Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

30 dllhost.exe*32 COM SURROGATE processes running - Help!


  • This topic is locked This topic is locked
15 replies to this topic

#1 swimjim504

swimjim504

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 March 2014 - 01:19 PM

Hi,

 

I believe I have the same issue as posted here - http://www.bleepingcomputer.com/forums/t/525236/30-dllhostexe32-com-surrogate-processes-running-cant-kill/

 

I have gone ahead, downloaded the FRST software, ran a scan, and below are the results. Would appreciate any help in getting rid of this issue. Thanks! (will posted the Addition file text in a second window):

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014
Ran by TEST ACCOUNT (administrator) on COMP7 on 05-03-2014 13:05:15
Running from C:\Users\Jim Malone\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
() C:\Users\Jim Malone\AppData\Roaming\Synaptics\WIN9E29.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
(Dropbox, Inc.) C:\Users\Jim Malone\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
(Microsoft Corporation) C:\Windows\syswow64\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-12-06] (IDT, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] - C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-10-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-05] (Microsoft Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [FINPRINTER (WorkForce 630)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Jim)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Austin)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Jeb)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wired - Jeb)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON58E1CD (WorkForce 630)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [Google Update] - C:\Users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-18] (Google Inc.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [Google Auto] - regsvr32.exe "C:\Users\Jim Malone\AppData\Local\Google\BrowserSet.dll"
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [TimeServer] - C:\Users\Jim Malone\AppData\Roaming\Synaptics\WIN9E29.exe [196096 2014-03-04] ()
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\MountPoints2: {d219a38d-f6c5-11e0-963e-2c27d7c2b9c5} - G:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1343152957-2886431971-333581152-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-1343152957-2886431971-333581152-1001\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
Startup: C:\Users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\TEST ACCOUNT\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://webmail.baxter.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rp.sslvpn.boeing.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.100.1
 
==================== Services (Whitelisted) =================
 
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R1 MpKsla3e3c578; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\MpKsla3e3c578.sys [45352 2014-03-05] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S1 erbdaldn; \??\C:\Windows\system32\drivers\erbdaldn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 13:05 - 2014-03-05 13:05 - 00021624 _____ () C:\Users\Jim Malone\Desktop\FRST.txt
2014-03-05 13:02 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Desktop\FRST64.exe
2014-03-05 13:00 - 2014-03-05 13:01 - 00000000 ____D () C:\Users\Jim Malone\Documents\FRST
2014-03-05 12:58 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Downloads\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 00023839 _____ () C:\Users\Jim Malone\Downloads\FRST.txt
2014-03-05 12:58 - 2014-03-05 12:58 - 00000000 ____D () C:\FRST
2014-03-05 12:55 - 2014-03-05 12:55 - 00065536 ___HT () C:\Users\Jim Malone\Documents\~Jim's EMail File.pst.tmp
2014-03-05 09:31 - 2014-03-05 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 17:14 - 2014-03-04 17:15 - 00262144 _____ () C:\Windows\Minidump\030414-17565-01.dmp
2014-02-17 09:53 - 2014-02-17 09:53 - 00001991 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\Visan
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-12 18:39 - 2014-02-05 05:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:39 - 2014-02-05 05:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:39 - 2014-02-05 05:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:39 - 2014-02-05 04:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:39 - 2014-02-05 04:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:39 - 2014-02-05 04:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:39 - 2014-02-05 04:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 18:39 - 2014-02-05 04:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:39 - 2014-02-05 04:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:39 - 2014-02-05 04:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:39 - 2014-02-05 04:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 18:39 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 18:39 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 18:39 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 18:39 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 18:39 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 18:39 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 18:39 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 18:39 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 18:39 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 18:39 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 18:39 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-12 18:39 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 11:56 - 2014-02-12 11:56 - 00862603 _____ () C:\Users\Jim Malone\Downloads\SecureMessageAtt (2).html
2014-02-12 09:02 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 09:02 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 09:02 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 09:02 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 09:02 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 09:02 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 09:02 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 09:02 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 09:02 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 09:02 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:02 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 09:02 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 09:02 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 09:02 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 09:02 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 08:35 - 2014-02-10 08:35 - 00004260 _____ () C:\Users\Jim Malone\Downloads\eP33-R4616753-H0-G0249228600000000703-C2492286-EY.pym
2014-02-10 08:30 - 2014-03-05 12:42 - 00007596 _____ () C:\Users\TEST ACCOUNT\AppData\Local\Resmon.ResmonCfg
2014-02-07 11:30 - 2014-02-07 11:30 - 00332878 _____ () C:\Users\Jim Malone\Downloads\5392724-d5a63f7d5bc84f778cc5de2c144634ec.tif
2014-02-07 11:21 - 2014-02-07 11:21 - 00167447 _____ () C:\Users\Jim Malone\Downloads\5392724-bf02b48d574a4e54921102e8d6184d9c.tif
2014-02-07 11:20 - 2014-02-07 11:20 - 00135961 _____ () C:\Users\Jim Malone\Downloads\5392724-80e2262f4f534fd2baff06ce759927c2.tif
2014-02-07 09:40 - 2014-02-07 09:40 - 00000052 _____ () C:\Users\Jim Malone\Downloads\download_.txf
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 13:05 - 2014-03-05 13:05 - 00021624 _____ () C:\Users\Jim Malone\Desktop\FRST.txt
2014-03-05 13:04 - 2013-05-16 06:57 - 00000000 ____D () C:\Users\Jim Malone\Desktop\ACES
2014-03-05 13:04 - 2011-05-10 10:44 - 1884587008 _____ () C:\Users\Jim Malone\Documents\Jim's EMail File.pst
2014-03-05 13:03 - 2012-02-23 08:57 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 13:02 - 2011-04-20 04:37 - 01195835 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 13:01 - 2014-03-05 13:00 - 00000000 ____D () C:\Users\Jim Malone\Documents\FRST
2014-03-05 12:58 - 2014-03-05 13:02 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Desktop\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Downloads\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 00023839 _____ () C:\Users\Jim Malone\Downloads\FRST.txt
2014-03-05 12:58 - 2014-03-05 12:58 - 00000000 ____D () C:\FRST
2014-03-05 12:55 - 2014-03-05 12:55 - 00065536 ___HT () C:\Users\Jim Malone\Documents\~Jim's EMail File.pst.tmp
2014-03-05 12:55 - 2011-05-10 10:03 - 00000000 ____D () C:\Users\Jim Malone\Documents\Outlook Files
2014-03-05 12:54 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 12:54 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 12:42 - 2014-02-10 08:30 - 00007596 _____ () C:\Users\TEST ACCOUNT\AppData\Local\Resmon.ResmonCfg
2014-03-05 12:34 - 2012-08-16 09:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 12:23 - 2012-11-01 20:34 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA.job
2014-03-05 09:31 - 2014-03-05 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 09:31 - 2012-09-04 13:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:31 - 2012-07-18 12:53 - 00000000 ___RD () C:\Users\Jim Malone\Dropbox
2014-03-05 09:31 - 2012-07-18 12:51 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Dropbox
2014-03-05 09:23 - 2012-09-26 06:46 - 00000412 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-03-05 09:23 - 2012-02-23 08:57 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 09:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 09:22 - 2009-07-13 23:51 - 00084511 _____ () C:\Windows\setupact.log
2014-03-04 17:15 - 2014-03-04 17:14 - 00262144 _____ () C:\Windows\Minidump\030414-17565-01.dmp
2014-03-04 17:14 - 2012-07-27 23:19 - 517344324 _____ () C:\Windows\MEMORY.DMP
2014-03-04 17:14 - 2012-07-27 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-03-04 17:09 - 2009-07-14 00:13 - 00787404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 13:34 - 2011-05-08 00:09 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Synaptics
2014-03-04 13:33 - 2011-05-08 00:02 - 00000000 ____D () C:\Users\Jim Malone
2014-03-04 13:23 - 2012-11-01 20:34 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core.job
2014-03-04 09:01 - 2012-08-16 09:14 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 08:59 - 2012-04-13 15:21 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Mozilla
2014-03-03 16:38 - 2011-07-15 07:22 - 00000000 ____D () C:\Users\Jim Malone\AppData\Local\CrashDumps
2014-03-02 18:28 - 2012-02-23 08:56 - 00000000 ____D () C:\Users\Jim Malone\AppData\Local\Google
2014-02-24 09:40 - 2014-01-27 08:22 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\HpUpdate
2014-02-21 11:34 - 2012-08-16 09:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 11:34 - 2012-08-16 09:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 11:34 - 2011-09-06 13:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 10:44 - 2013-08-01 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 10:39 - 2011-05-17 06:59 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 09:53 - 2014-02-17 09:53 - 00001991 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\Visan
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-14 13:18 - 2012-11-01 20:34 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA
2014-02-14 13:18 - 2012-11-01 20:34 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core
2014-02-13 12:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 18:58 - 2012-02-23 08:57 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 18:57 - 2012-02-23 08:57 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 18:50 - 2011-04-20 04:39 - 01704260 _____ () C:\Windows\PFRO.log
2014-02-12 18:49 - 2011-05-10 08:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 18:43 - 2011-05-09 12:25 - 00780018 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 18:41 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 11:56 - 2014-02-12 11:56 - 00862603 _____ () C:\Users\Jim Malone\Downloads\SecureMessageAtt (2).html
2014-02-10 09:21 - 2014-01-18 11:35 - 00000000 ____D () C:\Users\TEST ACCOUNT\AppData\Roaming\HpUpdate
2014-02-10 09:19 - 2014-01-18 11:33 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-10 09:19 - 2011-04-20 04:38 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-02-10 08:35 - 2014-02-10 08:35 - 00004260 _____ () C:\Users\Jim Malone\Downloads\eP33-R4616753-H0-G0249228600000000703-C2492286-EY.pym
2014-02-10 08:35 - 2011-08-29 15:28 - 00000000 ____D () C:\paychex
2014-02-07 11:30 - 2014-02-07 11:30 - 00332878 _____ () C:\Users\Jim Malone\Downloads\5392724-d5a63f7d5bc84f778cc5de2c144634ec.tif
2014-02-07 11:21 - 2014-02-07 11:21 - 00167447 _____ () C:\Users\Jim Malone\Downloads\5392724-bf02b48d574a4e54921102e8d6184d9c.tif
2014-02-07 11:20 - 2014-02-07 11:20 - 00135961 _____ () C:\Users\Jim Malone\Downloads\5392724-80e2262f4f534fd2baff06ce759927c2.tif
2014-02-07 09:40 - 2014-02-07 09:40 - 00000052 _____ () C:\Users\Jim Malone\Downloads\download_.txf
2014-02-05 05:19 - 2014-02-12 18:39 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 05:02 - 2014-02-12 18:39 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 05:00 - 2014-02-12 18:39 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 04:54 - 2014-02-12 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 04:54 - 2014-02-12 18:39 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 04:52 - 2014-02-12 18:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 04:52 - 2014-02-12 18:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 04:52 - 2014-02-12 18:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 04:50 - 2014-02-12 18:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 04:50 - 2014-02-12 18:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 04:50 - 2014-02-12 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:58 - 2014-02-12 18:39 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 03:56 - 2014-02-12 18:39 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 03:53 - 2014-02-12 18:39 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 03:51 - 2014-02-12 18:39 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 03:50 - 2014-02-12 18:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 03:49 - 2014-02-12 18:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 03:49 - 2014-02-12 18:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 03:48 - 2014-02-12 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 03:47 - 2014-02-12 18:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 03:47 - 2014-02-12 18:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 03:47 - 2014-02-12 18:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 03:46 - 2014-02-12 18:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 15:15 - 2012-11-06 11:34 - 00003212 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCOMP7$
2014-02-04 15:15 - 2012-11-06 11:34 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCOMP7$.job
2014-02-04 11:34 - 2011-05-10 07:09 - 00002230 ____H () C:\Users\Jim Malone\Documents\Default.rdp
2014-02-04 10:37 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
 
