Streaming ads in background, IP being blocked but still plays

jakerupe · June 14, 2014

Malware bytes does not find the problem but the mailicious site blocekr is popoing up stopping things outbound.

one is hoeger.biz.

Anyway I ran FARBAR and here is the FRST log

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by jrupert (administrator) on LAPTOP19 on 14-06-2014 18:08:29
Running from C:\Users\jrupert\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(SurfRight B.V.) C:\Users\jrupert\Downloads\Spy Ware\HitmanPro_x64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes Corp.) C:\Users\jrupert\Downloads\Spy Ware\mbar-1.07.0.1012.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Malwarebytes Corporation) C:\Users\jrupert\Desktop\mbar\mbar.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-12-27] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630952 2012-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-21] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-10-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-3519878213-2112013395-2533214694-1142\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
HKU\S-1-5-21-3519878213-2112013395-2533214694-1142-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [sUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [6564120 2014-06-04] (SUPERAntiSpyware)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (McAfee Security Scan+) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-06-14]
CHR Extension: (Google Search) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Grepolis Report Converter) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eediamimojgbnjfaalcnlonenfdcogop [2014-04-15]
CHR Extension: (Google Wallet) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-14] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2013-07-26] (ArcSoft, Inc.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-07-26] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2013-07-26] (ArcSoft, Inc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 hitmanpro37; C:\windows\system32\drivers\hitmanpro37.sys [32512 2014-06-14] ()
R3 mbamchameleon; C:\windows\system32\drivers\mbamchameleon.sys [92888 2014-06-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-14 18:08 - 2014-06-14 18:09 - 00020367 _____ () C:\Users\jrupert\Desktop\FRST.txt
2014-06-14 18:08 - 2014-06-14 18:08 - 00000000 ____D () C:\FRST
2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe
2014-06-14 17:50 - 2014-06-14 17:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-14 17:50 - 2014-06-14 17:50 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar
2014-06-14 17:41 - 2014-06-14 17:41 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 14:53 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-14 14:41 - 2014-06-14 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-14 14:40 - 2014-06-14 17:50 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-14 14:40 - 2014-06-14 17:49 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-14 14:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-14 14:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-09 15:48 - 2014-06-10 18:23 - 00037376 _____ () C:\windows\system32\tpjvh.wbi
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx
2014-05-24 10:54 - 2014-06-14 18:03 - 00000084 _____ () C:\windows\system32\optfi.uzj
2014-05-24 10:43 - 2014-06-10 18:23 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz
2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu
2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr
2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun
2014-05-22 16:19 - 2014-05-22 16:22 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp
2014-05-22 16:14 - 2014-05-22 16:15 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif
2014-05-19 07:36 - 2014-05-19 08:00 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015
2014-05-18 12:16 - 2014-05-18 14:30 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015

==================== One Month Modified Files and Folders =======

2014-06-14 18:10 - 2014-04-14 16:12 - 00000000 ____D () C:\Users\jrupert\AppData\Local\Temp
2014-06-14 18:09 - 2014-06-14 18:08 - 00020367 _____ () C:\Users\jrupert\Desktop\FRST.txt
2014-06-14 18:09 - 2013-12-08 14:14 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 18:08 - 2014-06-14 18:08 - 00000000 ____D () C:\FRST
2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe
2014-06-14 18:03 - 2014-05-24 10:54 - 00000084 _____ () C:\windows\system32\optfi.uzj
2014-06-14 18:02 - 2013-10-16 08:32 - 01379371 _____ () C:\windows\WindowsUpdate.log
2014-06-14 18:02 - 2012-04-24 16:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 17:51 - 2014-06-14 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-14 17:50 - 2014-06-14 17:50 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar
2014-06-14 17:50 - 2014-06-14 14:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-14 17:49 - 2014-06-14 14:40 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware
2014-06-14 17:41 - 2014-06-14 17:41 - 00032512 _____ () C:\windows\system32\Drivers\hitmanpro37.sys
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-14 15:25 - 2014-06-14 14:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 15:00 - 2014-06-14 14:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-14 14:38 - 2014-04-14 18:21 - 00000000 ____D () C:\Users\jrupert\Documents\Bluetooth Folder
2014-06-14 13:47 - 2009-07-14 00:13 - 00786726 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-14 13:44 - 2013-10-16 09:09 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-14 13:44 - 2012-04-24 16:56 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-14 13:44 - 2012-04-24 16:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-14 13:44 - 2012-04-24 16:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-14 13:44 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-14 13:41 - 2013-12-08 14:14 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 13:39 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-14 13:39 - 2009-07-13 23:51 - 00064951 _____ () C:\windows\setupact.log
2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 03:01 - 2014-04-14 16:13 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{27BB9FF6-E2B7-482F-B2C3-ACF4B1CDE0C8}
2014-06-12 12:24 - 2013-12-12 14:34 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-12 12:23 - 2014-04-17 12:32 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-06-10 18:23 - 2014-06-09 15:48 - 00037376 _____ () C:\windows\system32\tpjvh.wbi
2014-06-10 18:23 - 2014-05-24 10:43 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx
2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu
2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr
2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun
2014-05-22 16:22 - 2014-05-22 16:19 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp
2014-05-22 16:15 - 2014-05-22 16:14 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif
2014-05-19 08:00 - 2014-05-19 07:36 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015
2014-05-18 14:30 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015

