tasks\HPCeeScheduleForsales => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {B3086345-D93E-487B-B391-8EFB6A2ADCBB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01] (Google Inc.)

Task: {EDE7B8C5-B554-43AC-B841-CA8060C74B76} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)

Task: {F14F874F-9F36-4735-8D39-5B0BB3366CB7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)

Task: {FD736D05-A4FB-4DFB-84BA-E5A5A1B261D6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)

Task: {FFF11782-0CDD-4C3B-8DF6-CBC99F1BA025} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\HPCeeScheduleForsales.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

2014-04-18 07:24 - 2014-04-18 07:24 - 00172032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\84fda52f3b34f80a8c5056e859ca35c7\IsdiInterop.ni.dll

2014-04-18 07:23 - 2011-11-29 21:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2014-04-18 07:23 - 2014-04-18 07:22 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll

2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll

2012-08-10 16:50 - 2012-08-10 16:50 - 00136192 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxmlsec-mscrypto.dll

2012-08-10 16:50 - 2012-08-10 16:50 - 00303616 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxmlsec.dll

2014-05-15 03:33 - 2014-05-15 03:33 - 00098816 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32api.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00110080 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\pywintypes27.dll

2014-05-15 03:33 - 2014-05-15 03:33 - 00364544 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\pythoncom27.dll

2014-05-15 03:33 - 2014-05-15 03:33 - 00045568 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\_socket.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 01159680 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\_ssl.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00320512 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32com.shell.shell.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00713216 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\_hashlib.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 01175040 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._core_.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00805888 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._gdi_.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00811008 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._windows_.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 01062400 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._controls_.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00735232 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._misc_.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00128512 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\_elementtree.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00127488 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\pyexpat.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00557056 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\pysqlite2._sqlite.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00087552 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\_ctypes.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00119808 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32file.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00108544 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32security.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00018432 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32event.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00038912 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32inet.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00070656 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._html2.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00167936 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32gui.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00011264 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32crypt.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00027136 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\_multiprocessing.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00122368 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._wizard.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00010240 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\select.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00024064 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32pipe.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00686080 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\unicodedata.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00025600 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32pdh.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00525640 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\windows._lib_cacheinvalidation.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00035840 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32process.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00017408 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32profile.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00022528 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\win32ts.pyd

2014-05-15 03:33 - 2014-05-15 03:33 - 00078336 _____ () C:\Users\sales\AppData\Local\Temp\_MEI48522\wx._animate.pyd

2014-05-14 16:12 - 2014-05-07 19:29 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\chrome_elf.dll

2014-05-14 16:12 - 2014-05-07 19:29 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libglesv2.dll

2014-05-14 16:12 - 2014-05-07 19:29 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\libegl.dll

2014-05-14 16:12 - 2014-05-07 19:29 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\pdf.dll

2014-05-14 16:12 - 2014-05-07 19:29 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ppGoogleNaClPluginChrome.dll

2014-05-14 16:12 - 2014-05-07 19:29 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\ffmpegsumo.dll

2014-03-27 04:40 - 2014-03-27 04:40 - 00942592 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\HTMLEditorControl\939025ea468960cdae2e769a0a8da04c\HTMLEditorControl.ni.dll

2014-03-27 04:39 - 2014-03-27 04:39 - 00507904 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\MailClient.Mail\c8f81361d43933dee85ee08517409ee7\MailClient.Mail.ni.dll

2014-03-27 04:39 - 2014-03-27 04:39 - 00141824 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\MailClient.Collecti#\3d544a6508064472643819c14a5f089f\MailClient.Collections.ni.dll

2014-05-15 03:27 - 2014-05-15 03:27 - 04434432 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Exchange.#\6916ff38749fd22b00e60cd42d547347\Microsoft.Exchange.WebServices.ni.dll