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1343152957-2886431971-333581152-1000\$9a63ac425acbf4c21f9046a955d779fb
 
Alureon:
C:\Users\Jim Malone\AppData\Local\Temp\sbidreu\slwaxxp\wow.dll
 
Some content of TEMP:
====================
C:\Users\Jim Malone\AppData\Local\Temp\adiiio.exe
C:\Users\Jim Malone\AppData\Local\Temp\G2MInstallerExtractor.exe
C:\Users\Jim Malone\AppData\Local\Temp\i4jdel0.exe
C:\Users\Jim Malone\AppData\Local\Temp\jacob-1.14.3-x86.dll
C:\Users\Jim Malone\AppData\Local\Temp\nativeUtils-x86.dll
C:\Users\Jim Malone\AppData\Local\Temp\_is87B6.exe
C:\Users\Jim Malone\AppData\Local\Temp\_isEF6D.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 10:10
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 March 2014 - 01:22 PM

Second file scan results below:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2014
Ran by TEST ACCOUNT at 2014-03-05 13:05:59
Running from C:\Users\Jim Malone\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95 - WildTangent) Hidden
AI Viewer (HKLM-x32\...\{8C8292F3-7D93-4D40-9738-B24165D7E7CD}_is1) (Version:  - IdeaMK)
Amazon Unbox Video (HKLM-x32\...\InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}) (Version: 2.2.0.153 - Amazon.com)
Amazon Unbox Video (x32 Version: 2.2.0.153 - Amazon.com) Hidden
Apple Application Support (HKLM-x32\...\{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}) (Version: 2.0.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AT&T Connect Participant Application v8.9.35 (HKLM-x32\...\{CDD4495B-0424-42F0-8D89-70D47E21BD69}) (Version: 8.9.35 - AT&T Inc.)
Avery Wizard 4.0 (HKLM-x32\...\{7196E6BD-4B65-43F9-9D30-73A8E58D0E84}) (Version: 4.0.103 - Avery)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.167.0 - Microsoft Corporation)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
BlackBerry Desktop Software 6.0.2 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.2.44 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.2 (x32 Version: 6.0.2.44 - Research In Motion Ltd.) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blasterball 3 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bounce Symphony (x32 Version: 2.2.0.95 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-9970CDW (HKLM-x32\...\{979742CC-2CBB-49D8-9BEE-C2F7875F5393}) (Version: 1.0.27.0 - Brother Industries, Ltd.)
Brother MFL-Pro Suite MFC-J6710DW (HKLM-x32\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.27.0 - Brother Industries, Ltd.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cake Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix XenApp Plugin for Hosted Apps (HKLM-x32\...\{388C130B-0079-46B4-A0D5-DC2DD7A89A7B}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
CyberLink DVD Suite (x32 Version: 7.0.3525 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.2.1.3609 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{81FB7C60-565A-4869-9D90-3BE1D270E8B7}) (Version:  - Microsoft)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Epson Event Manager (HKLM-x32\...\{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}) (Version: 2.40.0001 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.10.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson USB Display (HKLM-x32\...\{7650F538-6274-44EA-8F50-843479073333}) (Version: 1.51.000 - SEIKO EPSON CORPORATION)
EPSON WorkForce 630 Series Printer Uninstall (HKLM\...\EPSON WorkForce 630 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.4j - SEIKO EPSON CORPORATION)
EpsonNet Setup 3.3 (HKLM-x32\...\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}) (Version: 3.3b - SEIKO EPSON CORPORATION)
Escape Rosecliff Island (x32 Version: 2.2.0.95 - WildTangent) Hidden
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.95 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Final Drive Nitro (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free File Viewer 2012 (HKLM-x32\...\FreeFileViewer_is1) (Version:  - Bitberry Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{41101F0C-DBD9-321C-A6B1-E0689B495A4E}) (Version: 5.1.4.17398 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Heroes of Hellas 2 - Olympia (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Client Services (Version: 1.0.12656.3472 - Hewlett-Packard) Hidden
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{0C107330-16DF-4D39-AA74-0E5448AED9E8}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Game Console (x32 Version:  - WildTangent) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP MovieStore (HKLM-x32\...\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}) (Version: 2.0 - Hewlett-Packard)
HP MovieStore (x32 Version: 1.0.036 - Hewlett-Packard) Hidden
HP Officejet 6700 Basic Device Software (HKLM\...\{A1CFA587-90D4-4DE6-B200-68CC0F92252F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6700 Help (HKLM-x32\...\{E1AE0CB7-1333-4728-8520-CB3F88A252B4}) (Version: 140.0.2.2 - Hewlett Packard)
HP Officejet 6700 Product Improvement Study (HKLM\...\{988D55BB-08DE-43C9-8D16-3751361E2A79}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP On Screen Display (HKLM-x32\...\{D7670221-BF9B-4DFF-B26B-5BE55A87329F}) (Version: 1.2.2 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Power Manager (HKLM-x32\...\{D8BCE5B9-67CF-4F3F-93AE-3ACC754C72EB}) (Version: 1.4.7 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2372 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1026 - Intel Corporation)
Java Auto Updater (x32 Version: 2.0.7.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Java™ 6 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jungle Disk Workgroup (HKLM\...\{4837C529-BBBC-47E3-95FC-70C69C003160}) (Version: 3.16 - Jungle Disk)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
LastPass(uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0 - Microsoft Corp.) Hidden
Mozilla Firefox 11.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 11.0 (x86 en-US)) (Version: 11.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Mystery P.I. - The London Caper (x32 Version: 2.2.0.95 - WildTangent) Hidden
OpenProj (HKLM-x32\...\{13702021-43FB-480C-912F-D9B74A538288}) (Version: 1.4.0 - Serena Software Inc.)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
Purchasing ToolPak 2010 (HKLM\...\Purchasing ToolPak 2010) (Version: 3.0 - Buyer Analytics)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.12.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.69 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
RoxioNow Player (HKLM-x32\...\{0EDEB615-1A60-425E-8306-0E10519C7B55}) (Version: 1.9.5.101 - RoxioNow)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13052_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Stamps.com (HKLM-x32\...\Stamps.com) (Version:  - Stamps.com, Inc.)
Stamps.com (x32 Version: 9.6.1.2323 - Stamps.com, Inc.) Hidden
Stamps.com Address Book Support for Microsoft Outlook 97-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Outlook 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com Application Support for Microsoft Word 2000-2010 (x32 Version: 8.7.0.1506 - Stamps.com, Inc.) Hidden
Stamps.com support for Microsoft Outlook 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 2000-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Outlook 97-2010 (HKLM-x32\...\Stamps.com support for Microsoft Outlook 97-2010) (Version:  - Stamps.com, Inc.)
Stamps.com support for Microsoft Word 2000-2010 (HKLM-x32\...\Stamps.com support for Microsoft Word 2000-2010) (Version:  - Stamps.com, Inc.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{001E8BF3-EDC3-4D5E-9C11-1D0E599B6497}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837583) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E21274CE-CA0C-49FA-93F4-DC292A052264}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{B5C70C99-B109-42FD-B219-FF12CA543F19}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version:  - Microsoft)
Virtual Families (x32 Version: 2.2.0.95 - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
Wheel of Fortune 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9510 - WinZip Computing, S.L. )
Zuma Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
 