Some content of TEMP:
====================
C:\Users\jrupert\AppData\Local\Temp\Extract.exe
C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe
C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\jrupert\AppData\Local\Temp\SP64316.exe
C:\Users\jrupert\AppData\Local\Temp\SP64639.exe
C:\Users\jrupert\AppData\Local\Temp\SP64676.exe
C:\Users\Owner\AppData\Local\Temp\uninstall.exe
C:\Users\StephanieM\AppData\Local\Temp\Extract.exe
C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe
C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe
C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe
C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe
C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe
C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe
C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0520192 ____A (Microsoft Corporation) 6BE8548CC4D44912BFA8B7818BD5E614

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 17:52

==================== End Of Log ============================

And here is the addition log

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by jrupert at 2014-06-14 18:12:45
Running from C:\Users\jrupert\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {108DAC43-C256-20B7-BB05-914135DA5160}
AS: Microsoft Security Essentials (Enabled - Up to date) {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 15.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.2.0.20708 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{95AC3836-C8D1-6BE1-C4F0-101061A445E7}) (Version: 8.0.871.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70708.2225 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In (Version: 2.03.0000 - AMD) Hidden
AMD USB 3.0 Device Detector (Version: 2.1.28.0 - Advanced Micro Devices, Inc.) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.42 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.61.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.39 - ArcSoft)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0708.2229.38439 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0708.2230.38439 - Advanced Micro Devices, Inc.) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 7.1.2.0 - Hewlett-Packard Company)
Drive Encryption For HP ProtectTools (HKLM\...\{27F1E086-5691-4EB8-8BA1-5CBA87D67EB5}) (Version: 7.0.41.36204 - Hewlett-Packard Company)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Evernote v. 4.6.5 (HKLM-x32\...\{F47455A0-B827-11E2-870C-984BE15F174E}) (Version: 4.6.5.8353 - Evernote Corp.)
Face Recognition for HP ProtectTools (HKLM\...\Face Recognition for HP ProtectTools) (Version: 7.2.1.4548 - Hewlett-Packard Company)
Face Recognition for HP ProtectTools (Version: 7.2.1.4548 - Hewlett-Packard Company) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.216 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{5B4F3B85-83F0-4BBF-9052-7A38B6B09634}) (Version: 5.0.8.0 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Connection Manager (HKLM-x32\...\{8C18FA50-5107-473C-B2A2-A8A32B0791E6}) (Version: 4.5.29.1 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{2421482F-D125-4021-B835-B7D701E54308}) (Version: 1.1.1.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP File Sanitizer (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 8.1.1.1 - Hewlett-Packard Company)
HP HD Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 6.0.1113.1_WHQL - Sonix)
HP Hotkey Support (HKLM-x32\...\{7F7E2060-7212-4A53-9875-55173E4BA3F0}) (Version: 5.0.21.1 - Hewlett-Packard Company)
HP Postscript Converter (Version: 3.0.3384 - Hewlett-Packard) Hidden
HP Power Assistant (HKLM\...\{84642787-58C0-44AE-8B26-E2F544E380A1}) (Version: 2.5.0.16 - Hewlett-Packard Company)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 7.0.1.1199 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 7.0.1.1199 - Hewlett-Packard Company) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15453.4066 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{FE465061-894A-4023-8580-56FCDD4F23F9}) (Version: 3.4.4.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{658A8756-7B1E-44FD-A434-D777DD906232}) (Version: 8.5.2.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{81E14A67-42ED-4DD0-AE08-366FE3D3102E}) (Version: 11.50.0012 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 3.0.0.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6402.0 - IDT)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.76.1 - JMicron Technology Corp.)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Antimalware Service Multi-Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Client (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Client MUI Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 2.1.1116.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pervasive PSQL v10 SP2 Client (32-bit) (HKLM-x32\...\Pervasive PSQL v10 SP2 Client (32-bit)) (Version: 10.20.034 - Pervasive Software)
Pervasive PSQL v10 SP2 Client (32-bit) (x32 Version: 10.20.034 - Pervasive Software) Hidden
Privacy Manager for HP ProtectTools (HKLM\...\{29AB47F0-C5A3-401F-8A84-3324F2DC8E46}) (Version: 7.0.1.892 - Hewlett-Packard Company)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Quantum Workstation (HKLM-x32\...\{A2D7D4A1-D1E4-11D5-908E-00201852A8A3}) (Version: - )
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.58.411.2012 - Realtek)
SDK (x32 Version: 2.30.042 - Portrait Displays, Inc.) Hidden
Skype™ 5.6 (HKLM-x32\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.6.110 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1026 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{10F5A72A-1E07-4FAE-A7E7-14B10CC66B17}) (Version: 7.0.0.10 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 7.0.0.10 - Hewlett-Packard Company) Hidden
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
Windows Small Business Server 2011 Standard ClientAgent (HKLM\...\{5C72F8A3-BF39-4733-B41E-0ED7EF622E37}) (Version: 6.1.7900.1 - Microsoft Corporation)

