Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

online banking hacked


  • This topic is locked This topic is locked
10 replies to this topic

#1 yumito

yumito

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 08 July 2014 - 09:19 PM

I got a message from my bank saying somone tried send money from my account and the account has since been locked until i change my password. they said it is probably someone with some sort of access to one of the computers i use to do my online banking. Well before i change my passwords i would like to know its not a keylogger or something of the sort.

 

What ive done:

Ran malwarebytes and it came up with nothing on both machines,

 

What i need now:

The next step i heard about combo fix as an in depth scanning tool but i was told not to use it without knowing what i am doing so here i am!



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 09 July 2014 - 07:14 AM

Hi there,

let's start with the first computer. Please run a FRST scan:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 yumito

yumito
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 09 July 2014 - 12:16 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 227 days old and could be outdated)
Ran by Jaaron (administrator) on MRC303 on 09-07-2014 13:17:20
Running from C:\Users\jaaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK6N6LKT
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Thomson Reuters) C:\Windows\csifcsvc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWEC.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECAV.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWDash.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(UniPrint, a division of GFI Business Solutions Inc.) C:\Program Files (x86)\UniPrint\Client\UniPrint.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7233640 2011-06-14] (Realtek Semiconductor)
HKLM\...\Run: [MfeEpePcMonitor] - C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-07-21] ()
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [UniPrint] - C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe [199008 2010-12-16] (UniPrint, a division of GFI Business Solutions Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [UniPrint] - C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe [199008 2010-12-16] (UniPrint, a division of GFI Business Solutions Inc.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Winpopup LAN Messenger] - C:\Program Files (x86)\Winpopup LAN Messenger\WinPopup.exe [1663044 2008-04-30] (Fomine Software)
HKLM-x32\...\Run: [ECM Dashboard] - C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWDash.exe [11005888 2013-10-09] (SonicWALL, Inc.)
HKU\administrator\...\Run: [UniPrint] - C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe [199008 2010-12-16] (UniPrint, a division of GFI Business Solutions Inc.)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.netlinksolution.com/nextgen/?firm=26451
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} http://software.sonicwall.com/applications/SEC/ClientSoftware/SWECMControlX.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.10.2

==================== Services (Whitelisted) =================

R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
R2 FCPrintService; C:\Windows\csifcsvc.exe [118784 2009-10-07] (Thomson Reuters)
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-17] (Citrix Online, a division of Citrix Systems, Inc.)
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-07-21] ()
R2 SEC; C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWEC.exe [1012296 2013-10-09] (SonicWALL, Inc.)
R2 SECAV; C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECAV.exe [2074232 2013-10-09] (SonicWALL, Inc.)
R2 SECLOG; C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe [337664 2013-10-09] (SonicWALL, Inc.)

==================== Drivers (Whitelisted) ====================

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-08-22] (Hewlett-Packard Company)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-13] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-13] (Intel® Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-09-15] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-09-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2011-09-15] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-09-15] (Kaspersky Lab ZAO)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [94152 2011-07-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158280 2011-07-21] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-05-15] ()

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D C:\FRST
2014-07-09 13:14 - 2014-07-09 13:14 - 00000933 _____ C:\Users\jaaron\Downloads\FRST64.exe
2014-07-09 09:49 - 2014-07-09 09:49 - 00000165 ____H C:\Users\jaaron\Documents\~$Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-09 09:19 - 2014-07-09 11:18 - 00121554 _____ C:\Users\jaaron\Documents\Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-08 12:26 - 2014-07-08 12:26 - 00000165 ____H C:\Users\jaaron\Documents\~$Copy of Estate Mae H (Autosaved).xlsx
2014-07-08 09:53 - 2014-07-08 09:53 - 00000165 ____H C:\Users\jaaron\Documents\~$Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-03 15:10 - 2014-07-08 16:34 - 00120927 _____ C:\Users\jaaron\Documents\Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-03 14:54 - 2014-07-03 14:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 14:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-03 14:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 14:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 03:23 - 2014-06-17 03:23 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 03:23 - 2014-06-17 03:23 - 00000000 ____D C:\Users\jaaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-12 14:46 - 2014-06-12 14:47 - 00010138 _____ C:\Users\jaaron\Documents\Doctor Appointments During Summer.xlsx
2014-06-12 08:58 - 2014-07-01 16:28 - 00109340 _____ C:\Users\jaaron\Documents\Copy of Estate Mae H (Autosaved).xlsx
2014-06-12 08:57 - 2014-06-12 08:57 - 00090149 _____ C:\Users\jaaron\Documents\Copy of Copy of Estate Mae H (version2).xlsx
2014-06-11 05:02 - 2014-05-30 06:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 05:02 - 2014-05-30 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 05:02 - 2014-05-30 06:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 05:02 - 2014-05-30 05:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 05:02 - 2014-05-30 05:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 05:02 - 2014-05-30 05:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 05:02 - 2014-05-30 05:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 05:02 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 05:02 - 2014-05-30 05:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 05:02 - 2014-05-30 05:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 05:02 - 2014-05-30 05:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 05:02 - 2014-05-30 05:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 05:02 - 2014-05-30 05:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 05:02 - 2014-05-30 05:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 05:02 - 2014-05-30 05:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 05:02 - 2014-05-30 05:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 05:02 - 2014-05-30 05:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 05:02 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 05:02 - 2014-05-30 04:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 05:02 - 2014-05-30 04:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 05:02 - 2014-05-30 04:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 05:02 - 2014-05-30 04:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 05:02 - 2014-05-30 04:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 05:02 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 05:02 - 2014-05-30 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 05:02 - 2014-05-30 04:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 05:02 - 2014-05-30 04:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 05:02 - 2014-05-30 04:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 05:02 - 2014-05-30 04:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 05:02 - 2014-05-30 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 05:02 - 2014-05-30 04:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 05:02 - 2014-05-30 04:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 05:02 - 2014-05-30 04:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 05:02 - 2014-05-30 04:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 05:02 - 2014-05-30 04:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 05:02 - 2014-05-30 04:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 05:02 - 2014-05-30 04:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 05:02 - 2014-05-30 04:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 05:02 - 2014-05-30 04:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 05:02 - 2014-05-30 04:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 05:02 - 2014-05-30 03:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 05:02 - 2014-05-30 03:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 05:02 - 2014-05-30 03:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 05:02 - 2014-05-30 03:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 05:02 - 2014-05-30 03:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 05:02 - 2014-05-30 03:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 05:02 - 2014-05-30 03:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 05:02 - 2014-05-30 03:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 05:02 - 2014-05-30 03:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 05:02 - 2014-05-30 03:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 05:02 - 2014-05-30 03:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 05:02 - 2014-05-30 03:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 05:02 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 05:02 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 05:02 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 05:02 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 05:02 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 05:02 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 05:02 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 05:02 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 05:02 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 05:02 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 05:02 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 05:02 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 05:02 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 05:02 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-09 13:16 - 2014-07-09 13:16 - 00000000 ____D C:\FRST
2014-07-09 13:14 - 2014-07-09 13:14 - 00000933 _____ C:\Users\jaaron\Downloads\FRST64.exe
2014-07-09 13:13 - 2009-07-14 01:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2014-07-09 12:47 - 2012-06-17 15:17 - 00000112 _____ C:\Windows\system32\config\netlogon.ftl
2014-07-09 12:40 - 2012-11-26 15:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-09 11:18 - 2014-07-09 09:19 - 00121554 _____ C:\Users\jaaron\Documents\Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-09 09:49 - 2014-07-09 09:49 - 00000165 ____H C:\Users\jaaron\Documents\~$Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-09 06:20 - 2012-06-13 07:35 - 01315181 _____ C:\Windows\WindowsUpdate.log
2014-07-08 23:20 - 2013-06-24 15:05 - 00000166 _____ C:\Windows\SysWOW64\DOErrors.log
2014-07-08 23:00 - 2012-06-17 15:19 - 00003910 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A065E265-1E61-4546-8027-952B3F43CE80}
2014-07-08 20:40 - 2012-11-26 15:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:40 - 2012-11-26 15:32 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:40 - 2012-05-15 17:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 16:34 - 2014-07-03 15:10 - 00120927 _____ C:\Users\jaaron\Documents\Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-08 12:26 - 2014-07-08 12:26 - 00000165 ____H C:\Users\jaaron\Documents\~$Copy of Estate Mae H (Autosaved).xlsx
2014-07-08 09:53 - 2014-07-08 09:53 - 00000165 ____H C:\Users\jaaron\Documents\~$Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-08 09:02 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 09:02 - 2009-07-14 00:45 - 00027568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 08:53 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-07-08 08:53 - 2009-07-14 00:51 - 00040235 _____ C:\Windows\setupact.log
2014-07-06 09:19 - 2012-08-15 03:18 - 00003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMRC303$
2014-07-06 09:19 - 2012-08-15 03:18 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForMRC303$.job
2014-07-03 15:00 - 2014-02-07 13:17 - 00047220 _____ C:\Users\jaaron\Documents\Copy of Mae Hamlin Scott - Tax Year Ende 10313prelim adjust made.xlsx
2014-07-03 15:00 - 2014-01-20 15:48 - 00017999 _____ C:\Users\jaaron\Documents\Copy of Mae Hamlin Scott - Tax Year Ended 10313.xlsx
2014-07-03 14:55 - 2014-07-03 14:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 14:53 - 2012-06-21 09:45 - 00000000 ____D C:\Users\jaaron\AppData\Local\CrashDumps
2014-07-03 14:18 - 2014-05-29 16:00 - 00012395 _____ C:\Users\jaaron\Documents\Topp (Kathleen) Compensation.xlsx
2014-07-03 13:52 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2014-07-01 16:28 - 2014-06-12 08:58 - 00109340 _____ C:\Users\jaaron\Documents\Copy of Estate Mae H (Autosaved).xlsx
2014-06-17 03:23 - 2014-06-17 03:23 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 03:23 - 2014-06-17 03:23 - 00000000 ____D C:\Users\jaaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-17 03:23 - 2013-09-06 15:59 - 00001506 _____ C:\Users\jaaron\Desktop\GoToAssist Customer.lnk
2014-06-12 14:47 - 2014-06-12 14:46 - 00010138 _____ C:\Users\jaaron\Documents\Doctor Appointments During Summer.xlsx
2014-06-12 08:57 - 2014-06-12 08:57 - 00090149 _____ C:\Users\jaaron\Documents\Copy of Copy of Estate Mae H (version2).xlsx
2014-06-12 08:55 - 2013-06-19 12:01 - 00002046 _____ C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2014-06-12 03:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2014-06-12 03:21 - 2013-03-26 03:18 - 00001542 _____ C:\ProgramData\lmabscan.log
2014-06-12 03:03 - 2013-07-22 03:00 - 00000000 ____D C:\Windows\system32\MRT
2014-06-12 03:02 - 2013-06-19 12:10 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:02 - 2012-06-19 11:13 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-06-09 15:40 - 2014-02-07 17:57 - 00089486 _____ C:\Users\jaaron\Documents\Copy of Estate Mae H. Scott 3rd Account 2012-2013 Journal plus September -December.xlsx

Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\ose00000.exe
C:\Users\MRC303\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-14 06:35] - [2014-03-04 05:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-07-08 00:53

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by Jaaron at 2014-07-09 13:17:46
Running from C:\Users\jaaron\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GK6N6LKT
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: SonicWALL Enforced Client-AntiVirus (Enabled - Up to date) {65085CBC-A1F3-5840-FCCB-F18B05B7FDF1}
AS: SonicWALL Enforced Client-AntiSpyware (Enabled - Up to date) {DE69BD58-87C9-57CE-C67B-CAF97E30B74C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (x32)
Adobe Acrobat X Standard - English, Français, Deutsch (x32 Version: 10.1.10)
Adobe Flash Player 14 ActiveX (x32 Version: 14.0.0.145)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.2.122)
Citrix online plug-in - web (x32 Version: 11.2.0.31560)
Citrix online plug-in (DV) (x32 Version: 11.2.0.31560)
Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560)
Citrix online plug-in (USB) (x32 Version: 11.2.0.31560)
Citrix online plug-in (Web) (x32 Version: 11.2.0.31560)
Corel WinDVD (x32 Version: 10.0.5.835)
Device Access Manager for HP ProtectTools (Version: 6.1.0.1)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904)
Drive Encryption For HP ProtectTools (Version: 6.0.82.26444)
File Sanitizer For HP ProtectTools (x32 Version: 6.0.0.15)
FileCabinet CS Virtual Office Print Driver (x32 Version: 2009.00.0000)
GoToAssist Customer 2.1.0.715 (x32 Version: 2.1.0.715)
GoToMeeting 5.4.0.1082 (HKCU Version: 5.4.0.1082)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12494.3472)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Odometer (x32 Version: 2.10.0000)
HP ProtectTools Security Manager (Version: 6.06.1004)
HP Setup (x32 Version: 8.5.4526.3645)
HP Support Assistant (x32 Version: 6.1.12.1)
HP Support Information (x32 Version: 11.00.0001)
HP Vision Hardware Diagnostics (Version: 2.12.1.0)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Network Connections 15.7.176.0 (Version: 15.7.176.0)
Intel® Processor Graphics (x32 Version: 8.15.10.2253)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
KONICA MINOLTA TWAIN Ver.3 (x32 Version: 3.00.0001)
Malwarebytes Anti-Malware version 2.0.2.1012 (x32 Version: 2.0.2.1012)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.30214.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Privacy Manager for HP ProtectTools (Version: 6.02.852)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6392)
Recovery Manager (x32 Version: 5.5.0.4222)
SonicWALL Enforced Client (x32 Version: 1.8.64)
SonicWALL Enforced Client Kaspersky AV (x32 Version: 1.8.21)
swMSM (x32 Version: 12.0.0.1)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.35)
UniPrint Client 4.0 (x32 Version: 4.0.9)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
VIP Access SDK (1.0.1.4)  (x32 Version: 1.0.1.4)
VO Scan client for Citrix (x32 Version: 2009.3.0)
Winpopup LAN Messenger 5.3 (x32)

==================== Restore Points  =========================

03-05-2014 07:00:13 Windows Update
06-05-2014 07:00:10 Windows Update
09-05-2014 03:19:59 HPSF Restore Point
15-05-2014 07:00:13 Windows Update
23-05-2014 04:00:03 Scheduled Checkpoint
31-05-2014 04:00:00 Scheduled Checkpoint
08-06-2014 04:00:00 Scheduled Checkpoint
09-06-2014 03:20:01 HPSF Restore Point
12-06-2014 07:00:15 Windows Update
20-06-2014 04:00:02 Scheduled Checkpoint
28-06-2014 04:00:01 Scheduled Checkpoint
06-07-2014 04:00:01 Scheduled Checkpoint
09-07-2014 03:20:04 HPSF Restore Point