2014-03-27 04:40 - 2014-03-27 04:40 - 00610304 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\MailClient.Common.UI\29fa3e636eb56e7caf46e75f3f778b8f\MailClient.Common.UI.ni.dll

2014-05-15 03:27 - 2014-05-15 03:27 - 00025600 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\MailClient.Interop\29d5927c9af519fb0e5a9f855572cabb\MailClient.Interop.ni.dll

2014-03-27 04:40 - 2014-03-27 04:40 - 01452032 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsAPICodePack\d251b4b88448ae0a68bc0b36cfd94df4\WindowsAPICodePack.ni.dll

2014-03-27 04:40 - 2014-03-27 04:40 - 00263680 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\MailClient.Imap.Base\8e6ab9816ab7e24fc82461b3934db083\MailClient.Imap.Base.ni.dll

2014-05-15 03:27 - 2014-05-15 03:27 - 00378880 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\RtfToHtml\01fc4f5c71d0caf01f232ae692c8121c\RtfToHtml.ni.dll

2014-03-27 04:39 - 2014-03-27 04:39 - 00584704 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\LinqBridge\136b68f4fd51480cbb7e3c356a9569fc\LinqBridge.ni.dll

2014-01-23 19:15 - 2014-01-23 19:15 - 00642016 _____ () C:\Program Files (x86)\eM Client\SQLite\x86\sqlite3.dll

2014-01-28 12:51 - 2014-01-28 12:51 - 00106496 _____ () C:\Program Files (x86)\eM Client\MailClient.XmlSerializers.dll

2014-03-27 04:39 - 2014-03-27 04:39 - 00081408 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\SystemCoreTimeZone\fd4469766fbf8ed0dff1471a8ba37401\SystemCoreTimeZone.ni.dll

2014-03-27 04:40 - 2014-03-27 04:40 - 00107008 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\MailClient.Sasl\bde70928ea0f42792712ad4ba2b54238\MailClient.Sasl.ni.dll

2014-03-27 04:40 - 2014-03-27 04:40 - 00366080 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\HtmlInterop\27a9e45b6221a150edf442b24711dc7d\HtmlInterop.ni.dll

2013-12-23 17:20 - 2013-12-23 17:20 - 00452096 _____ () C:\Program Files (x86)\eM Client\Hunspellx86.dll

2012-09-23 21:43 - 2012-09-23 21:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll

2012-12-18 15:08 - 2012-12-18 15:08 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll

2014-05-14 16:12 - 2014-05-07 19:29 - 13695816 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Epson Stylus NX510(Network) => C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\windows\TEMP\E_SCD44.tmp" /EF "HKCU"

MSCONFIG\startupreg: F5D7050v3 => C:\Program Files (x86)\Belkin\F5D7050v3\Belkinwcui.exe

MSCONFIG\startupreg: LogMeIn GUI => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe

==================== Faulty Device Manager Devices =============

Name: LogMeIn Kernel Information Provider

Description: LogMeIn Kernel Information Provider

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: LMIInfo

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Virtual WiFi Miniport Adapter #3

Description: Microsoft Virtual WiFi Miniport Adapter

Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}

Manufacturer: Microsoft

Service: vwifimp

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:

==================

Error: (05/13/2014 11:02:14 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: Information only.

(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

System errors:

=============

Error: (05/19/2014 08:50:43 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer WAYNE-HP

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1998C269-2064-46DD-B440-BE1539AE9E85}.

The master browser is stopping or an election is being forced.

Error: (05/16/2014 08:59:44 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer ABHI

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1998C269-2064-46DD-B440-BE1539AE9E85}.

The master browser is stopping or an election is being forced.

Error: (05/16/2014 10:35:37 AM) (Source: NetBT) (EventID: 4321) (User: )

Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.18.

The computer with the IP address 192.168.0.43 did not allow the name to be claimed by

this computer.

Error: (05/15/2014 03:21:57 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:

%%3

Error: (05/14/2014 01:15:03 AM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer MIKE1954

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{1998C269-2064-46DD-B440-BE1539AE9E85}.