==================== Restore Points  =========================
 
17-02-2014 13:39:23 Windows Update
17-02-2014 15:39:10 Windows Update
20-02-2014 22:01:19 Windows Update
24-02-2014 13:45:21 Windows Update
28-02-2014 13:19:35 Windows Update
04-03-2014 14:09:04 Windows Update
05-03-2014 14:30:37 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {07F1477C-D0AB-4103-AECC-F7344BCCBD48} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-12-15] (Hewlett-Packard)
Task: {0C5C8B47-4C19-4F9A-AF2F-3E6D8272A153} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {21025DD2-47C9-4ADC-9207-FD11A2F847CF} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2011-03-11] (Bitberry Software)
Task: {2918F5B4-6792-43EB-8D2A-C8B9BD59FEEC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {38EE0397-E770-4AC2-AC1D-1F9DFCF9D3D1} - System32\Tasks\hpUtility.exe_{D88D04D9-2F34-46FD-B7FA-31E0F7EA6D2A} => C:\Program Files\HP\HP Officejet 6700\Bin\utils\hpUtility.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {435A5B08-E8C6-4C5B-A6D4-A610D0693185} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23] (Google Inc.)
Task: {474395B9-82F6-4171-B6F7-A4DFEEFE64A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {4C7A353B-0E38-4777-B61E-4B2182CCF6D6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core => C:\Users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {68EAA150-618A-46AB-BF83-60D174C857BD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA => C:\Users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-18] (Google Inc.)
Task: {89E2B757-DAC2-4AA5-A233-8C0AE8323A62} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {A2A093D3-E9C7-4A8A-BCF8-9475D84750E1} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-11] (CyberLink)
Task: {A2E9DD2A-B7C5-452F-B0D1-C5559670B4B4} - System32\Tasks\HPCeeScheduleForCOMP7$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {C139C77D-1BD0-466B-A439-617053141D91} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23] (Google Inc.)
Task: {D3B4CBFB-1475-4808-8846-30FB608151F4} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {F2FAE38A-CCF2-4523-B729-78FDB4986A11} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {FFDA71F7-BF86-4D74-B9FB-EFBAE4652245} - System32\Tasks\HPCustParticipation HP Officejet 6700 => C:\Program Files\HP\HP Officejet 6700\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core.job => C:\Users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA.job => C:\Users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCOMP7$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-17 15:10 - 2011-05-17 15:10 - 00260096 _____ () C:\Program Files\Jungle Disk Workgroup\monitor_images.dll
2012-04-12 10:32 - 2010-03-15 18:04 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2010-12-08 13:55 - 2010-12-08 13:55 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-04 13:34 - 2014-03-04 13:34 - 00196096 _____ () C:\Users\Jim Malone\AppData\Roaming\Synaptics\WIN9E29.exe
2010-07-21 17:33 - 2010-07-21 17:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-07-21 17:33 - 2010-07-21 17:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 17:33 - 2010-07-21 17:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2014-02-24 08:55 - 2014-02-24 08:55 - 00815104 _____ () C:\Users\Jim Malone\AppData\Local\Google\BrowserSet.dll
2013-10-18 18:55 - 2013-10-18 18:55 - 25100288 _____ () C:\Users\Jim Malone\AppData\Roaming\Dropbox\bin\libcef.dll
2014-02-13 10:35 - 2014-02-13 10:35 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\ae685719bd599604bdf031cdad0ba38a\IsdiInterop.ni.dll
2011-04-20 04:35 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/05/2014 01:01:24 PM) (Source: Application Hang) (User: )
Description: The program FRST64.exe version 3.3.10.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 42a0
 
Start Time: 01cf389c7aaffc9d
 
Termination Time: 38
 
Application Path: C:\Users\Jim Malone\Downloads\FRST64.exe
 
Report Id: eff546ed-a48f-11e3-8f11-2c27d7c2b9c5
 
Error: (03/03/2014 04:38:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: E_IARNGBA.EXE, version: 7.0.0.0, time stamp: 0x4aaddcc4
Faulting module name: E_IAPRGBA.DLL, version: 7.0.0.0, time stamp: 0x4b7e36d2
Exception code: 0xc0000005
Fault offset: 0x00000000000848c2
Faulting process id: 0x378
Faulting application start time: 0xE_IARNGBA.EXE0
Faulting application path: E_IARNGBA.EXE1
Faulting module path: E_IARNGBA.EXE2
Report Id: E_IARNGBA.EXE3
 
Error: (01/30/2014 00:55:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16526, time stamp: 0x52855173
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x73cfe344
Faulting process id: 0x3190
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/27/2014 02:46:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16526, time stamp: 0x52855173
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x000222d2
Faulting process id: 0x2658
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/24/2014 08:01:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6365.0, time stamp: 0x4e68a05a
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000000d
Fault offset: 0x0000000000073772
Faulting process id: 0x18c
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (01/21/2014 01:36:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: E_IARNGBA.EXE, version: 7.0.0.0, time stamp: 0x4aaddcc4
Faulting module name: E_IAPRGBA.DLL, version: 7.0.0.0, time stamp: 0x4b7e36d2
Exception code: 0xc0000005
Fault offset: 0x00000000000848c2
Faulting process id: 0x1988
Faulting application start time: 0xE_IARNGBA.EXE0
Faulting application path: E_IARNGBA.EXE1
Faulting module path: E_IARNGBA.EXE2
Report Id: E_IARNGBA.EXE3
 
Error: (01/18/2014 11:25:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 9.0.8112.16526, time stamp: 0x52855173
Faulting module name: AcroPDF.dll_unloaded, version: 0.0.0.0, time stamp: 0x518a21ee
Exception code: 0xc0000005
Fault offset: 0x5848a34f
Faulting process id: 0x2340
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3
 
Error: (01/15/2014 05:45:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: STacSV64.exe, version: 1.0.6365.0, time stamp: 0x4e68a05a
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000000d
Fault offset: 0x0000000000073772
Faulting process id: 0x32c
Faulting application start time: 0xSTacSV64.exe0
Faulting application path: STacSV64.exe1
Faulting module path: STacSV64.exe2
Report Id: STacSV64.exe3
 
Error: (01/08/2014 02:37:11 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 724
 
Start Time: 01cf0ca7f71a994b
 
Termination Time: 16
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
Error: (01/03/2014 09:14:09 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16526 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 204c
 
Start Time: 01cf088c818aeb1f
 
Termination Time: 20
 
Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Report Id:
 
 
System errors:
=============
Error: (03/05/2014 11:01:42 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 42. The internal error state is 250.
 
Error: (03/05/2014 09:24:10 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/05/2014 09:24:06 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (03/04/2014 05:16:11 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/04/2014 05:16:09 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.167.1131.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/04/2014 05:16:07 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
Error: (03/04/2014 05:15:03 PM) (Source: BugCheck) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff800030d9e3c, 0xfffff880035bda18, 0xfffff880035bd270)C:\Windows\MEMORY.DMP030414-17565-01
 
Error: (03/04/2014 05:12:40 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.167.1131.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.4.0304.00
 
Source Path: 4.4.0304.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/04/2014 05:10:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (03/04/2014 05:10:26 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (03/05/2014 01:01:24 PM) (Source: Application Hang)(User: )
Description: FRST64.exe3.3.10.242a001cf389c7aaffc9d38C:\Users\Jim Malone\Downloads\FRST64.exeeff546ed-a48f-11e3-8f11-2c27d7c2b9c5
 
Error: (03/03/2014 04:38:11 PM) (Source: Application Error)(User: )
Description: E_IARNGBA.EXE7.0.0.04aaddcc4E_IAPRGBA.DLL7.0.0.04b7e36d2c000000500000000000848c237801cf3728bd17b10eC:\Windows\system32\spool\DRIVERS\x64\3\E_IARNGBA.EXEC:\Windows\system32\spool\DRIVERS\x64\3\E_IAPRGBA.DLL1dfd476a-a31c-11e3-8aee-2c27d7c2b9c5
 
Error: (01/30/2014 00:55:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1652652855173unknown0.0.0.000000000c00000fd73cfe344319001cf1de449e317f6C:\Program Files (x86)\Internet Explorer\iexplore.exeunknownb1fb840d-89d7-11e3-949a-2c27d7c2b9c5
 
Error: (01/27/2014 02:46:25 PM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1652652855173ntdll.dll6.1.7601.18247521ea8e7c0000005000222d2265801cf1b8ad78a7359C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\ntdll.dllb46e473d-878b-11e3-949a-2c27d7c2b9c5
 
Error: (01/24/2014 08:01:54 AM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.6365.04e68a05antdll.dll6.1.7601.18247521eaf24c000000d000000000007377218c01cf16c5e35888cfC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\SYSTEM32\ntdll.dllb237baa6-84f7-11e3-949a-2c27d7c2b9c5
 
Error: (01/21/2014 01:36:07 PM) (Source: Application Error)(User: )
Description: E_IARNGBA.EXE7.0.0.04aaddcc4E_IAPRGBA.DLL7.0.0.04b7e36d2c000000500000000000848c2198801cf16d77e1a6be0C:\Windows\system32\spool\DRIVERS\x64\3\E_IARNGBA.EXEC:\Windows\system32\spool\DRIVERS\x64\3\E_IAPRGBA.DLLe39020d7-82ca-11e3-949a-2c27d7c2b9c5
 
Error: (01/18/2014 11:25:48 AM) (Source: Application Error)(User: )
Description: iexplore.exe9.0.8112.1652652855173AcroPDF.dll_unloaded0.0.0.0518a21eec00000055848a34f234001cf1469ce7374b4C:\Program Files (x86)\Internet Explorer\iexplore.exeAcroPDF.dll2fa064ad-805d-11e3-a94e-2c27d7c2b9c5
 