==================== Restore Points =========================

23-05-2014 02:00:34 Windows Update
26-05-2014 17:32:57 Windows Update
30-05-2014 17:32:23 Windows Update
03-06-2014 22:45:01 Windows Update
06-06-2014 23:19:40 Windows Update
10-06-2014 23:31:15 Windows Update
14-06-2014 18:22:43 Removed Java 6 Update 5
14-06-2014 18:37:13 Installed Java 7 Update 60

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0C81CA9C-2FE5-4514-86EB-CFE312C6C712} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {22421CEF-670D-4707-8E64-6E989367850E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {399AB1D1-BB58-4D77-8E4E-ED554C0244A2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {4081D07C-B5FC-498C-A6C8-7BD13C8030B3} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {6B0EE557-A3C9-4055-A593-588D3CDD8BF6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {6B14AB07-EE18-4D54-9ACA-9CC28CC85135} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {7A692A1A-9046-4324-AB9F-C6460F6C5568} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-14] (Adobe Systems Incorporated)
Task: {96BD8E27-F9F3-4DA3-8E8F-8DDD2D285F1A} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\Dependencies\RemEngine.exe [2012-03-21] ()
Task: {D821E7A7-4467-4694-A1D8-B5FAF840C5AD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-08] (Google Inc.)
Task: {DA6B58FA-9D5E-48A3-BFE6-E3CF352AE522} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DDE20845-D51B-4304-A435-5F2DC4E20ACF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {E36DB129-8B15-4FFB-ADF2-FEDA1ACC9495} - System32\Tasks\Microsoft\Microsoft Antimalware\MP Scheduled Scan => c:\Program Files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27] (Microsoft Corporation)
Task: {E794721E-FF82-4C8E-977C-7F219694C926} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-01-17 17:57 - 2012-01-17 17:57 - 00298368 _____ () C:\Program Files\Hewlett-Packard\Pre-Boot Security for HP ProtectTools\BIOSDomainPlugin.dll
2013-03-27 13:11 - 2013-03-27 13:11 - 03346432 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-10-12 04:03 - 2011-10-12 04:03 - 00213328 _____ () C:\windows\system32\PassThroughOTP.dll
2010-09-06 14:18 - 2010-09-06 14:18 - 01412608 _____ () C:\windows\system32\LIBEAY32.dll
2013-03-27 12:28 - 2013-03-27 12:28 - 01327104 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2012-02-10 16:26 - 2012-02-10 16:26 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2013-09-25 04:09 - 2013-09-25 04:09 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-05-04 18:42 - 2012-05-04 18:42 - 00098304 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-05-04 18:42 - 2012-05-04 18:42 - 00028672 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResources.dll
2012-07-09 00:24 - 2012-07-09 00:24 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-10-15 17:21 - 2013-07-26 02:10 - 00607744 _____ () C:\windows\system32\spool\DRIVERS\x64\3\JobCapsA.dll
2013-03-27 12:54 - 2013-03-27 12:54 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2013-03-27 12:26 - 2013-03-27 12:26 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2013-03-27 12:52 - 2013-03-27 12:52 - 03035136 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2013-03-27 12:57 - 2013-03-27 12:57 - 02867200 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2013-03-27 12:55 - 2013-03-27 12:55 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2013-03-27 12:30 - 2013-03-27 12:30 - 02043904 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2013-03-27 12:31 - 2013-03-27 12:31 - 01949696 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2013-06-05 11:35 - 2013-06-05 11:35 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-06-11 10:11 - 2014-06-05 08:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 10:11 - 2014-06-05 08:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 10:11 - 2014-06-05 08:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 10:11 - 2014-06-05 08:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 10:11 - 2014-06-05 08:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2014 01:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 01:37:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: BFMGRAPHICS)