The master browser is stopping or an election is being forced.

Error: (05/13/2014 07:03:35 PM) (Source: DCOM) (EventID: 10000) (User: )

Description: "c:\PROGRA~2\mcafee\SITEAD~1\saui.exe" -Embedding1260{601D72B9-326F-46CD-815E-12D5D15761BA}

Error: (05/13/2014 05:37:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )

Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.173.1946.0

Update Source: %NT AUTHORITY59

Update Stage: 4.5.0216.00

Source Path: 4.5.0216.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (05/13/2014 05:24:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:

%%3

Error: (05/13/2014 11:55:20 AM) (Source: DCOM) (EventID: 10000) (User: )

Description: "c:\PROGRA~2\mcafee\SITEAD~1\saui.exe" -Embedding1260{601D72B9-326F-46CD-815E-12D5D15761BA}

Error: (05/13/2014 10:51:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:

%%3

Microsoft Office Sessions:

=========================

Error: (05/13/2014 11:02:14 AM) (Source: CVHSVC) (EventID: 100) (User: )

Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved

CodeIntegrity Errors:

===================================

Date: 2014-03-26 20:17:06.272

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-26 20:17:06.203

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-11 05:16:31.804

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ce7170c.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-03-11 05:16:31.680

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\ce7170c.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Percentage of memory in use: 78%

Total physical RAM: 3980.15 MB

Available physical RAM: 849.73 MB

Total Pagefile: 8361.84 MB

Available Pagefile: 994.74 MB

Total Virtual: 8192 MB

Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.57 GB) (Free:852.28 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (HP_RECOVERY) (Fixed) (Total:16.72 GB) (Free:2.08 GB) NTFS

Drive e: (My DVD) (CDROM) (Total:2.19 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 932 GB) (Disk ID: C39A35F3)

Partition: GPT Partition Type.

==================== End Of Log ============================

Maniac · May 25, 2014

Hello discountdave! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
Make sure you read all of the instructions and fixes thoroughly before continuing with them.
Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.

Step 1

I notice that you are using more than one antivirus program.

AVG AntiVirus Free Edition 2014
Microsoft Security Essentials
Norton Internet Security
This is very dangerous, as multiple Antivirus programs can interfere with one another and actually allow more viruses to get through. It is important that only one antivirus program is running realtime protection. Please uninstall two of them and reboot your system.
Step 2
Note: Please do not run this tool without special supervision and instructions of someone authorized to do so. Otherwise, you could end up with serious problems. For more details, read this article: ComboFix usage, Questions, Help? - Look here
Please visit this webpage and read the ComboFix User's Guide:
- Once you've read the article and are ready to use the program you can download it directly from the link below.
- Important! - Please make sure you save combofix to your desktop and do not run it from your browser
- Direct download link for: ComboFix.exe
- Please make sure you disable your security applications before running ComboFix.
- Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
- Please copy/paste the contents or attach that log file to your next reply.
- If needed the file can be located here: C:\combofix.txt
- NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

discountdave · June 2, 2014

Thanks Borislav

removed AVG 2014 with AVG removal tool - group policy prevented

Removed Norton Antivirus out of factory period with Norton Removal tool

Norton Securities and Defender Disabled

downloaded and executed combofix.exe

here is the log

ComboFix 14-05-29.01 - sales 06/02/2014 7:01.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3980.2382 [GMT -4:00]