Error: (01/15/2014 05:45:14 PM) (Source: Application Error)(User: )
Description: STacSV64.exe1.0.6365.04e68a05antdll.dll6.1.7601.18247521eaf24c000000d000000000007377232c01cf1062589cae33C:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\SYSTEM32\ntdll.dllb1f2ec81-7e36-11e3-b07d-2c27d7c2b9c5
 
Error: (01/08/2014 02:37:11 PM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.1652672401cf0ca7f71a994b16C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
Error: (01/03/2014 09:14:09 AM) (Source: Application Hang)(User: )
Description: iexplore.exe9.0.8112.16526204c01cf088c818aeb1f20C:\Program Files (x86)\Internet Explorer\iexplore.exe
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 55%
Total physical RAM: 3893.86 MB
Available physical RAM: 1727.82 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 4661.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:450.05 GB) (Free:364.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.42 GB) (Free:1.93 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive i: (External Hard Drive) (Fixed) (Total:931.48 GB) (Free:926.31 GB) NTFS
Drive j: (contracts-and-pricing) (Removable) (Total:500 GB) (Free:500 GB) FAT32
Drive m: (research-and-development) (Removable) (Total:500 GB) (Free:500 GB) FAT32
Drive s: (stadiathing) (Removable) (Total:500 GB) (Free:500 GB) FAT32
Drive x: (business-development) (Removable) (Total:500 GB) (Free:500 GB) FAT32
Drive y: (personnel) (Removable) (Total:500 GB) (Free:500 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: F4AEA3A7)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 00042ADA)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#3 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 05 March 2014 - 02:28 PM

Hi there,

yes you're right you have caught the same malware.


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#4 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 March 2014 - 03:34 PM

Thank you for the quick response! I am running the scanner now. It's been going for 30 minutes. The program says it usually takes ten minutes, may double for a badly infected machine. Seems like it is still scanning but hard to tell. Have not touched the computer since starting. Should I let it continue?

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 05 March 2014 - 04:07 PM

Has the scan still not finished?
Has it stalled or can you see that it still progresses?

#6 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 March 2014 - 04:10 PM

Still not finished, but it is progressing now. It shows that it had completed stage twelve. It was on stage 4 for quite some time. Sorry for the false alarm!

#7 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 March 2014 - 05:48 PM

Hello,

 

The scanner has finished and the output report is listed below. Thanks again for your help. Please advise on the next steps!

 

Thanks,
Jim

 

 

 

ComboFix 14-03-05.01 - TEST ACCOUNT 03/05/2014  15:05:30.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3894.2179 [GMT -5:00]
Running from: c:\users\Jim Malone\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jim Malone\g2mdlhlpx.exe
c:\users\Jim Malone\GoToAssistDownloadHelper.exe
I:\install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-05 to 2014-03-05  )))))))))))))))))))))))))))))))
.
.
2014-03-05 21:53 . 2014-03-05 21:53 -------- d-----w- c:\users\TEST ACCOUNT\AppData\Local\temp
2014-03-05 21:53 . 2014-03-05 21:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-05 17:58 . 2014-03-05 18:08 -------- d-----w- C:\FRST
2014-03-05 14:31 . 2014-03-05 14:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-03-05 14:31 . 2014-03-05 14:31 -------- d-----r- c:\program files (x86)\Skype
2014-03-05 14:26 . 2014-03-05 14:26 45352 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\MpKsla3e3c578.sys
2014-03-05 14:24 . 2014-03-05 14:24 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\offreg.dll
2014-03-05 13:44 . 2014-02-20 08:21 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3E5D112E-BD71-41C7-AB54-35866DF161C6}\gapaengine.dll
2014-03-05 13:44 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\mpengine.dll
2014-03-04 22:17 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-17 14:53 . 2014-02-17 14:53 -------- d-----w- c:\program files (x86)\HP Photo Creations
2014-02-17 14:53 . 2014-02-17 14:53 -------- d-----w- c:\programdata\Visan
2014-02-17 14:53 . 2014-02-17 14:53 -------- d-----w- c:\programdata\HP Photo Creations
2014-02-12 14:02 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 16:34 . 2012-08-16 14:13 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-02-21 16:34 . 2011-09-06 18:56 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-20 08:21 . 2012-11-28 12:29 1031560 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-02-17 15:39 . 2011-05-17 11:59 88567024 ----a-w- c:\windows\system32\MRT.exe
2014-01-19 07:33 . 2011-06-03 11:26 270496 ------w- c:\windows\system32\MpSigStub.exe
2012-11-07 18:18 . 2012-11-07 18:18 14794312 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03 155416 ----a-w- c:\windows\SysWOW64\CbFsMntNtf3.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-07-26 1564016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-04-30 284440]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2010-07-23 111640]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-03 847872]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"EPSON_UD_START"="c:\program files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe" [2011-01-06 341416]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-20 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-10-07 2629632]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-07-26 311152]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2013-06-05 2249352]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2011-11-23 97384]
Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -q -name=LastPass -ffuuid support@lastpass.com [2012-11-7 14794312]
Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe -p -name=LastPass -ffuuid support@lastpass.com [2012-11-7 14794312]
Jungle Disk Workgroup.lnk - c:\program files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [2011-5-17 9769800]
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe -det [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 erbdaldn;erbdaldn;c:\windows\system32\drivers\erbdaldn.sys;c:\windows\SYSNATIVE\drivers\erbdaldn.sys [x]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys;c:\windows\SYSNATIVE\drivers\cbfs3.sys [x]
S1 MpKsla3e3c578;MpKsla3e3c578;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\MpKsla3e3c578.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\MpKsla3e3c578.sys [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 EMP_UDSA;EMP_UDSA;c:\program files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe;c:\program files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 JungleDiskWorkgroupService;JungleDiskWorkgroupService;c:\program files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe;c:\program files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe [x]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
S3 eppvad_simple;EPSON Projector UD Audio Device;c:\windows\system32\drivers\EMP_UDAU.sys;c:\windows\SYSNATIVE\drivers\EMP_UDAU.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLA3E3C578
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 13:59 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 16:34]
.
2014-03-05 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2012-09-26 19:24]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 13:56]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-23 13:56]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core.job
- c:\users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 18:12]
.
2014-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA.job
- c:\users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-02 18:12]
.
2014-02-04 c:\windows\Tasks\HPCeeScheduleForCOMP7$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-11-09 22:16 2238976 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2010-11-30 15:03 188696 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup1_Complete]
@="{78061A12-1E91-4446-8B65-8ED2FF328D4A}"
[HKEY_CLASSES_ROOT\CLSID\{78061A12-1E91-4446-8B65-8ED2FF328D4A}]
2011-05-17 20:15 1089024 ----a-w- c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup2_InProgress]
@="{700AD13D-E86F-41C9-9A8F-39B4C438806F}"
[HKEY_CLASSES_ROOT\CLSID\{700AD13D-E86F-41C9-9A8F-39B4C438806F}]
2011-05-17 20:15 1089024 ----a-w- c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\JungleDiskWorkgroup3_Conflicted]
@="{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}"
[HKEY_CLASSES_ROOT\CLSID\{48C7A606-0F84-4DC8-8AFD-A157BDF18A08}]
2011-05-17 20:15 1089024 ----a-w- c:\program files\Jungle Disk Workgroup\monitor_shellext.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-06 1424896]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"WDM_DRMKAUD"="streamci" [X]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: LastPass - file://c:\users\Jim Malone\AppData\LocalLow\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\users\Jim Malone\AppData\LocalLow\LastPass\context.html?cmd=fillforms
TCP: DhcpNameServer = 10.0.100.1
DPF: {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} - hxxps://webmail.baxter.com/CACHE/sdesktop/install/binaries/instweb.cab
FF - ProfilePath - 
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
c:\users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - c:\users\TEST ACCOUNT\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Jim Malone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Jim Malone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Jim Malone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Jim Malone\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1343152957-2886431971-333581152-1000_Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-03-05  17:42:21
ComboFix-quarantined-files.txt  2014-03-05 22:42
.
Pre-Run: 391,686,426,624 bytes free
Post-Run: 392,986,406,912 bytes free
.
- - End Of File - - 46CD1468B14D2E82581AD9CDC751B89D


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 05 March 2014 - 05:53 PM

Ok, please run FRST once more:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#9 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 05 March 2014 - 08:57 PM