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06A3B505-FA24-4EAF-8A29-4542F57A54CE} - System32\Tasks\HPCeeScheduleForMRC303$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {2B1937BD-0275-4D37-9B7B-6D11FDA9261E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {393AF428-82A8-42F0-BC34-3796862E8BF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {40B231B9-045A-4CCC-9C3E-144717286C41} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-22] (CyberLink)
Task: {89291CE2-E400-451F-A329-CF8360988E99} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {9110CB48-0695-4B19-B31B-9A8218FD426E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {AFCFC120-C247-4D65-A74E-16701500CEE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B57CC0A7-82F1-4D5C-84E8-DD4338CDD133} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {E4700DA1-CC9C-4A43-98CD-03B0CC8894AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {F6A7CD43-F365-4150-9078-61BE79020383} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMRC303$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2012-05-15 16:58 - 2010-11-29 00:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2009-11-02 03:19 - 2012-06-21 08:09 - 00648704 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYUJ_O.DLL
2011-07-21 20:41 - 2011-07-21 20:41 - 02818048 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-07-21 20:18 - 2011-07-21 20:18 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-07-21 20:40 - 2011-07-21 20:40 - 03080192 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-07-21 20:44 - 2011-07-21 20:44 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-07-21 20:42 - 2011-07-21 20:42 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2011-07-21 20:21 - 2011-07-21 20:21 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-07-21 20:22 - 2011-07-21 20:22 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2010-04-06 11:25 - 2010-04-06 11:25 - 03614720 _____ () C:\Program Files (x86)\Citrix\ICA Client\VOScan.dll
2009-09-12 23:08 - 2009-09-12 23:08 - 00028496 _____ () C:\Program Files (x86)\Citrix\ICA Client\vdtuin.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/09/2014 01:15:07 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/03/2014 11:42:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/03/2014 02:53:51 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x15b0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2014 02:53:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x12e4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/17/2014 11:39:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/14/2014 00:13:23 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/13/2014 00:26:30 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2014 01:45:09 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882d40
Faulting module name: ieapfltr.dll, version: 11.0.9600.17126, time stamp: 0x53882f84
Exception code: 0xc0000005
Fault offset: 0x0000000000066f18
Faulting process id: 0xbd0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (06/09/2014 11:33:29 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/09/2014 04:06:14 PM) (Source: Application Hang) (User: )
Description: The program HPSF.exe version 6.1.12.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 196c

Start Time: 01cf841ac8e7648f

Termination Time: 2

Application Path: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe

Report Id:

System errors:
=============
Error: (07/08/2014 08:53:26 AM) (Source: Microsoft-Windows-GroupPolicy) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (07/08/2014 08:53:25 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/12/2014 08:56:11 AM) (Source: DCOM) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/12/2014 03:20:53 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (06/12/2014 03:19:21 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/12/2014 03:18:01 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (05/15/2014 03:20:25 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (05/15/2014 03:18:52 AM) (Source: NETLOGON) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (04/29/2014 03:18:40 AM) (Source: Service Control Manager) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (03/26/2014 09:41:50 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 107.

Microsoft Office Sessions:
=========================
Error: (01/13/2014 06:11:50 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3874 seconds with 3180 seconds of active time.  This session ended with a crash.

Error: (05/06/2013 01:19:13 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11943 seconds with 7080 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 34%
Total physical RAM: 8080.02 MB
Available physical RAM: 5329.72 MB
Total Pagefile: 16158.21 MB
Available Pagefile: 13358.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.16 GB) (Free:399.83 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:9.5 GB) (Free:1.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.59 GB) (Free:5.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 09 July 2014 - 01:28 PM

You've scanned with a very old and outdated version of FRST. Where did you download it?
Please repeat the scan with the current version that you can download from the link in my instruction (direct link).

#5 yumito

yumito
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 10 July 2014 - 11:48 AM

when i try to download from the link you gave on firefox:

Attached File  Capture.PNG   30.85KB   0 downloads

 

when i try IE:

Attached File  Capture2.PNG   3.11KB   0 downloads

 

when i try to run the file:

Attached File  Capture3.PNG   32.98KB   0 downloads

 

 

i got the version from major geek because i cannot use the one in your download link, the 32bit one will run but it says its the wrong version and to use 64



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 10 July 2014 - 12:29 PM

Strange. Can you try to download it on a different computer and transfer it to this one on a flashdrive?

#7 yumito

yumito
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 11 July 2014 - 02:36 PM

Alright that worked, I ran the scan on 2 computers so I will post the logs in different posts.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Joan Aaron (administrator) on JOANAARON on 11-07-2014 15:33:10
Running from C:\Users\Joan Aaron\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\POWERPNT.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-13] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-13] (IDT, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-11-07] (Intel Corporation)
HKLM-x32\...\Run: [BtTray] => c:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [375048 2012-11-06] (IVT Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-13] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TotalRecipeSearch_14 Browser Plugin Loader 64] => C:\PROGRA~2\TOTALR~2\bar\1.bin\14brmon64.exe
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://netlinksolution.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM - {7BFB3B7A-024C-415E-8329-9F7D86DF42A1} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {7BFB3B7A-024C-415E-8329-9F7D86DF42A1} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm149^YYA^us&si=455002&ptb=8690E616-BE5A-4B98-BAFC-5B5BD0A3CEC1&psa=&ind=2014031519&st=sb&n=780bae9f&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS
SearchScopes: HKCU - {7BFB3B7A-024C-415E-8329-9F7D86DF42A1} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {cca2e567-1987-4100-a3c6-5b4267084510} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^YK^xdm149^YYA^us&si=455002&ptb=8690E616-BE5A-4B98-BAFC-5B5BD0A3CEC1&psa=&ind=2014031519&st=sb&n=780bae9f&searchfor={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

S2 0050651392770812mcinstcleanup; C:\windows\TEMP\005065~1.EXE [834664 2013-06-17] (McAfee, Inc.)
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1486961 2012-11-15] (IVT Corporation) [File not signed]
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-11-06] (IVT Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-13] (IDT, Inc.) [File not signed]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]