Description: Application or service 'Java Update Checker' could not be shut down.

Error: (06/14/2014 11:41:12 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (06/13/2014 09:49:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (06/13/2014 08:32:50 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (06/13/2014 02:15:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/12/2014 07:28:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/12/2014 00:30:58 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: Activation context generation failed for "imaging1".Error in manifest or policy file "imaging2" on line imaging3.
The element imaging appears as a child of element urn:schemas-microsoft-com:asm.v1^assembly which is not supported by this version of Windows.

Error: (06/11/2014 07:06:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: The specified server cannot perform the requested operation.
.

Error: (06/11/2014 07:06:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: Failed auto update retrieval of third-party root certificate from: <http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crt> with error: This operation returned because the timeout period expired.
.

System errors:
=============
Error: (06/14/2014 05:39:53 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BFMGRAPHICS due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/14/2014 03:10:37 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (06/14/2014 01:42:16 PM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (06/14/2014 01:41:27 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: BFMGRAPHICS)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.

Error: (06/14/2014 01:39:33 PM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (06/14/2014 01:39:32 PM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BFMGRAPHICS due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/14/2014 01:39:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Offline Files service terminated with the following error:
%%3

Error: (06/14/2014 10:28:37 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BFMGRAPHICS due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/14/2014 06:38:47 AM) (Source: TermService) (EventID: 1067) (User: )
Description: The terminal server cannot register 'TERMSRV' Service Principal Name to be used for server authentication. The following error occured: The specified domain either does not exist or could not be contacted.
.

Error: (06/14/2014 06:28:12 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain BFMGRAPHICS due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Microsoft Office Sessions:
=========================
Error: (06/14/2014 01:39:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (06/14/2014 01:37:02 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: BFMGRAPHICS)
Description: 1C:\Program Files (x86)\Java\jre1.6.0_01\bin\jucheck.exeJava Update Checker02117105560

Error: (06/14/2014 11:41:12 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (06/13/2014 09:49:39 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (06/13/2014 08:32:50 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (06/13/2014 02:15:50 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/12/2014 07:28:13 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80004005

Error: (06/12/2014 00:30:58 AM) (Source: SideBySide) (EventID: 72) (User: )
Description: imagingurn:schemas-microsoft-com:asm.v1^assemblyc:\program files\microsoft security client\MSESysprep.dllc:\program files\microsoft security client\MSESysprep.dll10

Error: (06/11/2014 07:06:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crtThe specified server cannot perform the requested operation.