Just completed the FRST scan, here is the output file data. Thanks!!!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-03-2014 02
Ran by TEST ACCOUNT (administrator) on COMP7 on 05-03-2014 20:53:39
Running from C:\Users\TEST ACCOUNT\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
(Dropbox, Inc.) C:\Users\Jim Malone\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-12-06] (IDT, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] - C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-10-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-05] (Microsoft Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [FINPRINTER (WorkForce 630)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Jim)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Austin)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Jeb)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wired - Jeb)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON58E1CD (WorkForce 630)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [Google Update] - C:\Users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-18] (Google Inc.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [Google Auto] - regsvr32.exe "C:\Users\Jim Malone\AppData\Local\Google\BrowserSet.dll"
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [TimeServer] - C:\Users\Jim Malone\AppData\Roaming\Synaptics\WIN9E29.exe [196096 2014-03-04] ()
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\MountPoints2: {d219a38d-f6c5-11e0-963e-2c27d7c2b9c5} - G:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1343152957-2886431971-333581152-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
Startup: C:\Users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://webmail.baxter.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rp.sslvpn.boeing.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-05]
CHR Extension: (Google Drive) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05]
CHR Extension: (YouTube) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05]
CHR Extension: (Google Search) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05]
CHR Extension: (LastPass) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-05]
CHR Extension: (Google Wallet) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (Gmail) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-11-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R1 MpKsla3e3c578; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\MpKsla3e3c578.sys [45352 2014-03-05] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 erbdaldn; \??\C:\Windows\system32\drivers\erbdaldn.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-05 20:53 - 2014-03-05 20:53 - 00021300 _____ () C:\Users\TEST ACCOUNT\Desktop\FRST.txt
2014-03-05 20:53 - 2014-03-05 20:52 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Desktop\FRST64.exe
2014-03-05 20:51 - 2014-03-05 20:52 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Downloads\FRST64.exe
2014-03-05 17:42 - 2014-03-05 17:42 - 00028118 _____ () C:\ComboFix.txt
2014-03-05 14:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-05 14:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-05 14:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-05 14:31 - 2014-03-05 17:44 - 00000000 ____D () C:\Qoobox
2014-03-05 14:31 - 2014-03-05 14:29 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Desktop\ComboFix.exe
2014-03-05 14:29 - 2014-03-05 17:28 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 14:29 - 2014-03-05 14:29 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Downloads\ComboFix.exe
2014-03-05 13:05 - 2014-03-05 13:08 - 00046604 _____ () C:\Users\Jim Malone\Desktop\Addition.txt
2014-03-05 13:05 - 2014-03-05 13:08 - 00042534 _____ () C:\Users\Jim Malone\Desktop\FRST.txt
2014-03-05 13:02 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Desktop\FRST64.exe
2014-03-05 13:00 - 2014-03-05 13:01 - 00000000 ____D () C:\Users\Jim Malone\Documents\FRST
2014-03-05 12:58 - 2014-03-05 20:53 - 00000000 ____D () C:\FRST
2014-03-05 12:58 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Downloads\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 00023839 _____ () C:\Users\Jim Malone\Downloads\FRST.txt
2014-03-05 09:31 - 2014-03-05 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 17:14 - 2014-03-04 17:15 - 00262144 _____ () C:\Windows\Minidump\030414-17565-01.dmp
2014-02-17 09:53 - 2014-02-17 09:53 - 00001991 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\Visan
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-12 18:39 - 2014-02-05 05:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:39 - 2014-02-05 05:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:39 - 2014-02-05 05:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:39 - 2014-02-05 04:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:39 - 2014-02-05 04:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:39 - 2014-02-05 04:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:39 - 2014-02-05 04:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 18:39 - 2014-02-05 04:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:39 - 2014-02-05 04:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:39 - 2014-02-05 04:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:39 - 2014-02-05 04:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 18:39 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 18:39 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 18:39 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 18:39 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 18:39 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 18:39 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 18:39 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 18:39 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 18:39 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 18:39 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 18:39 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-12 18:39 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 11:56 - 2014-02-12 11:56 - 00862603 _____ () C:\Users\Jim Malone\Downloads\SecureMessageAtt (2).html
2014-02-12 09:02 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 09:02 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 09:02 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 09:02 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 09:02 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 09:02 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 09:02 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 09:02 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 09:02 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 09:02 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:02 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 09:02 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 09:02 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 09:02 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 09:02 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 08:35 - 2014-02-10 08:35 - 00004260 _____ () C:\Users\Jim Malone\Downloads\eP33-R4616753-H0-G0249228600000000703-C2492286-EY.pym
2014-02-10 08:30 - 2014-03-05 12:42 - 00007596 _____ () C:\Users\TEST ACCOUNT\AppData\Local\Resmon.ResmonCfg
2014-02-07 11:30 - 2014-02-07 11:30 - 00332878 _____ () C:\Users\Jim Malone\Downloads\5392724-d5a63f7d5bc84f778cc5de2c144634ec.tif
2014-02-07 11:21 - 2014-02-07 11:21 - 00167447 _____ () C:\Users\Jim Malone\Downloads\5392724-bf02b48d574a4e54921102e8d6184d9c.tif
2014-02-07 11:20 - 2014-02-07 11:20 - 00135961 _____ () C:\Users\Jim Malone\Downloads\5392724-80e2262f4f534fd2baff06ce759927c2.tif
2014-02-07 09:40 - 2014-02-07 09:40 - 00000052 _____ () C:\Users\Jim Malone\Downloads\download_.txf
 
==================== One Month Modified Files and Folders =======
 
2014-03-05 20:53 - 2014-03-05 20:53 - 00021300 _____ () C:\Users\TEST ACCOUNT\Desktop\FRST.txt
2014-03-05 20:53 - 2014-03-05 12:58 - 00000000 ____D () C:\FRST
2014-03-05 20:52 - 2014-03-05 20:53 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Desktop\FRST64.exe
2014-03-05 20:52 - 2014-03-05 20:51 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Downloads\FRST64.exe
2014-03-05 20:52 - 2009-07-14 00:13 - 00787404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-05 20:50 - 2012-11-01 20:34 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA.job
2014-03-05 20:50 - 2012-08-16 09:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-05 20:50 - 2012-02-23 08:57 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-05 20:50 - 2012-02-23 08:57 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-05 20:50 - 2011-04-20 04:37 - 01197851 _____ () C:\Windows\WindowsUpdate.log
2014-03-05 17:45 - 2012-08-16 09:14 - 00000000 ____D () C:\Users\TEST ACCOUNT\AppData\Local\Google
2014-03-05 17:44 - 2014-03-05 14:31 - 00000000 ____D () C:\Qoobox
2014-03-05 17:44 - 2012-09-21 12:45 - 00001443 _____ () C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-05 17:44 - 2012-09-21 12:45 - 00000000 ___RD () C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 17:44 - 2012-09-21 12:45 - 00000000 ___RD () C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-05 17:43 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-03-05 17:42 - 2014-03-05 17:42 - 00028118 _____ () C:\ComboFix.txt
2014-03-05 17:36 - 2011-05-08 00:08 - 00000000 ___RD () C:\Users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 17:28 - 2014-03-05 14:29 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 16:55 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 16:41 - 2011-05-08 00:02 - 00000000 ____D () C:\Users\Jim Malone
2014-03-05 14:29 - 2014-03-05 14:31 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Desktop\ComboFix.exe
2014-03-05 14:29 - 2014-03-05 14:29 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Downloads\ComboFix.exe
2014-03-05 14:28 - 2013-05-16 06:57 - 00000000 ____D () C:\Users\Jim Malone\Desktop\ACES
2014-03-05 14:28 - 2011-05-10 10:44 - 1884587008 _____ () C:\Users\Jim Malone\Documents\Jim's EMail File.pst
2014-03-05 14:28 - 2011-05-10 10:03 - 00000000 ____D () C:\Users\Jim Malone\Documents\Outlook Files
2014-03-05 13:23 - 2012-11-01 20:34 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core.job
2014-03-05 13:08 - 2014-03-05 13:05 - 00046604 _____ () C:\Users\Jim Malone\Desktop\Addition.txt
2014-03-05 13:08 - 2014-03-05 13:05 - 00042534 _____ () C:\Users\Jim Malone\Desktop\FRST.txt
2014-03-05 13:01 - 2014-03-05 13:00 - 00000000 ____D () C:\Users\Jim Malone\Documents\FRST
2014-03-05 12:58 - 2014-03-05 13:02 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Desktop\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Downloads\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 00023839 _____ () C:\Users\Jim Malone\Downloads\FRST.txt
2014-03-05 12:54 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-05 12:54 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-05 12:42 - 2014-02-10 08:30 - 00007596 _____ () C:\Users\TEST ACCOUNT\AppData\Local\Resmon.ResmonCfg
2014-03-05 09:31 - 2014-03-05 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 09:31 - 2012-09-04 13:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:31 - 2012-07-18 12:53 - 00000000 ___RD () C:\Users\Jim Malone\Dropbox
2014-03-05 09:31 - 2012-07-18 12:51 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Dropbox
2014-03-05 09:23 - 2012-09-26 06:46 - 00000412 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-03-05 09:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-05 09:22 - 2009-07-13 23:51 - 00084511 _____ () C:\Windows\setupact.log
2014-03-04 17:15 - 2014-03-04 17:14 - 00262144 _____ () C:\Windows\Minidump\030414-17565-01.dmp
2014-03-04 17:14 - 2012-07-27 23:19 - 517344324 _____ () C:\Windows\MEMORY.DMP
2014-03-04 17:14 - 2012-07-27 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-03-04 13:34 - 2011-05-08 00:09 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Synaptics
2014-03-04 09:01 - 2012-08-16 09:14 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 08:59 - 2012-04-13 15:21 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Mozilla
2014-03-03 16:38 - 2011-07-15 07:22 - 00000000 ____D () C:\Users\Jim Malone\AppData\Local\CrashDumps
2014-03-02 18:28 - 2012-02-23 08:56 - 00000000 ____D () C:\Users\Jim Malone\AppData\Local\Google
2014-02-24 09:40 - 2014-01-27 08:22 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\HpUpdate
2014-02-21 11:34 - 2012-08-16 09:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 11:34 - 2012-08-16 09:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 11:34 - 2011-09-06 13:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 10:44 - 2013-08-01 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 10:39 - 2011-05-17 06:59 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 09:53 - 2014-02-17 09:53 - 00001991 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\Visan
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-14 13:18 - 2012-11-01 20:34 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA
2014-02-14 13:18 - 2012-11-01 20:34 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core
2014-02-13 12:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 18:58 - 2012-02-23 08:57 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 18:57 - 2012-02-23 08:57 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 18:50 - 2011-04-20 04:39 - 01704260 _____ () C:\Windows\PFRO.log
2014-02-12 18:49 - 2011-05-10 08:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 18:43 - 2011-05-09 12:25 - 00780018 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 18:41 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 11:56 - 2014-02-12 11:56 - 00862603 _____ () C:\Users\Jim Malone\Downloads\SecureMessageAtt (2).html
2014-02-10 09:21 - 2014-01-18 11:35 - 00000000 ____D () C:\Users\TEST ACCOUNT\AppData\Roaming\HpUpdate
2014-02-10 09:19 - 2014-01-18 11:33 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-10 09:19 - 2011-04-20 04:38 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-02-10 08:35 - 2014-02-10 08:35 - 00004260 _____ () C:\Users\Jim Malone\Downloads\eP33-R4616753-H0-G0249228600000000703-C2492286-EY.pym
2014-02-10 08:35 - 2011-08-29 15:28 - 00000000 ____D () C:\paychex
2014-02-07 11:30 - 2014-02-07 11:30 - 00332878 _____ () C:\Users\Jim Malone\Downloads\5392724-d5a63f7d5bc84f778cc5de2c144634ec.tif
2014-02-07 11:21 - 2014-02-07 11:21 - 00167447 _____ () C:\Users\Jim Malone\Downloads\5392724-bf02b48d574a4e54921102e8d6184d9c.tif
2014-02-07 11:20 - 2014-02-07 11:20 - 00135961 _____ () C:\Users\Jim Malone\Downloads\5392724-80e2262f4f534fd2baff06ce759927c2.tif
2014-02-07 09:40 - 2014-02-07 09:40 - 00000052 _____ () C:\Users\Jim Malone\Downloads\download_.txf
2014-02-05 05:19 - 2014-02-12 18:39 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 05:02 - 2014-02-12 18:39 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 05:00 - 2014-02-12 18:39 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 04:54 - 2014-02-12 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 04:54 - 2014-02-12 18:39 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 04:52 - 2014-02-12 18:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 04:52 - 2014-02-12 18:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 04:52 - 2014-02-12 18:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 04:50 - 2014-02-12 18:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 04:50 - 2014-02-12 18:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 04:50 - 2014-02-12 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:58 - 2014-02-12 18:39 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 03:56 - 2014-02-12 18:39 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 03:53 - 2014-02-12 18:39 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 03:51 - 2014-02-12 18:39 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 03:50 - 2014-02-12 18:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 03:49 - 2014-02-12 18:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 03:49 - 2014-02-12 18:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 03:48 - 2014-02-12 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 03:47 - 2014-02-12 18:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 03:47 - 2014-02-12 18:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 03:47 - 2014-02-12 18:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 03:46 - 2014-02-12 18:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 15:15 - 2012-11-06 11:34 - 00003212 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCOMP7$
2014-02-04 15:15 - 2012-11-06 11:34 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCOMP7$.job
2014-02-04 11:34 - 2011-05-10 07:09 - 00002230 ____H () C:\Users\Jim Malone\Documents\Default.rdp
2014-02-04 10:37 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 10:10
 