==================== Drivers (Whitelisted) ====================

U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
S3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
S3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [49632 2012-12-06] (Ralink Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 rtbth; C:\Windows\System32\DRIVERS\rtbth.sys [1150560 2012-12-01] (Ralink Technology, Corp.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U3 McMPFSvc;
U3 McNaiAnn;
U3 mcpltsvc;
U3 McProxy;
U3 mfecore;
U3 MSK80Service;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-11 15:33 - 2014-07-11 15:33 - 00014135 _____ () C:\Users\Joan Aaron\Desktop\FRST.txt
2014-07-11 15:33 - 2014-07-11 15:33 - 00000000 ____D () C:\FRST
2014-07-11 15:32 - 2014-07-11 15:32 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-11 15:32 - 2014-07-11 11:13 - 02084864 _____ (Farbar) C:\Users\Joan Aaron\Desktop\FRST64.exe
2014-07-10 20:17 - 2014-06-29 22:09 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-10 20:17 - 2014-06-29 22:04 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-10 20:17 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-10 20:17 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-10 20:17 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-10 20:17 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-10 20:17 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-07-10 20:17 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-10 20:17 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-07-10 20:17 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-10 20:17 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-07-10 20:17 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-07-10 20:17 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-10 20:17 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-10 20:17 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-07-10 20:17 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-07-10 20:17 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-07-10 20:17 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-07-10 20:17 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-10 20:17 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-07-10 20:17 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-10 20:17 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-07-10 20:17 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-10 20:17 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-10 20:17 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-10 20:17 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-10 20:17 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-10 20:17 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-10 20:17 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-07-10 20:17 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-10 20:17 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-07-10 20:17 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-07-10 20:17 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-10 20:17 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-10 20:17 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-10 20:17 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-10 20:17 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-10 20:17 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-07-10 20:17 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-07-10 20:17 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-07-10 20:17 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-07-10 20:17 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-10 20:17 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-10 20:17 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-10 20:17 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-10 20:17 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-10 20:17 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-10 20:17 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-10 20:17 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-10 20:17 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-10 20:17 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-07-10 20:17 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-10 20:17 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-10 20:17 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-10 20:17 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-07-10 20:17 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-10 20:17 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-10 20:17 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-07-10 20:17 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-10 20:17 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-10 20:17 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-10 20:17 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-10 20:17 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-10 20:17 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-10 20:17 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-07-10 20:17 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-07-10 20:17 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-07-10 20:17 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-07-10 20:17 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-07-10 20:17 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-07-10 20:17 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-07-10 20:17 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-07-10 20:17 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-07-10 20:17 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-07-10 20:17 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-07-10 20:17 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-07-10 20:17 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-07-10 20:17 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-07-10 20:17 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-07-10 20:17 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-07-10 20:17 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-02 16:11 - 2014-07-02 16:11 - 00009592 _____ () C:\Users\Joan Aaron\Documents\vents for joan aaro's house.xlsx
2014-07-02 15:17 - 2014-07-02 15:17 - 00000000 ____D () C:\Users\Joan Aaron\AppData\Roaming\IDT
2014-07-02 15:16 - 2014-07-02 15:19 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 15:16 - 2014-07-02 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 15:16 - 2014-07-02 15:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 15:16 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-07-02 15:16 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-07-02 15:16 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-28 19:23 - 2014-06-28 19:23 - 00010908 _____ () C:\Users\Joan Aaron\Documents\Telephone Updaated June 2014.xlsx
2014-06-17 15:50 - 2014-06-17 15:50 - 00000000 ____D () C:\Users\Joan Aaron\Documents\New folder
2014-06-17 15:08 - 2014-06-17 15:08 - 00000000 ___SD () C:\Users\Joan Aaron\Documents\My Data Sources

==================== One Month Modified Files and Folders =======

2014-07-11 15:33 - 2014-07-11 15:33 - 00014135 _____ () C:\Users\Joan Aaron\Desktop\FRST.txt
2014-07-11 15:33 - 2014-07-11 15:33 - 00000000 ____D () C:\FRST
2014-07-11 15:32 - 2014-07-11 15:32 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2014-07-11 15:32 - 2014-02-18 20:46 - 00000000 _____ () C:\windows\system32\Drivers\lvuvc.hs
2014-07-11 15:32 - 2014-02-18 18:46 - 01578706 _____ () C:\windows\WindowsUpdate.log
2014-07-11 15:32 - 2014-02-08 19:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 15:32 - 2009-07-14 00:51 - 00033667 _____ () C:\windows\setupact.log
2014-07-11 11:13 - 2014-07-11 15:32 - 02084864 _____ (Farbar) C:\Users\Joan Aaron\Desktop\FRST64.exe
2014-07-11 03:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-11 03:25 - 2009-07-14 00:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-11 03:24 - 2009-07-14 01:13 - 00782470 _____ () C:\windows\system32\PerfStringBackup.INI
2014-07-11 03:19 - 2012-12-10 19:22 - 00000967 _____ () C:\windows\SysWOW64\bscs.ini
2014-07-11 03:19 - 2010-11-20 23:47 - 00181556 _____ () C:\windows\PFRO.log
2014-07-11 03:19 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-07-11 03:19 - 2009-07-14 00:45 - 00339808 _____ () C:\windows\system32\FNTCACHE.DAT
2014-07-11 03:18 - 2014-05-08 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 03:18 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 03:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-07-11 03:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\Dism
2014-07-11 03:02 - 2014-03-11 18:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-10 20:14 - 2014-02-18 20:45 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6AC9ADCF-D116-47B8-AE01-D53D2C44C919}
2014-07-08 17:17 - 2014-02-08 19:36 - 00699056 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 17:17 - 2014-02-08 19:36 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 17:17 - 2014-02-08 19:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-07-07 23:39 - 2014-03-11 18:57 - 00000000 ____D () C:\office
2014-07-07 23:39 - 2009-07-13 23:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-07-02 16:15 - 2014-02-18 21:14 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-07-02 16:13 - 2009-07-14 01:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-07-02 16:11 - 2014-07-02 16:11 - 00009592 _____ () C:\Users\Joan Aaron\Documents\vents for joan aaro's house.xlsx
2014-07-02 15:30 - 2014-02-08 19:47 - 00000061 _____ () C:\windows\SysWOW64\LOCALDEVICE.INI
2014-07-02 15:19 - 2014-07-02 15:16 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-02 15:17 - 2014-07-02 15:17 - 00000000 ____D () C:\Users\Joan Aaron\AppData\Roaming\IDT
2014-07-02 15:16 - 2014-07-02 15:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-02 15:16 - 2014-07-02 15:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-02 15:15 - 2014-02-08 19:47 - 00003620 _____ () C:\windows\SysWOW64\LOCALSERVICE.INI
2014-06-29 22:09 - 2014-07-10 20:17 - 00519168 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-29 22:04 - 2014-07-10 20:17 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-28 19:23 - 2014-06-28 19:23 - 00010908 _____ () C:\Users\Joan Aaron\Documents\Telephone Updaated June 2014.xlsx
2014-06-20 22:56 - 2014-04-19 21:42 - 00010790 _____ () C:\Users\Joan Aaron\Documents\Telephone List.xlsx
2014-06-20 16:14 - 2014-07-10 20:17 - 00266424 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-10 20:17 - 00240824 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-10 20:17 - 23464448 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-10 20:17 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-10 20:17 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-10 20:17 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-10 20:17 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-10 20:17 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-10 20:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-10 20:17 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-10 20:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-10 20:17 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-10 20:17 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-10 20:17 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-10 20:17 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-10 20:17 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-10 20:17 - 17276416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-10 20:17 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-10 20:17 - 00452608 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-10 20:17 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-10 20:17 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-10 20:17 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-10 20:17 - 05721088 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-10 20:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-10 20:17 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-10 20:17 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-10 20:17 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-10 20:17 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-10 20:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-10 20:17 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-10 20:17 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-10 20:17 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-10 20:17 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-10 20:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-10 20:17 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-10 20:17 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-10 20:17 - 00442368 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-10 20:17 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-10 20:17 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-10 20:17 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-10 20:17 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-10 20:17 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-10 20:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-10 20:17 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-10 20:17 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-10 20:17 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-10 20:17 - 13527040 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-10 20:17 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-10 20:17 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-10 20:17 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-10 20:17 - 11742208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-10 20:17 - 01393664 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-10 20:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-10 20:17 - 01791488 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-10 20:17 - 01139200 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-10 20:17 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-10 20:17 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-10 20:17 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-10 20:17 - 03157504 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-06-17 15:50 - 2014-06-17 15:50 - 00000000 ____D () C:\Users\Joan Aaron\Documents\New folder
2014-06-17 15:08 - 2014-06-17 15:08 - 00000000 ___SD () C:\Users\Joan Aaron\Documents\My Data Sources
2014-06-16 15:15 - 2014-03-11 18:40 - 00000000 ____D () C:\Users\Joan Aaron\AppData\Local\Microsoft Help
2014-06-14 09:33 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\rescache

Some content of TEMP:
====================
C:\Users\Joan Aaron\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 18:05

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Joan Aaron at 2014-07-11 15:33:39
Running from C:\Users\Joan Aaron\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6805 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3606 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.5.3606 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LaserJet P2030 Series (HKLM\...\HP LaserJet P2030 Series) (Version:  - )
HP Postscript Converter (Version: 4.5.12202 - Hewlett-Packard) Hidden
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink Bluetooth Stack64 (HKLM\...\{66C75C3D-11A0-E560-B1EC-0AC14B6012E3}) (Version: 9.0.730.1 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.33.1 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.SingleImage_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.SingleImage_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.SingleImage_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