Running from: c:\users\sales\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\sales\AppData\Local\Temp\_MEI34882\_ctypes.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\_elementtree.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\_hashlib.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\_multiprocessing.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\_socket.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\_ssl.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\pyexpat.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\pysqlite2._sqlite.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\python27.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\pythoncom27.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\PyWinTypes27.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\select.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\unicodedata.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32api.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32com.shell.shell.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32crypt.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32event.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32file.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32gui.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32inet.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32pdh.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32pipe.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32process.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32profile.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32security.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\win32ts.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\windows._lib_cacheinvalidation.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._animate.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._controls_.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._core_.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._gdi_.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._html2.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._misc_.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._windows_.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wx._wizard.pyd

c:\users\sales\AppData\Local\Temp\_MEI34882\wxbase294u_net_vc90.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\wxbase294u_vc90.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\wxmsw294u_adv_vc90.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\wxmsw294u_core_vc90.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\wxmsw294u_html_vc90.dll

c:\users\sales\AppData\Local\Temp\_MEI34882\wxmsw294u_webview_vc90.dll

.

((((((((((((((((((((((((( Files Created from 2014-05-02 to 2014-06-02 )))))))))))))))))))))))))))))))

.

2014-05-31 19:28 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{43371695-8252-446E-886F-169529035AB8}\mpengine.dll

2014-05-30 18:24 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2014-05-29 18:01 . 2006-01-17 05:03 177152 ------w- c:\windows\system32\BrfxDA5a.dll

2014-05-29 17:59 . 2006-12-15 17:47 53760 ----a-w- c:\windows\SysWow64\brinsstr.dll

2014-05-29 17:59 . 2006-10-10 20:19 37376 ------w- c:\windows\SysWow64\Brnsplg.dll

2014-05-29 17:59 . 2006-08-09 18:08 55296 ------w- c:\windows\SysWow64\BrNetSti.dll

2014-05-29 17:59 . 2006-07-05 18:22 34816 ------w- c:\windows\SysWow64\BrWiaNCp.dll

2014-05-29 17:59 . 2014-05-29 17:59 -------- d-----w- C:\Brother

2014-05-29 17:59 . 2006-08-21 10:19 61440 ------w- c:\windows\SysWow64\BrMfNt.dll

2014-05-29 17:59 . 2006-04-13 21:12 163840 ------w- c:\windows\SysWow64\NSSearch.dll

2014-05-29 17:59 . 2004-12-10 20:35 147456 ----a-w- c:\windows\brunin03.dll

2014-05-29 17:59 . 2002-11-26 17:43 106496 ------w- c:\windows\SysWow64\BrMuSNMP.dll

2014-05-19 19:13 . 2014-05-19 19:18 -------- d-----w- C:\FRST

2014-05-17 18:55 . 2014-05-17 18:55 -------- d-----w- c:\users\sales\AppData\Roaming\dvdcss

2014-05-15 07:04 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll

2014-05-15 07:04 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll

2014-05-15 07:04 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb

2014-05-15 07:04 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb

2014-05-06 07:01 . 2014-05-15 07:20 -------- d-s---w- c:\windows\system32\CompatTel

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-05-15 07:01 . 2012-10-23 19:50 93223848 ----a-w- c:\windows\system32\MRT.exe

2014-05-14 13:18 . 2013-02-01 19:12 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-05-14 13:18 . 2012-05-30 16:33 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-18 11:22 . 2014-04-18 11:22 60184 ----a-w- c:\windows\system32\drivers\HECIx64.sys

2014-04-18 11:22 . 2012-05-30 16:19 15128 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll

2014-03-27 07:52 . 2014-03-27 07:52 194048 ----a-w- c:\windows\SysWow64\elshyph.dll

2014-03-27 07:52 . 2014-03-27 07:52 235008 ----a-w- c:\windows\system32\elshyph.dll

2014-03-27 07:52 . 2014-03-27 07:52 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe

2014-03-27 07:52 . 2014-03-27 07:52 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll

2014-03-27 07:52 . 2014-03-27 07:52 182272 ----a-w- c:\windows\SysWow64\msls31.dll

2014-03-27 07:52 . 2014-03-27 07:52 62464 ----a-w- c:\windows\SysWow64\tdc.ocx

2014-03-27 07:52 . 2014-03-27 07:52 337408 ----a-w- c:\windows\SysWow64\html.iec

2014-03-27 07:52 . 2014-03-27 07:52 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll

2014-03-27 07:52 . 2014-03-27 07:52 151552 ----a-w- c:\windows\SysWow64\iexpress.exe

2014-03-27 07:52 . 2014-03-27 07:52 139264 ----a-w- c:\windows\SysWow64\wextract.exe

2014-03-27 07:52 . 2014-03-27 07:52 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2014-03-27 07:52 . 2014-03-27 07:52 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll

2014-03-27 07:52 . 2014-03-27 07:52 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2014-03-27 07:52 . 2014-03-27 07:52 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll

2014-03-27 07:52 . 2014-03-27 07:52 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2014-03-27 07:52 . 2014-03-27 07:52 36352 ----a-w- c:\windows\SysWow64\imgutil.dll

2014-03-27 07:52 . 2014-03-27 07:52 13312 ----a-w- c:\windows\SysWow64\mshta.exe

2014-03-27 07:52 . 2014-03-27 07:52 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2014-03-27 07:52 . 2014-03-27 07:52 942592 ----a-w- c:\windows\system32\jsIntl.dll

2014-03-27 07:52 . 2014-03-27 07:52 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe

2014-03-27 07:52 . 2014-03-27 07:52 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2014-03-27 07:52 . 2014-03-27 07:52 247808 ----a-w- c:\windows\system32\msls31.dll

2014-03-27 07:52 . 2014-03-27 07:52 13312 ----a-w- c:\windows\system32\msfeedssync.exe

2014-03-27 07:52 . 2014-03-27 07:52 131072 ----a-w- c:\windows\system32\IEAdvpack.dll

2014-03-27 07:52 . 2014-03-27 07:52 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2014-03-27 07:52 . 2014-03-27 07:52 77312 ----a-w- c:\windows\system32\tdc.ocx

2014-03-27 07:52 . 2014-03-27 07:52 48640 ----a-w- c:\windows\system32\mshtmler.dll

2014-03-27 07:52 . 2014-03-27 07:52 105984 ----a-w- c:\windows\system32\iesysprep.dll

2014-03-27 07:52 . 2014-03-27 07:52 81408 ----a-w- c:\windows\system32\icardie.dll

2014-03-27 07:52 . 2014-03-27 07:52 616104 ----a-w- c:\windows\system32\ieapfltr.dat

2014-03-27 07:52 . 2014-03-27 07:52 413696 ----a-w- c:\windows\system32\html.iec

2014-03-27 07:52 . 2014-03-27 07:52 263376 ----a-w- c:\windows\system32\iedkcs32.dll

2014-03-27 07:52 . 2014-03-27 07:52 235520 ----a-w- c:\windows\system32\url.dll

2014-03-27 07:52 . 2014-03-27 07:52 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll

2014-03-27 07:52 . 2014-03-27 07:52 30208 ----a-w- c:\windows\system32\licmgr10.dll

2014-03-27 07:52 . 2014-03-27 07:52 243200 ----a-w- c:\windows\system32\webcheck.dll

2014-03-27 07:52 . 2014-03-27 07:52 167424 ----a-w- c:\windows\system32\iexpress.exe

2014-03-27 07:52 . 2014-03-27 07:52 143872 ----a-w- c:\windows\system32\wextract.exe

2014-03-27 07:52 . 2014-03-27 07:52 101376 ----a-w- c:\windows\system32\inseng.dll

2014-03-27 07:52 . 2014-03-27 07:52 83968 ----a-w- c:\windows\system32\MshtmlDac.dll

2014-03-27 07:52 . 2014-03-27 07:52 774144 ----a-w- c:\windows\system32\jscript.dll

2014-03-27 07:52 . 2014-03-27 07:52 62464 ----a-w- c:\windows\system32\pngfilt.dll