==================== End Of Log ============================


#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 06 March 2014 - 02:58 AM

Hi,

it's looking better but we're not done yet.
How is your computer running after the following steps?


Step 1

Please download this attached Attached File  fixlist.txt   686bytes   12 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

Step 2

Please download Malwarebytes Anti-Malware and save it to your Desktop.

  • Execute the downloaded setup to install MBAM on your computer.
  • Start MBAM with administator privileges.
  • Open the tab Update and click on Check for Updates.
  • Open the tab Scanner, select Perform Quick Scan and press the Scan button.
  • When the scan is finished click on Show results.
  • Make sure that all the malware found is checked and click on Remove selected. Allow a reboot if one is required.
  • When finished MBAM shows a log file. (It can also be found under the Logs tab.)
    Please copy and paste the contents of this log file in your next reply.

 

 

 

Step 3

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!



Step 4

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#11 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 March 2014 - 09:16 AM

Good Morning,

 

Thanks for all the help! I have completed steps 1 and 2 above. In the process of running step 3, and will post logs for steps 3 and 4 once completed. It does indeed take quite some time.

 

Step 1 and 2 logs is below. One issue - after running the Malwarebytes tool, I saved the log to my desktop. It asked me to do a restart, which I did. When I came back online, the log was gone from both the system itself and the desktop. There were originally three items it found and got rid of. I ran the scan again, and none of them showed up a second time. What is posted will be the log from the second scan I ran, after the restart. I cannot locate the original log that would have shown the three items the scan found and deleted.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-03-2014
Ran by Jim Malone at 2014-03-06 07:55:38 Run:1
Running from C:\Users\Jim Malone\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [Google Auto] - regsvr32.exe "C:\Users\Jim Malone\AppData\Local\Google\BrowserSet.dll"
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [TimeServer] - C:\Users\Jim Malone\AppData\Roaming\Synaptics\WIN9E29.exe [196096 2014-03-04] ()
C:\Users\Jim Malone\AppData\Roaming\Synaptics\WIN9E29.exe
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
*****************
 
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Auto => Value deleted successfully.
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\Software\Microsoft\Windows\CurrentVersion\Run\\TimeServer => Value deleted successfully.
C:\Users\Jim Malone\AppData\Roaming\Synaptics\WIN9E29.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Error deleting key
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} => Error deleting key
HKCR\Wow6432Node\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => Key not found.
HKLM\SOFTWARE\Policies\Google => Error deleting key
 
==== End of Fixlog ====
 
_________________________________________
 
Malwarebytes Log:
 
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.06.03
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim Malone :: COMP7 [limited]
 
3/6/2014 8:29:13 AM
mbam-log-2014-03-06 (08-29-13).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188928
Time elapsed: 4 minute(s), 44 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 


#12 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 March 2014 - 11:21 AM

Here are the ESET and FRST (steps 3 and 4) logs:

 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=49c0a3da9f29b54f8a0cc5a1e196042b
# engine=17340
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-06 04:13:56
# local_time=2014-03-06 11:13:56 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 20458072 145665886 0 0
# scanned=223258
# found=5
# cleaned=0
# scan_time=8986
sh=F57F262CD06E30C1DEF7BFEAAB4EC93FAC354640 ft=1 fh=a6f3345f79e14deb vn="a variant of Generik.TOMYWC trojan" ac=I fn="C:\FRST\Quarantine\WIN9E29.exe06-03-2014_07-55-38"
sh=EB6AA6E142A33CEE2C2B47C3C201BDF6B28FA846 ft=1 fh=fc79af95b58d1e11 vn="Win32/Toolbar.Babylon potentially unwanted application" ac=I fn="C:\Program Files (x86)\AIViewer\MyBabylonTB.exe"
sh=388020684EA977A41A0373F0E6712267E3BF509F ft=1 fh=6f5c3a612c8f15dd vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Jim Malone\Desktop\ACES\From Downloads\7zip_installer_d162802.exe"
sh=6D43BD978A81593ADCFF64D59CE04B5CB33D01D9 ft=1 fh=67ebf4e2638d5399 vn="a variant of Win32/YourFileDownloader potentially unwanted application" ac=I fn="C:\Users\Jim Malone\Desktop\ACES\From Downloads\incose_csep_practice_exam_questions_downloader_386.exe"
sh=050E7D4A29BFCC59B401D224B161EDB1D7D46EDB ft=1 fh=e745ef58d8bc0508 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Jim Malone\Dropbox\Random\Loyola\GB796\Avery Wizard 4.0.0.exe"

 