Error: (06/11/2014 07:06:21 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4101) (User: )
Description: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/71899A67BF33AF31BEFDC071F8F733B183856332.crtThis operation returned because the timeout period expired.

==================== Memory info ===========================

Percentage of memory in use: 57%
Total physical RAM: 7628.11 MB
Available physical RAM: 3241.84 MB
Total Pagefile: 15254.41 MB
Available Pagefile: 10056.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:681.22 GB) (Free:584.14 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.97 GB) FAT32
Drive g: (HP_RECOVERY) (Fixed) (Total:15.12 GB) (Free:2.26 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: C645CB67)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=681 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)

==================== End Of Log ============================

kevinf80 · June 14, 2014

Hello and

P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Run FRST one more time:

Type the following in the edit box after "Search:".

rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.

Kevin

jakerupe · June 14, 2014

I noticed that dll called out in the first log, here is the new log;

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2014 02
Ran by jrupert (administrator) on LAPTOP19 on 14-06-2014 18:52:28
Running from C:\Users\jrupert\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)
HKLM\...\Run: [MfeEpePcMonitor] => "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2013-12-27] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-12-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630952 2012-07-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [12288 2012-04-19] ()
HKLM-x32\...\Run: [DTRun] => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [517456 2010-11-24] (ArcSoft Inc.)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12310616 2012-03-21] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [185144 2013-10-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [337184 2013-10-16] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-05-27] (Hewlett-Packard)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKLM\...\Policies\Explorer\Run: [btvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMNTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMNTDF
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1

FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\
FF Extension: DigitalPersona Extension - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ []

Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-21]
CHR Extension: (YouTube) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (McAfee Security Scan+) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-06-14]
CHR Extension: (Google Search) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Grepolis Report Converter) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\eediamimojgbnjfaalcnlonenfdcogop [2014-04-15]
CHR Extension: (Google Wallet) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\jrupert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 DpHost; C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [493904 2012-04-28] (DigitalPersona, Inc.)
S3 FLCDLOCK; c:\windows\SysWOW64\flcdlock.exe [477056 2012-11-19] (Hewlett-Packard Company)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-06-14] (SurfRight B.V.)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [681760 2013-10-16] (Hewlett-Packard Company)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-03-06] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1327104 2013-03-27] () [File not signed]
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2013-05-16] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2013-05-16] (Hewlett-Packard) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [520192 2010-11-20] (Microsoft Corporation) [File not signed]
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [498352 2013-07-26] (ArcSoft, Inc.)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2013-07-26] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [42816 2013-07-26] (ArcSoft, Inc.)
R3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64832 2012-11-09] (Hewlett-Packard Company)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [91432 2013-03-27] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158760 2013-03-27] (McAfee, Inc.)
R1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-20] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-14 18:12 - 2014-06-14 18:14 - 00033096 _____ () C:\Users\jrupert\Desktop\Addition.txt
2014-06-14 18:08 - 2014-06-14 18:52 - 00019339 _____ () C:\Users\jrupert\Desktop\FRST.txt
2014-06-14 18:08 - 2014-06-14 18:52 - 00000000 ____D () C:\FRST
2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe
2014-06-14 17:50 - 2014-06-14 18:15 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar
2014-06-14 17:50 - 2014-06-14 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 14:53 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-14 14:41 - 2014-06-14 18:44 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-14 14:40 - 2014-06-14 17:50 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-14 14:40 - 2014-06-14 17:49 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-14 14:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-14 14:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-09 15:48 - 2014-06-10 18:23 - 00037376 _____ () C:\windows\system32\tpjvh.wbi
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx
2014-05-24 10:54 - 2014-06-14 18:03 - 00000084 _____ () C:\windows\system32\optfi.uzj
2014-05-24 10:43 - 2014-06-10 18:23 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz
2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu
2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr
2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun
2014-05-22 16:19 - 2014-05-22 16:22 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp
2014-05-22 16:14 - 2014-05-22 16:15 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif
2014-05-19 07:36 - 2014-05-19 08:00 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015
2014-05-18 12:16 - 2014-05-18 14:30 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015