2014-03-27 07:52 . 2014-03-27 07:52 48128 ----a-w- c:\windows\system32\imgutil.dll

2014-03-27 07:52 . 2014-03-27 07:52 147968 ----a-w- c:\windows\system32\occache.dll

2014-03-27 07:52 . 2014-03-27 07:52 13824 ----a-w- c:\windows\system32\mshta.exe

2014-03-27 07:52 . 2014-03-27 07:52 135680 ----a-w- c:\windows\system32\iepeers.dll

2014-03-27 05:56 . 2014-03-12 09:28 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-03-27 00:28 . 2014-03-26 23:47 707354 ----a-w- c:\windows\unins000.exe

2014-03-26 22:30 . 2014-03-12 09:31 119000 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-03-14 01:09 . 2014-03-17 01:54 82920 ----a-w- c:\windows\SysWow64\mslvddsfilter2.ax

2014-03-11 13:52 . 2012-08-31 03:03 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2014-03-06 09:31 . 2014-04-11 07:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll

2014-03-06 08:59 . 2014-04-11 07:01 66048 ----a-w- c:\windows\system32\iesetup.dll

2014-03-06 08:57 . 2014-04-11 07:01 548352 ----a-w- c:\windows\system32\vbscript.dll

2014-03-06 08:57 . 2014-04-11 07:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll

2014-03-06 08:53 . 2014-04-11 07:01 2767360 ----a-w- c:\windows\system32\iertutil.dll

2014-03-06 08:40 . 2014-04-11 07:01 51200 ----a-w- c:\windows\system32\jsproxy.dll

2014-03-06 08:39 . 2014-04-11 07:01 33792 ----a-w- c:\windows\system32\iernonce.dll

2014-03-06 08:32 . 2014-04-11 07:01 574976 ----a-w- c:\windows\system32\ieui.dll

2014-03-06 08:29 . 2014-04-11 07:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe

2014-03-06 08:29 . 2014-04-11 07:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe

2014-03-06 08:28 . 2014-04-11 07:01 752640 ----a-w- c:\windows\system32\jscript9diag.dll

2014-03-06 08:15 . 2014-04-11 07:01 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2014-03-06 08:11 . 2014-04-11 07:00 5784064 ----a-w- c:\windows\system32\jscript9.dll

2014-03-06 08:09 . 2014-04-11 07:01 453120 ----a-w- c:\windows\system32\dxtmsft.dll

2014-03-06 08:03 . 2014-04-11 07:01 586240 ----a-w- c:\windows\system32\ie4uinit.exe

2014-03-06 08:02 . 2014-04-11 07:01 61952 ----a-w- c:\windows\SysWow64\iesetup.dll

2014-03-06 08:02 . 2014-04-11 07:01 455168 ----a-w- c:\windows\SysWow64\vbscript.dll

2014-03-06 08:01 . 2014-04-11 07:01 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll

2014-03-06 07:56 . 2014-04-11 07:01 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll

2014-03-06 07:48 . 2014-04-11 07:01 195584 ----a-w- c:\windows\system32\msrating.dll

2014-03-06 07:46 . 2014-04-11 07:00 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll

2014-03-06 07:42 . 2014-04-11 07:01 296960 ----a-w- c:\windows\system32\dxtrans.dll

2014-03-06 07:38 . 2014-04-11 07:01 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2014-03-06 07:36 . 2014-04-11 07:01 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll

2014-03-06 07:21 . 2014-04-11 07:01 628736 ----a-w- c:\windows\system32\msfeeds.dll

2014-03-06 07:13 . 2014-04-11 07:01 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll

2014-03-06 07:11 . 2014-04-11 07:01 2043904 ----a-w- c:\windows\system32\inetcpl.cpl

2014-03-06 06:53 . 2014-04-11 07:01 13551104 ----a-w- c:\windows\system32\ieframe.dll