_______________________________________________________

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by TEST ACCOUNT (administrator) on COMP7 on 06-03-2014 11:18:45
Running from C:\Users\Jim Malone\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Jungle Disk, Inc.) C:\Program Files\Jungle Disk Workgroup\JungleDiskWorkgroup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Jim Malone\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-12-06] (IDT, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [111640 2010-07-23] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [976320 2009-12-03] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [847872 2009-12-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-07-05] (Apple Inc.)
HKLM-x32\...\Run: [EPSON_UD_START] - C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UD.exe [341416 2011-01-06] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [ControlCenter4] - C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-10-07] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [BingDesktop] - C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-05] (Microsoft Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [X]
HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [FINPRINTER (WorkForce 630)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Jim)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Austin)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wireless - Jeb)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON WorkForce 630 Series (Wired - Jeb)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [EPSON58E1CD (WorkForce 630)] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [Google Update] - C:\Users\Jim Malone\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-18] (Google Inc.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\Run: [HP Officejet 6700 (NET)] - C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1000\...\MountPoints2: {d219a38d-f6c5-11e0-963e-2c27d7c2b9c5} - G:\EMP_UDSe.exe /autorun
HKU\S-1-5-21-1343152957-2886431971-333581152-1001\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1343152957-2886431971-333581152-1001\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
Startup: C:\Users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = 
BHO: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll ()
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {A5A5E1FF-FFEF-3FEF-B592-C6D194F4383F} https://webmail.baxter.com/CACHE/sdesktop/install/binaries/instweb.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://rp.sslvpn.boeing.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.100.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-05]
CHR Extension: (Google Drive) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-05]
CHR Extension: (YouTube) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-05]
CHR Extension: (Google Search) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-05]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2014-03-05]
CHR Extension: (Google Wallet) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (Gmail) - C:\Users\TEST ACCOUNT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-05]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx [2012-11-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S3 ADVService; C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe [25704 2011-11-23] (Amazon.com)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-05] (Microsoft Corp.)
R2 EMP_UDSA; C:\Program Files (x86)\EPSON Projector\Epson USB Display V1.5\EMP_UDSA.exe [98304 2011-01-06] (SEIKO EPSON CORPORATION)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 cbfs3; C:\Windows\system32\drivers\cbfs3.sys [321424 2010-11-30] (EldoS Corporation)
R3 eppvad_simple; C:\Windows\System32\drivers\EMP_UDAU.sys [23040 2011-01-06] (SEIKO EPSON CORPORATION)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74240 2011-02-16] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 erbdaldn; \??\C:\Windows\system32\drivers\erbdaldn.sys [X]
S1 MpKsla3e3c578; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6AA0EAD1-7658-4651-8973-8116A159E893}\MpKsla3e3c578.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-06 08:40 - 2014-03-06 08:40 - 02347384 _____ (ESET) C:\Users\Jim Malone\Desktop\esetsmartinstaller_enu.exe
2014-03-06 08:40 - 2014-03-06 08:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-06 08:26 - 2014-03-06 08:26 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Malwarebytes
2014-03-06 07:57 - 2014-03-06 07:57 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-06 07:57 - 2014-03-06 07:57 - 00000000 ____D () C:\Users\TEST ACCOUNT\AppData\Roaming\Malwarebytes
2014-03-06 07:57 - 2014-03-06 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 07:57 - 2014-03-06 07:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 07:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-06 07:56 - 2014-03-06 07:56 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Jim Malone\Downloads\mbam-setup.exe
2014-03-06 07:56 - 2014-03-06 07:56 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Jim Malone\Desktop\mbam-setup.exe
2014-03-06 07:55 - 2014-03-06 07:55 - 00000686 _____ () C:\Users\Jim Malone\Downloads\fixlist.txt
2014-03-06 07:55 - 2014-03-06 07:55 - 00000000 ____D () C:\Users\Jim Malone\Desktop\FRST-OlderVersion
2014-03-06 07:48 - 2014-03-06 07:48 - 00000686 _____ () C:\Users\TEST ACCOUNT\Downloads\fixlist.txt
2014-03-05 20:54 - 2014-03-05 20:55 - 00046466 _____ () C:\Users\TEST ACCOUNT\Desktop\Addition.txt
2014-03-05 20:53 - 2014-03-05 20:55 - 00044503 _____ () C:\Users\TEST ACCOUNT\Desktop\FRST.txt
2014-03-05 20:53 - 2014-03-05 20:52 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Desktop\FRST64.exe
2014-03-05 20:51 - 2014-03-05 20:52 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Downloads\FRST64.exe
2014-03-05 17:42 - 2014-03-05 17:42 - 00028118 _____ () C:\ComboFix.txt
2014-03-05 14:35 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-05 14:35 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-05 14:35 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-05 14:35 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-05 14:31 - 2014-03-05 17:44 - 00000000 ____D () C:\Qoobox
2014-03-05 14:31 - 2014-03-05 14:29 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Desktop\ComboFix.exe
2014-03-05 14:29 - 2014-03-05 17:28 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 14:29 - 2014-03-05 14:29 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Downloads\ComboFix.exe
2014-03-05 13:05 - 2014-03-06 11:18 - 00021577 _____ () C:\Users\Jim Malone\Desktop\FRST.txt
2014-03-05 13:05 - 2014-03-05 13:08 - 00046604 _____ () C:\Users\Jim Malone\Desktop\Addition.txt
2014-03-05 13:05 - 2014-03-05 13:08 - 00042534 _____ () C:\Users\Jim Malone\Desktop\FRSTaaa.txt
2014-03-05 13:02 - 2014-03-06 07:55 - 02156544 _____ (Farbar) C:\Users\Jim Malone\Desktop\FRST64.exe
2014-03-05 13:00 - 2014-03-05 13:01 - 00000000 ____D () C:\Users\Jim Malone\Documents\FRST
2014-03-05 12:58 - 2014-03-06 11:18 - 00000000 ____D () C:\FRST
2014-03-05 12:58 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Downloads\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 00023839 _____ () C:\Users\Jim Malone\Downloads\FRST.txt
2014-03-05 09:31 - 2014-03-05 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 17:14 - 2014-03-04 17:15 - 00262144 _____ () C:\Windows\Minidump\030414-17565-01.dmp
2014-02-17 09:53 - 2014-02-17 09:53 - 00001991 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\Visan
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-12 18:39 - 2014-02-05 05:19 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:39 - 2014-02-05 05:02 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:39 - 2014-02-05 05:00 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:39 - 2014-02-05 04:54 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:39 - 2014-02-05 04:54 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:39 - 2014-02-05 04:52 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:39 - 2014-02-05 04:52 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-12 18:39 - 2014-02-05 04:52 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 18:39 - 2014-02-05 04:51 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:39 - 2014-02-05 04:50 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:39 - 2014-02-05 04:50 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:39 - 2014-02-05 04:50 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-12 18:39 - 2014-02-05 03:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-12 18:39 - 2014-02-05 03:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-12 18:39 - 2014-02-05 03:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-12 18:39 - 2014-02-05 03:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-12 18:39 - 2014-02-05 03:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-12 18:39 - 2014-02-05 03:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-12 18:39 - 2014-02-05 03:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-12 18:39 - 2014-02-05 03:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-12 18:39 - 2014-02-05 03:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-12 18:39 - 2014-02-05 03:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-12 18:39 - 2014-02-05 03:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-12 18:39 - 2014-02-05 03:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-12 18:39 - 2014-02-05 03:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-12 11:56 - 2014-02-12 11:56 - 00862603 _____ () C:\Users\Jim Malone\Downloads\SecureMessageAtt (2).html
2014-02-12 09:02 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-12 09:02 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 09:02 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-12 09:02 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 09:02 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 09:02 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 09:02 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-12 09:02 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 09:02 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 09:02 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 09:02 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 09:02 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 09:02 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-12 09:02 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-12 09:02 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-12 09:02 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-12 09:02 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-12 09:02 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-12 09:02 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-10 08:35 - 2014-02-10 08:35 - 00004260 _____ () C:\Users\Jim Malone\Downloads\eP33-R4616753-H0-G0249228600000000703-C2492286-EY.pym
2014-02-10 08:30 - 2014-03-05 12:42 - 00007596 _____ () C:\Users\TEST ACCOUNT\AppData\Local\Resmon.ResmonCfg
2014-02-07 11:30 - 2014-02-07 11:30 - 00332878 _____ () C:\Users\Jim Malone\Downloads\5392724-d5a63f7d5bc84f778cc5de2c144634ec.tif
2014-02-07 11:21 - 2014-02-07 11:21 - 00167447 _____ () C:\Users\Jim Malone\Downloads\5392724-bf02b48d574a4e54921102e8d6184d9c.tif
2014-02-07 11:20 - 2014-02-07 11:20 - 00135961 _____ () C:\Users\Jim Malone\Downloads\5392724-80e2262f4f534fd2baff06ce759927c2.tif
2014-02-07 09:40 - 2014-02-07 09:40 - 00000052 _____ () C:\Users\Jim Malone\Downloads\download_.txf
 