==================== One Month Modified Files and Folders =======

2014-06-14 18:52 - 2014-06-14 18:08 - 00019339 _____ () C:\Users\jrupert\Desktop\FRST.txt
2014-06-14 18:52 - 2014-06-14 18:08 - 00000000 ____D () C:\FRST
2014-06-14 18:52 - 2014-04-14 16:12 - 00000000 ____D () C:\Users\jrupert\AppData\Local\Temp
2014-06-14 18:44 - 2014-06-14 14:41 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 18:44 - 2013-12-08 14:14 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-14 18:29 - 2013-10-16 08:32 - 01389254 _____ () C:\windows\WindowsUpdate.log
2014-06-14 18:15 - 2014-06-14 17:50 - 00000000 ____D () C:\Users\jrupert\Desktop\mbar
2014-06-14 18:15 - 2014-06-14 17:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-06-14 18:14 - 2014-06-14 18:12 - 00033096 _____ () C:\Users\jrupert\Desktop\Addition.txt
2014-06-14 18:09 - 2013-12-08 14:14 - 00000906 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-14 18:06 - 2014-06-14 18:06 - 02081792 _____ (Farbar) C:\Users\jrupert\Desktop\FRST64.exe
2014-06-14 18:03 - 2014-05-24 10:54 - 00000084 _____ () C:\windows\system32\optfi.uzj
2014-06-14 18:02 - 2012-04-24 16:56 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-14 17:50 - 2014-06-14 14:40 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-14 17:49 - 2014-06-14 14:40 - 00000000 ____D () C:\Users\jrupert\Downloads\Spy Ware
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00001897 _____ () C:\ProgramData\Desktop\HitmanPro.lnk
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-06-14 17:41 - 2014-06-14 17:41 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00001808 _____ () C:\ProgramData\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-06-14 15:00 - 2014-06-14 15:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-06-14 15:00 - 2014-06-14 14:53 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-14 14:41 - 2014-06-14 14:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 14:40 - 2014-06-14 14:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-14 14:39 - 2014-06-14 14:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\jrupert\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-06-14 14:38 - 2014-04-14 18:21 - 00000000 ____D () C:\Users\jrupert\Documents\Bluetooth Folder
2014-06-14 13:47 - 2009-07-14 00:13 - 00786726 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-14 13:47 - 2009-07-13 23:45 - 00031312 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00002170 _____ () C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-14 13:44 - 2014-06-14 13:44 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-06-14 13:44 - 2013-10-16 09:09 - 00000000 ____D () C:\ProgramData\McAfee
2014-06-14 13:44 - 2012-04-24 16:56 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-06-14 13:44 - 2012-04-24 16:56 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-14 13:44 - 2012-04-24 16:56 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-06-14 13:44 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-14 13:39 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-14 13:39 - 2009-07-13 23:51 - 00064951 _____ () C:\windows\setupact.log
2014-06-14 13:38 - 2014-06-14 13:38 - 00000000 ____D () C:\Users\jrupert\AppData\Roaming\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-06-14 13:37 - 2014-06-14 13:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Sun
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-14 13:37 - 2014-06-14 13:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-14 03:01 - 2014-04-14 16:13 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{27BB9FF6-E2B7-482F-B2C3-ACF4B1CDE0C8}
2014-06-12 12:24 - 2013-12-12 14:34 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2014-06-12 12:23 - 2014-04-17 12:32 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-11 10:11 - 2013-12-08 14:16 - 00002183 _____ () C:\ProgramData\Desktop\Google Chrome.lnk
2014-06-10 18:23 - 2014-06-09 15:48 - 00037376 _____ () C:\windows\system32\tpjvh.wbi
2014-06-10 18:23 - 2014-05-24 10:43 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Downloads\Intel.xlsx
2014-06-03 21:44 - 2014-06-03 21:44 - 00232911 _____ () C:\Users\jrupert\Desktop\Intel.xlsx
2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu
2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr
2014-05-24 10:26 - 2014-05-24 10:26 - 00000000 ____D () C:\windows\Sun
2014-05-22 16:22 - 2014-05-22 16:19 - 00002016 ____H () C:\Users\jrupert\Documents\Default.rdp
2014-05-22 16:15 - 2014-05-22 16:14 - 22073988 _____ () C:\Users\jrupert\Downloads\Makeover deck-after.tif
2014-05-19 08:00 - 2014-05-19 07:36 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_melsteph_2015
2014-05-18 14:30 - 2014-05-18 12:16 - 00000000 ____D () C:\Users\jrupert\Desktop\HOY_Farm_2015