2014-03-06 06:40 . 2014-04-11 07:01 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2014-03-06 06:22 . 2014-04-11 07:01 2260480 ----a-w- c:\windows\system32\wininet.dll

2014-03-06 05:58 . 2014-04-11 07:01 1400832 ----a-w- c:\windows\system32\urlmon.dll

2014-03-06 05:50 . 2014-04-11 07:01 846336 ----a-w- c:\windows\system32\ieapfltr.dll

2014-03-06 05:41 . 2014-04-11 07:01 1789440 ----a-w- c:\windows\SysWow64\wininet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]

"GoogleChromeAutoLaunch_B05F03DC0BADD43A18C36E2CAEE9D05D"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-05-13 860488]

"Installation Diagnostics"="c:\program files (x86)\Brother\Brmfl04g\Brinstck.exe" [2006-11-04 126976]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2011-03-25 3695984]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-12-21 959904]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-10-10 295512]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-11-30 284440]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]

.

c:\users\sales\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 eubkqsfi;eubkqsfi;c:\windows\system32\drivers\eubkqsfi.sys;c:\windows\SYSNATIVE\drivers\eubkqsfi.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]

R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]

S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]

S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]

S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x]

S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]

S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

S3 netr7364;Belkin Wireless 54G USB Network Adapter Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-05-22 23:10 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-01 13:18]

.

2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 20:43]

.

2014-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-12-01 20:43]

.

2014-05-30 c:\windows\Tasks\HPCeeScheduleForsales.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2014-04-25 14:03 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-21 170264]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-21 440600]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm

IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm

Trusted Zone: genieo.com\yahoo

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{0F714F2C-A054-476E-B84D-3D93F2A851AA}: NameServer = 192.168.1.1

TCP: Interfaces\{0F714F2C-A054-476E-B84D-3D93F2A851AA}\375737B696D296E6475627E65647: NameServer = 192.168.1.1

TCP: Interfaces\{1998C269-2064-46DD-B440-BE1539AE9E85}: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{1998C269-2064-46DD-B440-BE1539AE9E85}\5636F6E6F6D697: NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{1998C269-2064-46DD-B440-BE1539AE9E85}\5636F6E6F6D69713: NameServer = 8.8.8.8,8.8.4.4

DPF: {F3DCFC89-8C6E-4052-9176-B7806D188FD5} - hxxp://wm.automanager.com/WebResource.axd?d=OU2kPZmYQVFCB3iAIMGanOMYu642AGrSEtw6vWb6c3HFhRrQcW4azBo8vIxzLh-YEqEtDxOMe4ZFUrzASa0pZylv63ljvrYlCPFnl2j2dZ5crQs-6-X6eqQ-l-32JkAnWDcEwZadM8-O8TKeUK02qPR979NIUT1K35rdJuO44-BiHJXC1iQjS2_zzHLgGeZN0&t=634874661098189687

FF - ProfilePath - c:\users\sales\AppData\Roaming\Mozilla\Firefox\Profiles\kx0vt4q3.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&type=A112US1&p=

FF - ExtSQL: 2014-04-11 19:47; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi

FF - ExtSQL: 2014-05-22 14:02; {4ED1F68A-5463-4931-9384-8FFF5ED91D92}; c:\program files (x86)\McAfee\SiteAdvisor

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]

"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.13"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\windows\system32\hasplms.exe

c:\windows\SysWOW64\rundll32.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2014-06-02 07:28:04 - machine was rebooted

ComboFix-quarantined-files.txt 2014-06-02 11:27

.

Pre-Run: 915,510,501,376 bytes free

Post-Run: 915,254,685,696 bytes free

.

- - End Of File - - 54667D6A4C6FBB6F3B381CFF915EE916

Maniac · June 4, 2014

Please generate a new fresh FRST log file.

discountdave · June 5, 2014

here is the fresh FRST log file

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014

Ran by sales (administrator) on SALES-HP on 05-06-2014 12:08:13