==================== One Month Modified Files and Folders =======
 
2014-03-06 11:19 - 2014-03-05 13:05 - 00021577 _____ () C:\Users\Jim Malone\Desktop\FRST.txt
2014-03-06 11:18 - 2014-03-05 12:58 - 00000000 ____D () C:\FRST
2014-03-06 11:03 - 2013-05-16 06:57 - 00000000 ____D () C:\Users\Jim Malone\Desktop\ACES
2014-03-06 11:03 - 2012-02-23 08:57 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 11:03 - 2011-05-10 10:44 - 1884587008 _____ () C:\Users\Jim Malone\Documents\Jim's EMail File.pst
2014-03-06 10:34 - 2012-08-16 09:13 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 10:23 - 2012-11-01 20:34 - 00000928 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA.job
2014-03-06 10:09 - 2011-05-10 10:03 - 00000000 ____D () C:\Users\Jim Malone\Documents\Outlook Files
2014-03-06 08:59 - 2011-04-20 04:37 - 01224219 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 08:40 - 2014-03-06 08:40 - 02347384 _____ (ESET) C:\Users\Jim Malone\Desktop\esetsmartinstaller_enu.exe
2014-03-06 08:40 - 2014-03-06 08:40 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-03-06 08:26 - 2014-03-06 08:26 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Malwarebytes
2014-03-06 08:25 - 2012-09-26 06:46 - 00000412 _____ () C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2014-03-06 08:25 - 2012-02-23 08:57 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 08:14 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 08:14 - 2009-07-13 23:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 08:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 08:07 - 2009-07-13 23:51 - 00084623 _____ () C:\Windows\setupact.log
2014-03-06 08:06 - 2012-02-23 08:56 - 00000000 ____D () C:\Users\Jim Malone\AppData\Local\Google
2014-03-06 08:06 - 2011-04-20 04:39 - 01705560 _____ () C:\Windows\PFRO.log
2014-03-06 07:57 - 2014-03-06 07:57 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-06 07:57 - 2014-03-06 07:57 - 00000000 ____D () C:\Users\TEST ACCOUNT\AppData\Roaming\Malwarebytes
2014-03-06 07:57 - 2014-03-06 07:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-06 07:57 - 2014-03-06 07:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-06 07:56 - 2014-03-06 07:56 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Jim Malone\Downloads\mbam-setup.exe
2014-03-06 07:56 - 2014-03-06 07:56 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\Jim Malone\Desktop\mbam-setup.exe
2014-03-06 07:55 - 2014-03-06 07:55 - 00000686 _____ () C:\Users\Jim Malone\Downloads\fixlist.txt
2014-03-06 07:55 - 2014-03-06 07:55 - 00000000 ____D () C:\Users\Jim Malone\Desktop\FRST-OlderVersion
2014-03-06 07:55 - 2014-03-05 13:02 - 02156544 _____ (Farbar) C:\Users\Jim Malone\Desktop\FRST64.exe
2014-03-06 07:55 - 2011-05-08 00:09 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Synaptics
2014-03-06 07:49 - 2009-07-14 00:13 - 00787404 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-06 07:48 - 2014-03-06 07:48 - 00000686 _____ () C:\Users\TEST ACCOUNT\Downloads\fixlist.txt
2014-03-05 20:55 - 2014-03-05 20:54 - 00046466 _____ () C:\Users\TEST ACCOUNT\Desktop\Addition.txt
2014-03-05 20:55 - 2014-03-05 20:53 - 00044503 _____ () C:\Users\TEST ACCOUNT\Desktop\FRST.txt
2014-03-05 20:52 - 2014-03-05 20:53 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Desktop\FRST64.exe
2014-03-05 20:52 - 2014-03-05 20:51 - 02156544 _____ (Farbar) C:\Users\TEST ACCOUNT\Downloads\FRST64.exe
2014-03-05 17:45 - 2012-08-16 09:14 - 00000000 ____D () C:\Users\TEST ACCOUNT\AppData\Local\Google
2014-03-05 17:44 - 2014-03-05 14:31 - 00000000 ____D () C:\Qoobox
2014-03-05 17:44 - 2012-09-21 12:45 - 00001443 _____ () C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-03-05 17:44 - 2012-09-21 12:45 - 00000000 ___RD () C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 17:44 - 2012-09-21 12:45 - 00000000 ___RD () C:\Users\TEST ACCOUNT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-05 17:43 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-03-05 17:42 - 2014-03-05 17:42 - 00028118 _____ () C:\ComboFix.txt
2014-03-05 17:36 - 2011-05-08 00:08 - 00000000 ___RD () C:\Users\Jim Malone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-05 17:28 - 2014-03-05 14:29 - 00000000 ____D () C:\Windows\erdnt
2014-03-05 16:55 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 16:41 - 2011-05-08 00:02 - 00000000 ____D () C:\Users\Jim Malone
2014-03-05 14:29 - 2014-03-05 14:31 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Desktop\ComboFix.exe
2014-03-05 14:29 - 2014-03-05 14:29 - 05187267 ____R (Swearware) C:\Users\Jim Malone\Downloads\ComboFix.exe
2014-03-05 13:23 - 2012-11-01 20:34 - 00000876 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core.job
2014-03-05 13:08 - 2014-03-05 13:05 - 00046604 _____ () C:\Users\Jim Malone\Desktop\Addition.txt
2014-03-05 13:08 - 2014-03-05 13:05 - 00042534 _____ () C:\Users\Jim Malone\Desktop\FRSTaaa.txt
2014-03-05 13:01 - 2014-03-05 13:00 - 00000000 ____D () C:\Users\Jim Malone\Documents\FRST
2014-03-05 12:58 - 2014-03-05 12:58 - 02157056 _____ (Farbar) C:\Users\Jim Malone\Downloads\FRST64.exe
2014-03-05 12:58 - 2014-03-05 12:58 - 00023839 _____ () C:\Users\Jim Malone\Downloads\FRST.txt
2014-03-05 12:42 - 2014-02-10 08:30 - 00007596 _____ () C:\Users\TEST ACCOUNT\AppData\Local\Resmon.ResmonCfg
2014-03-05 09:31 - 2014-03-05 09:31 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-05 09:31 - 2012-09-04 13:26 - 00000000 ____D () C:\ProgramData\Skype
2014-03-05 09:31 - 2012-07-18 12:53 - 00000000 ___RD () C:\Users\Jim Malone\Dropbox
2014-03-05 09:31 - 2012-07-18 12:51 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Dropbox
2014-03-04 17:15 - 2014-03-04 17:14 - 00262144 _____ () C:\Windows\Minidump\030414-17565-01.dmp
2014-03-04 17:14 - 2012-07-27 23:19 - 517344324 _____ () C:\Windows\MEMORY.DMP
2014-03-04 17:14 - 2012-07-27 23:19 - 00000000 ____D () C:\Windows\Minidump
2014-03-04 09:01 - 2012-08-16 09:14 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-04 08:59 - 2012-04-13 15:21 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\Mozilla
2014-03-03 16:38 - 2011-07-15 07:22 - 00000000 ____D () C:\Users\Jim Malone\AppData\Local\CrashDumps
2014-02-24 09:40 - 2014-01-27 08:22 - 00000000 ____D () C:\Users\Jim Malone\AppData\Roaming\HpUpdate
2014-02-21 11:34 - 2012-08-16 09:13 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 11:34 - 2012-08-16 09:13 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 11:34 - 2011-09-06 13:56 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 10:44 - 2013-08-01 08:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-17 10:39 - 2011-05-17 06:59 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 09:53 - 2014-02-17 09:53 - 00001991 _____ () C:\Users\Public\Desktop\HP Photo Creations.lnk
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\Visan
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\ProgramData\HP Photo Creations
2014-02-17 09:53 - 2014-02-17 09:53 - 00000000 ____D () C:\Program Files (x86)\HP Photo Creations
2014-02-14 13:18 - 2012-11-01 20:34 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000UA
2014-02-14 13:18 - 2012-11-01 20:34 - 00003512 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1343152957-2886431971-333581152-1000Core
2014-02-13 12:21 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-02-12 18:58 - 2012-02-23 08:57 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-12 18:57 - 2012-02-23 08:57 - 00003650 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-12 18:49 - 2011-05-10 08:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 18:43 - 2011-05-09 12:25 - 00780018 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-12 18:41 - 2009-07-13 21:34 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 11:56 - 2014-02-12 11:56 - 00862603 _____ () C:\Users\Jim Malone\Downloads\SecureMessageAtt (2).html
2014-02-10 09:21 - 2014-01-18 11:35 - 00000000 ____D () C:\Users\TEST ACCOUNT\AppData\Roaming\HpUpdate
2014-02-10 09:19 - 2014-01-18 11:33 - 00000000 ____D () C:\Program Files (x86)\HP
2014-02-10 09:19 - 2011-04-20 04:38 - 00000000 ____D () C:\Windows\Hewlett-Packard
2014-02-10 08:35 - 2014-02-10 08:35 - 00004260 _____ () C:\Users\Jim Malone\Downloads\eP33-R4616753-H0-G0249228600000000703-C2492286-EY.pym
2014-02-10 08:35 - 2011-08-29 15:28 - 00000000 ____D () C:\paychex
2014-02-07 11:30 - 2014-02-07 11:30 - 00332878 _____ () C:\Users\Jim Malone\Downloads\5392724-d5a63f7d5bc84f778cc5de2c144634ec.tif
2014-02-07 11:21 - 2014-02-07 11:21 - 00167447 _____ () C:\Users\Jim Malone\Downloads\5392724-bf02b48d574a4e54921102e8d6184d9c.tif
2014-02-07 11:20 - 2014-02-07 11:20 - 00135961 _____ () C:\Users\Jim Malone\Downloads\5392724-80e2262f4f534fd2baff06ce759927c2.tif
2014-02-07 09:40 - 2014-02-07 09:40 - 00000052 _____ () C:\Users\Jim Malone\Downloads\download_.txf
2014-02-05 05:19 - 2014-02-12 18:39 - 17849344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 05:02 - 2014-02-12 18:39 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 05:00 - 2014-02-12 18:39 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 04:54 - 2014-02-12 18:39 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 04:54 - 2014-02-12 18:39 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 04:52 - 2014-02-12 18:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 04:52 - 2014-02-12 18:39 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 04:52 - 2014-02-12 18:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 04:51 - 2014-02-12 18:39 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 04:50 - 2014-02-12 18:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 04:50 - 2014-02-12 18:39 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 04:50 - 2014-02-12 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 03:58 - 2014-02-12 18:39 - 12345344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-05 03:56 - 2014-02-12 18:39 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-05 03:53 - 2014-02-12 18:39 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-05 03:51 - 2014-02-12 18:39 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-05 03:50 - 2014-02-12 18:39 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-05 03:49 - 2014-02-12 18:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-05 03:49 - 2014-02-12 18:39 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-05 03:48 - 2014-02-12 18:39 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-05 03:48 - 2014-02-12 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-05 03:47 - 2014-02-12 18:39 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-05 03:47 - 2014-02-12 18:39 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-05 03:47 - 2014-02-12 18:39 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-02-05 03:46 - 2014-02-12 18:39 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-04 15:15 - 2012-11-06 11:34 - 00003212 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCOMP7$
2014-02-04 15:15 - 2012-11-06 11:34 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleForCOMP7$.job
2014-02-04 11:34 - 2011-05-10 07:09 - 00002230 ____H () C:\Users\Jim Malone\Documents\Default.rdp
2014-02-04 10:37 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-28 10:10
 
==================== End Of Log ============================


#13 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 06 March 2014 - 11:56 AM

This looks good! No more active malware has been found.

Is your computer running all right now or are there still any problems left?



#14 swimjim504

swimjim504
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:39 PM

Posted 06 March 2014 - 12:05 PM

Great news, thanks! Yes, the machine seems like it is back to normal, no latency issues or other abnormalities I can detect. I appreciate your help!



#15 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:39 AM

Posted 06 March 2014 - 12:09 PM

This is good to hear.

That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Rename Combofix.exe in Uninstall.exe and execute it with a double click. (Beware that file extensions might be hidden. So don't add a double extension Uninstall.exe.exe.)
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Adobe Reader 9.5.5 MUI
Java™ 6 Update 22 (64-bit)
Java™ 6 Update 31
Internet Explorer Version 9
Mozilla Firefox 11.0 (x86 en-US)




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users