Some content of TEMP:
====================
C:\Users\jrupert\AppData\Local\Temp\Extract.exe
C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe
C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\jrupert\AppData\Local\Temp\SP64316.exe
C:\Users\jrupert\AppData\Local\Temp\SP64639.exe
C:\Users\jrupert\AppData\Local\Temp\SP64676.exe
C:\Users\Owner\AppData\Local\Temp\uninstall.exe
C:\Users\StephanieM\AppData\Local\Temp\Extract.exe
C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe
C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe
C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe
C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe
C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe
C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe
C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0520192 ____A (Microsoft Corporation) 6BE8548CC4D44912BFA8B7818BD5E614

ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-06-08 17:52

==================== End Of Log ============================

kevinf80 · June 14, 2014

Please do what I ask in reply #2....

jakerupe · June 15, 2014

Sorry...seartch result

Farbar Recovery Scan Tool (x64) Version: 12-06-2014 02
Ran by jrupert at 2014-06-14 18:58:48
Running from C:\Users\jrupert\Desktop
Boot Mode: Normal

================== Search Files: "rpcss.dll" =============

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24][2010-11-20 22:24] 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123 [File is signed]

C:\Windows\System32\rpcss.dll
[2010-11-20 22:24][2010-11-20 22:24] 0520192 ____A (Microsoft Corporation) 6BE8548CC4D44912BFA8B7818BD5E614

====== End Of Search ======

kevinf80 · June 15, 2014

Thanks for the new log, ok do the following:

Download attached fixlist.txt file and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes 2.0, run a Threat Scan

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

Post log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Let me see those logs, also give an update on any remaining issues or concerns..

Kevin.....

fixlist.txt

jakerupe · June 15, 2014

It made me reboot but here is the log, running MBAM now

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-06-2014 02
Ran by jrupert at 2014-06-14 19:23:12 Run:1
Running from C:\Users\jrupert\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
2014-06-09 15:48 - 2014-06-10 18:23 - 00037376 _____ () C:\windows\system32\tpjvh.wbi
2014-05-24 10:54 - 2014-06-14 18:03 - 00000084 _____ () C:\windows\system32\optfi.uzj
2014-05-24 10:43 - 2014-06-10 18:23 - 00000063 _____ () C:\windows\system32\nrqyuxi.tvz
2014-05-24 10:43 - 2014-05-24 10:43 - 00000064 _____ () C:\windows\system32\sokot.mtu
2014-05-24 10:27 - 2014-05-24 10:27 - 00310760 ____S () C:\windows\system32\cruyjpa.akr
C:\Users\jrupert\AppData\Local\Temp\Extract.exe
C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe
C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\jrupert\AppData\Local\Temp\SP64316.exe
C:\Users\jrupert\AppData\Local\Temp\SP64639.exe
C:\Users\jrupert\AppData\Local\Temp\SP64676.exe
C:\Users\Owner\AppData\Local\Temp\uninstall.exe
C:\Users\StephanieM\AppData\Local\Temp\Extract.exe
C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe
C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe
C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe
C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe
C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe
C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe
C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe
C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe
C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe
C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe
C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe
C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe
C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe
End
*****************