31-05-2014 20:52:43 Windows Update
06-06-2014 21:10:46 Windows Update
09-06-2014 21:39:38 Windows Update
11-06-2014 07:00:19 Windows Update
14-06-2014 13:44:44 Windows Update
17-06-2014 18:57:07 Windows Update
20-06-2014 23:54:05 Windows Update
24-06-2014 23:51:30 Windows Update
28-06-2014 18:18:00 Windows Update
02-07-2014 19:26:59 Windows Update
06-07-2014 17:46:58 Windows Update
11-07-2014 00:25:32 Windows Update
11-07-2014 07:00:18 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02312D01-8C42-4C0B-881C-523AD27C134D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {33322CB0-0897-4996-9C0F-472B1B44F61E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {386885EC-7B35-48C1-B0ED-064A7B5A6F8C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {38B22D49-B163-4373-9037-8F6129B83130} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-08-09] (Hewlett-Packard)
Task: {466B8D51-C65C-4B85-AC66-E8F94801A51F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {79E5F654-571B-44E1-BF12-86A7C943520A} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2013-07-04] (CyberLink)
Task: {F3A9D1CE-0106-405F-A0FF-C2A43FDBBCF0} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {F621F5C1-9272-49BA-A4A7-8336653C65F7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {F667F8F1-BFA6-4042-8C1A-84DB02E1A774} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-02-18 20:53 - 2012-12-04 21:33 - 00065024 _____ () C:\windows\system32\spool\PRTPROCS\x64\HP2030PP.DLL
2012-11-06 19:11 - 2012-11-06 19:11 - 00017160 _____ () C:\windows\system32\BsHelpCSps.dll
2012-11-06 19:11 - 2012-11-06 19:11 - 00029960 _____ () C:\windows\system32\BsTrace.dll
2012-11-06 19:11 - 2012-11-06 19:11 - 00369928 _____ () C:\windows\system32\BsExtendFunc.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-02-18 20:53 - 2012-12-04 21:33 - 02672128 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP2030SU.DLL
2014-02-18 20:53 - 2012-12-04 21:33 - 01236992 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP2030GC.dll
2014-02-18 20:53 - 2012-12-04 21:33 - 00341504 _____ () C:\windows\system32\spool\DRIVERS\x64\3\HP2030SD.DLL
2014-02-08 19:31 - 2009-07-02 18:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2012-11-06 19:11 - 2012-11-06 19:11 - 00080648 _____ () C:\windows\system32\BsProfilefunc.dll
2014-02-08 19:36 - 2013-08-05 03:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 19:48 - 2013-08-05 19:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-02-08 19:26 - 2013-05-15 23:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name: Ralink Bluetooth 4.0 Adapter
Description: Ralink Bluetooth 4.0 Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Ralink Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (07/11/2014 03:20:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: 005065~1.EXE, version: 7.8.115.1, time stamp: 0x51bf1f23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00070008
Faulting process id: 0x658
Faulting application start time: 0x005065~1.EXE0
Faulting application path: 005065~1.EXE1
Faulting module path: 005065~1.EXE2
Report Id: 005065~1.EXE3

Error: (07/10/2014 09:20:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/10/2014 09:20:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/08/2014 06:05:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/08/2014 06:05:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/07/2014 06:06:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/07/2014 06:06:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/06/2014 02:03:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/06/2014 02:03:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (07/05/2014 08:33:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

System errors:
=============
Error: (07/11/2014 03:20:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0050651392770812) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/11/2014 03:19:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2

Error: (07/02/2014 04:13:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0050651392770812) service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/02/2014 04:13:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2

Error: (06/11/2014 03:19:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0050651392770812) service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/11/2014 03:18:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2

Error: (05/18/2014 03:19:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0050651392770812) service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/18/2014 03:19:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2

Error: (05/08/2014 03:17:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0050651392770812) service terminated unexpectedly.  It has done this 1 time(s).

Error: (05/08/2014 03:17:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2

Microsoft Office Sessions:
=========================
Error: (07/11/2014 03:20:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: 005065~1.EXE7.8.115.151bf1f23unknown0.0.0.000000000c00000050007000865801cf9cd8837f2dbfC:\windows\TEMP\005065~1.EXEunknownc4eb032e-08cb-11e4-b48c-0c54a518613d

Error: (07/10/2014 09:20:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (07/10/2014 09:20:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe

Error: (07/08/2014 06:05:42 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (07/08/2014 06:05:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe

Error: (07/07/2014 06:06:49 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (07/07/2014 06:06:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe

Error: (07/06/2014 02:03:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

Error: (07/06/2014 02:03:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsSMSEditor.exe

Error: (07/05/2014 08:33:22 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files (x86)\ralink corporation\ralink bluetooth stack\BsSMSEditor.exe

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 8096.84 MB
Available physical RAM: 6721.76 MB
Total Pagefile: 16191.87 MB
Available Pagefile: 14472.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:916.13 GB) (Free:861.46 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15.16 GB) (Free:1.87 GB) NTFS
Drive f: () (Removable) (Total:7.59 GB) (Free:5.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 0C3E873E)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================



#8 yumito

yumito
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 11 July 2014 - 02:37 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014
Ran by Jaaron (administrator) on MRC303 on 11-07-2014 12:58:22
Running from C:\Users\jaaron\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
(Thomson Reuters) C:\Windows\csifcsvc.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWEC.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECAV.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_comm_customer.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_system_customer.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
(Citrix Online, a division of Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_user_customer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(SonicWALL, Inc.) C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWDash.exe
(DigitalPersona, Inc.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_14_0_0_145_ActiveX.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(UniPrint, a division of GFI Business Solutions Inc.) C:\Program Files (x86)\UniPrint\Client\UniPrint.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7233640 2011-06-14] (Realtek Semiconductor)
HKLM\...\Run: [MfeEpePcMonitor] => C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe [200704 2011-07-21] ()
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [UniPrint] => C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe [199008 2010-12-16] (UniPrint, a division of GFI Business Solutions Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM-x32\...\Run: [File Sanitizer] => c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [12277248 2011-08-26] (Hewlett-Packard)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41336 2014-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2014-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Winpopup LAN Messenger] => C:\Program Files (x86)\Winpopup LAN Messenger\WinPopup.exe [1663044 2008-04-30] (Fomine Software)
HKLM-x32\...\Run: [ECM Dashboard] => C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWDash.exe [11005888 2013-10-09] (SonicWALL, Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
Winlogon\Notify\GoToAssist Express Customer: C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_winlogonx64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\DeviceNP-x32: DeviceNP.dll [X]
HKU\S-1-5-21-1173003033-1862638439-343982417-1121\...\Run: [UniPrint] => C:\Program Files (x86)\UniPrint\Client\SetDfltSettings.exe [199008 2010-12-16] (UniPrint, a division of GFI Business Solutions Inc.)
HKU\S-1-5-21-1173003033-1862638439-343982417-1121\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
Lsa: [Notification Packages] EpePcNp64 DPPassFilter scecli

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://secure.netlinksolution.com/nextgen/?firm=26451
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=CMDTDF
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDF
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {CB7FBF9A-F0FE-4DF2-AFDD-4EA305116E3B} http://software.sonicwall.com/applications/SEC/ClientSoftware/SWECMControlX.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.10.2

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [otis@digitalpersona.com] - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt
FF Extension: DigitalPersona Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt [2012-05-15]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012-06-17]

==================== Services (Whitelisted) =================

R2 DpHost; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [486224 2011-08-24] (DigitalPersona, Inc.)
R2 FCPrintService; C:\Windows\csifcsvc.exe [118784 2009-10-07] (Thomson Reuters) [File not signed]
S3 FLCDLOCK; c:\Windows\SysWOW64\flcdlock.exe [476728 2011-09-05] (Hewlett-Packard Company)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\Citrix\GoToAssist Remote Support Customer\715\g2ax_service.exe [610888 2014-06-17] (Citrix Online, a division of Citrix Systems, Inc.)
R2 HPFSService; c:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [322048 2011-08-26] (Hewlett-Packard) [File not signed]
R2 McAfee Endpoint Encryption Agent; C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe [1318912 2011-07-21] () [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 SEC; C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWEC.exe [1012296 2013-10-09] (SonicWALL, Inc.)
R2 SECAV; C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECAV.exe [2074232 2013-10-09] (SonicWALL, Inc.)
R2 SECLOG; C:\Program Files (x86)\SonicWALL\SonicWALL Enforced Client\SWECLOG.exe [337664 2013-10-09] (SonicWALL, Inc.)

==================== Drivers (Whitelisted) ====================

S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv64.sys [64312 2011-08-22] (Hewlett-Packard Company)
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x64.sys [339728 2010-08-13] (Intel® Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X64.sys [65808 2010-08-13] (Intel® Corporation)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [460888 2011-09-15] (Kaspersky Lab ZAO)
R1 kl2; C:\Windows\System32\DRIVERS\kl2.sys [11864 2011-09-15] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [485680 2011-09-15] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29488 2011-09-15] (Kaspersky Lab ZAO)
R0 MfeEpeOpal; C:\Windows\System32\Drivers\MfeEpeOpal.sys [94152 2011-07-21] (McAfee, Inc.)
R0 MfeEpePc; C:\Windows\System32\Drivers\MfeEpePc.sys [158280 2011-07-21] (McAfee, Inc.)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-05-15] ()
R1 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-11 12:58 - 2014-07-11 12:58 - 00013818 _____ () C:\Users\jaaron\Desktop\FRST.txt
2014-07-11 12:57 - 2014-07-11 11:13 - 02084864 _____ (Farbar) C:\Users\jaaron\Desktop\FRST64.exe
2014-07-11 09:57 - 2014-07-11 09:57 - 00000165 ____H () C:\Users\jaaron\Documents\~$Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-11 09:57 - 2014-07-11 09:57 - 00000165 ____H () C:\Users\jaaron\Documents\~$Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-09 13:19 - 2014-07-09 13:19 - 00022458 _____ () C:\Users\jaaron\Documents\Addition.txt
2014-07-09 13:18 - 2014-07-09 13:18 - 00027285 _____ () C:\Users\jaaron\Documents\FRST.txt
2014-07-09 13:16 - 2014-07-11 12:58 - 00000000 ____D () C:\FRST
2014-07-09 13:14 - 2014-07-09 13:14 - 00000933 _____ () C:\Users\jaaron\Downloads\FRST64.exe
2014-07-09 09:19 - 2014-07-11 11:47 - 00122469 _____ () C:\Users\jaaron\Documents\Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-09 05:19 - 2014-06-20 16:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 05:19 - 2014-06-20 15:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 05:19 - 2014-06-18 21:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 05:19 - 2014-06-18 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 05:19 - 2014-06-18 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 05:19 - 2014-06-18 20:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 05:19 - 2014-06-18 20:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 05:19 - 2014-06-18 20:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 05:19 - 2014-06-18 20:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 05:19 - 2014-06-18 20:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 05:19 - 2014-06-18 20:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 05:19 - 2014-06-18 20:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 05:19 - 2014-06-18 20:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 05:19 - 2014-06-18 20:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 05:19 - 2014-06-18 20:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 05:19 - 2014-06-18 20:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 05:19 - 2014-06-18 20:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 05:19 - 2014-06-18 20:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 05:19 - 2014-06-18 20:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 05:19 - 2014-06-18 19:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 05:19 - 2014-06-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 05:19 - 2014-06-18 19:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 05:19 - 2014-06-18 19:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 05:19 - 2014-06-18 19:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 05:19 - 2014-06-18 19:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 05:19 - 2014-06-18 19:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 05:19 - 2014-06-18 19:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 05:19 - 2014-06-18 19:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 05:19 - 2014-06-18 19:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 05:19 - 2014-06-18 19:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 05:19 - 2014-06-18 19:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 05:19 - 2014-06-18 19:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 05:19 - 2014-06-18 19:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 05:19 - 2014-06-18 19:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 05:19 - 2014-06-18 19:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 05:19 - 2014-06-18 19:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 05:19 - 2014-06-18 19:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 05:19 - 2014-06-18 19:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 05:19 - 2014-06-18 19:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 05:19 - 2014-06-18 19:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 05:19 - 2014-06-18 19:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 05:19 - 2014-06-18 19:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 05:19 - 2014-06-18 18:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 05:19 - 2014-06-18 18:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 05:19 - 2014-06-18 18:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 05:19 - 2014-06-18 18:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 05:19 - 2014-06-18 18:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 05:19 - 2014-06-18 18:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 05:19 - 2014-06-18 18:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 05:19 - 2014-06-18 18:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 05:19 - 2014-06-18 18:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 05:19 - 2014-06-18 18:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 05:19 - 2014-06-18 18:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 05:19 - 2014-06-18 18:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 05:19 - 2014-06-18 18:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 05:19 - 2014-06-18 18:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 05:19 - 2014-06-17 22:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 05:19 - 2014-06-17 21:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 05:19 - 2014-06-17 21:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 05:19 - 2014-06-06 06:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 05:19 - 2014-06-06 05:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 05:19 - 2014-06-05 10:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 05:19 - 2014-06-05 10:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 05:19 - 2014-06-05 10:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-09 05:19 - 2014-05-30 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 05:19 - 2014-05-30 04:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 05:19 - 2014-05-30 04:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 05:19 - 2014-05-30 04:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 05:19 - 2014-05-30 04:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 05:19 - 2014-05-30 04:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 05:19 - 2014-05-30 04:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 05:19 - 2014-05-30 03:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 05:19 - 2014-05-30 03:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 05:19 - 2014-05-30 03:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 05:19 - 2014-05-30 03:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 05:19 - 2014-05-30 03:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 05:19 - 2014-05-30 03:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 05:19 - 2014-05-30 03:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 05:19 - 2014-05-30 02:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-03 15:10 - 2014-07-10 17:57 - 00120840 _____ () C:\Users\jaaron\Documents\Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-03 14:54 - 2014-07-03 14:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 14:54 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-03 14:54 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-03 14:54 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-17 03:23 - 2014-06-17 03:23 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 03:23 - 2014-06-17 03:23 - 00000000 ____D () C:\Users\jaaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-12 14:46 - 2014-06-12 14:47 - 00010138 _____ () C:\Users\jaaron\Documents\Doctor Appointments During Summer.xlsx
2014-06-12 08:58 - 2014-07-01 16:28 - 00109340 _____ () C:\Users\jaaron\Documents\Copy of Estate Mae H (Autosaved).xlsx
2014-06-12 08:57 - 2014-06-12 08:57 - 00090149 _____ () C:\Users\jaaron\Documents\Copy of Copy of Estate Mae H (version2).xlsx
2014-06-11 05:02 - 2014-05-08 05:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 05:02 - 2014-05-08 05:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 05:02 - 2014-04-24 22:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 05:02 - 2014-04-24 22:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 05:02 - 2014-04-04 22:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 05:02 - 2014-04-04 22:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 05:02 - 2014-03-26 10:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 05:02 - 2014-03-26 10:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 05:02 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 05:02 - 2014-03-26 10:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 05:02 - 2014-03-26 10:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 05:02 - 2014-03-26 10:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 05:02 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 05:02 - 2014-03-26 10:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