C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll
C:\windows\system32\tpjvh.wbi => Moved successfully.
C:\windows\system32\optfi.uzj => Moved successfully.
Could not move "C:\windows\system32\nrqyuxi.tvz" => Scheduled to move on reboot.
C:\windows\system32\sokot.mtu => Moved successfully.
Could not move "C:\windows\system32\cruyjpa.akr" => Scheduled to move on reboot.
C:\Users\jrupert\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\jrupert\AppData\Local\Temp\jre-7u55-windows-i586-iftw_bd13e0f1.exe => Moved successfully.
C:\Users\jrupert\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe => Moved successfully.
C:\Users\jrupert\AppData\Local\Temp\SP64316.exe => Moved successfully.
C:\Users\jrupert\AppData\Local\Temp\SP64639.exe => Moved successfully.
C:\Users\jrupert\AppData\Local\Temp\SP64676.exe => Moved successfully.
C:\Users\Owner\AppData\Local\Temp\uninstall.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\Extract.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP56729.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP57486.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP57918.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP58268.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP58322.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP58930.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP58940.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP59118.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP59151.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP59202.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP59624.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP61040.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP61411.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP61441.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP61460.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP61822.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\sp62291.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP62370.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP62915.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP62981.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP63782.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP63835.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP63988.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP64042.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP64259.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP64284.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\SP64351.exe => Moved successfully.
C:\Users\StephanieM\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-06-14 19:28:56)<=

C:\windows\system32\nrqyuxi.tvz => Is moved successfully.
C:\windows\system32\cruyjpa.akr => Is moved successfully.

==== End of Fixlog ====

kevinf80 · June 15, 2014

Thanks for the log, post MB log when ready....

jakerupe · June 15, 2014

So music and ads are gone since this reboot from the fixlog, MBAM did not find anythinng and it wont let me copy anything to the clipboard?

jakerupe · June 15, 2014

I was able to export....

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/14/2014
Scan Time: 7:33:07 PM
Logfile: e.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.06.14.07
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: jrupert

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365718
Time Elapsed: 10 min, 9 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

kevinf80 · June 15, 2014

We need to run an online AV scan to ensure there are no remnants of any infection left on your system that may have been missed. This scan is very thorough and well worth running, it can take several hours please be patient and let it complete:

Run Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and Windows 7/8 right click on IE shortcut and run as admin

Go to Eset web page http://www.eset.com/us/online-scanner/ to run an online scan from ESET.

Turn off the real time scanner of any existing antivirus program while performing the online scan
click on the Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the add/on to be installed
Click Start
Make sure that the option "Remove found threats" is UNticked
Click on Advanced Settings, ensure the options
Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
wait for the virus definitions to be downloaded
Wait for the scan to finish

When the scan is complete

If no threats were found
put a checkmark in "Uninstall application on close"
close program
report to me that nothing was found

If threats were found

click on "list of threats found"
click on "export to text file" and save it as ESET SCAN and save to the desktop
Click on back
put a checkmark in "Uninstall application on close"
click on finish

close program

Copy and paste the report in next reply.

Next,

Download Security Check by screen317 from either of the following:

http://screen317.spywareinfoforum.org/SecurityCheck.exe or http://screen317.changelog.fr/SecurityCheck.exe

Save it to your Desktop. (If your security alerts either accept the alert, or turn the security off while Secuirity Check runs)

Double click SecurityCheck.exe (Vista or Windows 7/8 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

If Security Check will not run or you get an alert saying it is not supported, Re-boot your PC then try again...

Let me see those logs in next reply.....

Kevin

jakerupe · June 15, 2014

eset reults....

C:\FRST\Quarantine\C\Windows\System32\rpcss.dll.xBAD Win64/Patched.I trojan

Security Check log....

Results of screen317's Security Check version 0.99.84
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 60
Adobe Reader XI
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
Windows Defender MSMpEng.exe
Microsoft Security Client Antimalware MsMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

kevinf80 · June 15, 2014

Thanks for the logs, nothing of concern. Run the following to clean up...

Download "Delfix by Xplode" and save it to your desktop.

"Delfix link mirror"

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

    Activate UAC
    Remove disinfection tools
    Create registry backup
    Purge System Restore
    Reset system settings

Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Part of the routine will be to create a registry back up with ERUNT, the back up will be created here:

C:\Windows\ERUNT

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

Next,

Read the following link to fully understand PC security and best practices, you may find it useful....

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

If no remaining issues or concerns are we ok to close out...

Thank you,

Kevin...

jakerupe · June 15, 2014

Everttihng seems good, thanks and yes you can close thread

kevinf80 · June 15, 2014

Thanks for the update, take care and surf safe....

Kevin...

AdvancedSetup · July 18, 2014

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Streaming ads in background, IP being blocked but still plays

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information