==================== One Month Modified Files and Folders =======

2014-07-11 12:58 - 2014-07-11 12:58 - 00013818 _____ () C:\Users\jaaron\Desktop\FRST.txt
2014-07-11 12:58 - 2014-07-09 13:16 - 00000000 ____D () C:\FRST
2014-07-11 12:40 - 2012-11-26 15:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-11 12:06 - 2012-06-13 07:35 - 01396971 _____ () C:\Windows\WindowsUpdate.log
2014-07-11 12:03 - 2012-06-17 15:17 - 00000112 _____ () C:\Windows\system32\config\netlogon.ftl
2014-07-11 11:47 - 2014-07-09 09:19 - 00122469 _____ () C:\Users\jaaron\Documents\Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-11 11:13 - 2014-07-11 12:57 - 02084864 _____ (Farbar) C:\Users\jaaron\Desktop\FRST64.exe
2014-07-11 09:57 - 2014-07-11 09:57 - 00000165 ____H () C:\Users\jaaron\Documents\~$Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-11 09:57 - 2014-07-11 09:57 - 00000165 ____H () C:\Users\jaaron\Documents\~$Copy of Mae Mamlin Scott third and fourth  ) AccountS.xlsx
2014-07-11 00:22 - 2012-06-17 15:19 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{A065E265-1E61-4546-8027-952B3F43CE80}
2014-07-10 17:57 - 2014-07-03 15:10 - 00120840 _____ () C:\Users\jaaron\Documents\Mae Mamlin Scott third and fourth  (Fourth) Account.xlsx
2014-07-10 17:47 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-10 17:47 - 2009-07-14 00:45 - 00027568 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-10 16:06 - 2014-05-29 16:00 - 00012432 _____ () C:\Users\jaaron\Documents\Topp (Kathleen) Compensation.xlsx
2014-07-10 12:10 - 2013-05-31 16:05 - 00037202 _____ () C:\Users\jaaron\Documents\AAUW Bank Hampton Branch Funds.xlsx
2014-07-10 03:56 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 03:21 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-10 03:19 - 2013-03-26 03:18 - 00001611 _____ () C:\ProgramData\lmabscan.log
2014-07-10 03:17 - 2010-11-21 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 03:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-10 03:17 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-10 03:16 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-10 03:16 - 2009-07-14 00:51 - 00040291 _____ () C:\Windows\setupact.log
2014-07-10 03:16 - 2009-07-14 00:45 - 00351168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-10 03:02 - 2013-07-22 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 03:01 - 2013-06-19 12:10 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 03:01 - 2012-06-19 11:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-07-09 13:19 - 2014-07-09 13:19 - 00022458 _____ () C:\Users\jaaron\Documents\Addition.txt
2014-07-09 13:18 - 2014-07-09 13:18 - 00027285 _____ () C:\Users\jaaron\Documents\FRST.txt
2014-07-09 13:14 - 2014-07-09 13:14 - 00000933 _____ () C:\Users\jaaron\Downloads\FRST64.exe
2014-07-08 23:20 - 2013-06-24 15:05 - 00000166 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-07-08 20:40 - 2012-11-26 15:32 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-08 20:40 - 2012-11-26 15:32 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-08 20:40 - 2012-05-15 17:12 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-06 09:19 - 2012-08-15 03:18 - 00003214 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForMRC303$
2014-07-06 09:19 - 2012-08-15 03:18 - 00000338 _____ () C:\Windows\Tasks\HPCeeScheduleForMRC303$.job
2014-07-03 15:00 - 2014-02-07 13:17 - 00047220 _____ () C:\Users\jaaron\Documents\Copy of Mae Hamlin Scott - Tax Year Ende 10313prelim adjust made.xlsx
2014-07-03 15:00 - 2014-01-20 15:48 - 00017999 _____ () C:\Users\jaaron\Documents\Copy of Mae Hamlin Scott - Tax Year Ended 10313.xlsx
2014-07-03 14:55 - 2014-07-03 14:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-03 14:54 - 2014-07-03 14:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-03 14:53 - 2012-06-21 09:45 - 00000000 ____D () C:\Users\jaaron\AppData\Local\CrashDumps
2014-07-03 13:52 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-07-01 16:28 - 2014-06-12 08:58 - 00109340 _____ () C:\Users\jaaron\Documents\Copy of Estate Mae H (Autosaved).xlsx
2014-06-20 16:14 - 2014-07-09 05:19 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-06-20 15:39 - 2014-07-09 05:19 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-06-18 21:39 - 2014-07-09 05:19 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-18 21:06 - 2014-07-09 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-18 21:06 - 2014-07-09 05:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-18 20:48 - 2014-07-09 05:19 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-18 20:42 - 2014-07-09 05:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-18 20:42 - 2014-07-09 05:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-18 20:41 - 2014-07-09 05:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-06-18 20:41 - 2014-07-09 05:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-18 20:32 - 2014-07-09 05:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-18 20:31 - 2014-07-09 05:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-18 20:26 - 2014-07-09 05:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-18 20:24 - 2014-07-09 05:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-18 20:24 - 2014-07-09 05:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-18 20:23 - 2014-07-09 05:19 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-18 20:16 - 2014-07-09 05:19 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-18 20:14 - 2014-07-09 05:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-18 20:09 - 2014-07-09 05:19 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-18 19:59 - 2014-07-09 05:19 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 19:56 - 2014-07-09 05:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-18 19:53 - 2014-07-09 05:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-18 19:51 - 2014-07-09 05:19 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-18 19:50 - 2014-07-09 05:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-18 19:48 - 2014-07-09 05:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-18 19:39 - 2014-07-09 05:19 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-18 19:38 - 2014-07-09 05:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-18 19:37 - 2014-07-09 05:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-18 19:36 - 2014-07-09 05:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-18 19:35 - 2014-07-09 05:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-06-18 19:33 - 2014-07-09 05:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-18 19:32 - 2014-07-09 05:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-18 19:28 - 2014-07-09 05:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-18 19:28 - 2014-07-09 05:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-18 19:27 - 2014-07-09 05:19 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-18 19:27 - 2014-07-09 05:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-18 19:25 - 2014-07-09 05:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-18 19:23 - 2014-07-09 05:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-18 19:22 - 2014-07-09 05:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-18 19:12 - 2014-07-09 05:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-18 19:06 - 2014-07-09 05:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-18 19:01 - 2014-07-09 05:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-18 18:59 - 2014-07-09 05:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-18 18:58 - 2014-07-09 05:19 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-18 18:58 - 2014-07-09 05:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-18 18:52 - 2014-07-09 05:19 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-18 18:51 - 2014-07-09 05:19 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-18 18:49 - 2014-07-09 05:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-18 18:46 - 2014-07-09 05:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-18 18:45 - 2014-07-09 05:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-18 18:35 - 2014-07-09 05:19 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-18 18:34 - 2014-07-09 05:19 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-18 18:15 - 2014-07-09 05:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-18 18:13 - 2014-07-09 05:19 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-18 18:09 - 2014-07-09 05:19 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-18 18:07 - 2014-07-09 05:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-17 22:18 - 2014-07-09 05:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-06-17 21:51 - 2014-07-09 05:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-06-17 21:10 - 2014-07-09 05:19 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-06-17 03:23 - 2014-06-17 03:23 - 00169544 _____ (Citrix Online) C:\Windows\system32\g2ax_credential_provider64_715.dll
2014-06-17 03:23 - 2014-06-17 03:23 - 00000000 ____D () C:\Users\jaaron\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Citrix
2014-06-17 03:23 - 2013-09-06 15:59 - 00001506 _____ () C:\Users\jaaron\Desktop\GoToAssist Customer.lnk
2014-06-12 14:47 - 2014-06-12 14:46 - 00010138 _____ () C:\Users\jaaron\Documents\Doctor Appointments During Summer.xlsx
2014-06-12 08:57 - 2014-06-12 08:57 - 00090149 _____ () C:\Users\jaaron\Documents\Copy of Copy of Estate Mae H (version2).xlsx
2014-06-12 08:55 - 2013-06-19 12:01 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2014-06-12 08:55 - 2012-06-17 16:43 - 00002507 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Standard.lnk
2014-06-12 08:55 - 2012-06-17 16:43 - 00002465 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk

Some content of TEMP:
====================
C:\Users\administrator\AppData\Local\Temp\ose00000.exe
C:\Users\MRC303\AppData\Local\Temp\uninstall.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-07-08 00:53

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014
Ran by Jaaron at 2014-07-11 12:58:52
Running from C:\Users\jaaron\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: SonicWALL Enforced Client-AntiVirus (Enabled - Up to date) {65085CBC-A1F3-5840-FCCB-F18B05B7FDF1}
AS: SonicWALL Enforced Client-AntiSpyware (Enabled - Up to date) {DE69BD58-87C9-57CE-C67B-CAF97E30B74C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.10 - Adobe Systems)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Citrix online plug-in - web (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Corel WinDVD (HKLM-x32\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)
Device Access Manager for HP ProtectTools (HKLM\...\{55B52830-024A-443E-AF61-61E1E71AFA1B}) (Version: 6.1.0.1 - Hewlett-Packard Company)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Drive Encryption For HP ProtectTools (HKLM\...\{8A0041CD-277C-4C1F-BFE4-7AC508B20B4C}) (Version: 6.0.82.26444 - Hewlett-Packard Company)
File Sanitizer For HP ProtectTools (HKLM-x32\...\{6D6ADF03-B257-4EA5-BBC1-1D145AF8D514}) (Version: 6.0.0.15 - Hewlett-Packard Company)
FileCabinet CS Virtual Office Print Driver (HKLM-x32\...\{3063005D-A379-4C79-9F01-2EAF942A0539}) (Version: 2009.00.0000 - Thomson Reuters Tax & Accounting)
GoToAssist Customer 2.1.0.715 (HKLM-x32\...\GoToAssist Express Customer) (Version: 2.1.0.715 - Citrix Online)
GoToMeeting 5.4.0.1082 (HKCU\...\GoToMeeting) (Version: 5.4.0.1082 - CitrixOnline)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP ProtectTools Security Manager (HKLM\...\HPProtectTools) (Version: 6.06.1004 - Hewlett-Packard Company)
HP ProtectTools Security Manager (Version: 6.06.1004 - Hewlett-Packard Company) Hidden
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Identity Protection Technology 1.1.2.0 (HKLM-x32\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel® Network Connections 15.7.176.0 (Version: 15.7.176.0 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
KONICA MINOLTA TWAIN Ver.3 (HKLM-x32\...\{616E8966-0574-4E9E-A9CD-9CB819EBC162}) (Version: 3.00.0001 - KONICA MINOLTA)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Privacy Manager for HP ProtectTools (HKLM\...\{4BCE2AAB-84AA-4324-9A05-C333BDB3B7A2}) (Version: 6.02.852 - Hewlett-Packard Company)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.4222 - CyberLink Corp.) Hidden
SonicWALL Enforced Client (HKLM-x32\...\{FB33AE54-EF6D-400D-8560-430CF50DB8E0}) (Version: 1.8.64 - SonicWALL)
SonicWALL Enforced Client Kaspersky AV (HKLM-x32\...\{CB3043C2-0821-4615-8672-3D20F4A89127}) (Version: 1.8.21 - SonicWALL)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Theft Recovery for HP ProtectTools (HKLM-x32\...\InstallShield_{ADC70B7A-530B-46E3-8384-48D22681A41E}) (Version: 6.0.0.35 - Hewlett-Packard Company)
Theft Recovery for HP ProtectTools (x32 Version: 6.0.0.35 - Hewlett-Packard Company) Hidden
UniPrint Client 4.0 (HKLM-x32\...\{59834921-0D4B-4AD5-BA8A-538238819F4C}) (Version: 4.0.9 - UniPrint, a division of GFI Business Solutions Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883030) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F5DCAB53-C2FD-4E5A-8C83-0F37485E5E89}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
VIP Access SDK (1.0.1.4)  (HKLM-x32\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
VO Scan client for Citrix (HKLM-x32\...\VO Scan client for Citrix) (Version: 2009.3.0 - )
Winpopup LAN Messenger 5.3 (HKLM-x32\...\Winpopup LAN Messenger_is1) (Version:  - FOMINE SOFTWARE)

==================== Restore Points  =========================

03-05-2014 07:00:13 Windows Update
06-05-2014 07:00:10 Windows Update
09-05-2014 03:19:59 HPSF Restore Point
15-05-2014 07:00:13 Windows Update
23-05-2014 04:00:03 Scheduled Checkpoint
31-05-2014 04:00:00 Scheduled Checkpoint
08-06-2014 04:00:00 Scheduled Checkpoint
09-06-2014 03:20:01 HPSF Restore Point
12-06-2014 07:00:15 Windows Update
20-06-2014 04:00:02 Scheduled Checkpoint
28-06-2014 04:00:01 Scheduled Checkpoint
06-07-2014 04:00:01 Scheduled Checkpoint
09-07-2014 03:20:04 HPSF Restore Point
10-07-2014 07:00:12 Windows Update

==================== Hosts content: ==========================

2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {06A3B505-FA24-4EAF-8A29-4542F57A54CE} - System32\Tasks\HPCeeScheduleForMRC303$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {2B1937BD-0275-4D37-9B7B-6D11FDA9261E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {393AF428-82A8-42F0-BC34-3796862E8BF1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {40B231B9-045A-4CCC-9C3E-144717286C41} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-06-22] (CyberLink)
Task: {9110CB48-0695-4B19-B31B-9A8218FD426E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {AFCFC120-C247-4D65-A74E-16701500CEE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {B57CC0A7-82F1-4D5C-84E8-DD4338CDD133} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Total Care Tune-Up => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPTuneUp.exe [2011-03-22] (Hewlett-Packard Company)
Task: {E4700DA1-CC9C-4A43-98CD-03B0CC8894AA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2011-09-09] (Hewlett-Packard Company)
Task: {F6A7CD43-F365-4150-9078-61BE79020383} - System32\Tasks\Registration => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-01-25] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForMRC303$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2009-11-02 03:19 - 2012-06-21 08:09 - 00648704 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYUJ_O.DLL
2011-07-21 20:57 - 2011-07-21 20:57 - 03376128 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpFve64.dll
2011-07-21 20:19 - 2011-07-21 20:19 - 01318912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
2012-05-15 16:58 - 2010-11-29 00:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-07-21 20:44 - 2011-07-21 20:44 - 00200704 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe
2011-07-21 20:41 - 2011-07-21 20:41 - 02818048 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcEncryptionProviderPlugin.dll
2011-07-21 20:18 - 2011-07-21 20:18 - 00126976 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHostInterface.dll
2011-07-21 20:40 - 2011-07-21 20:40 - 03080192 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalEncryptionProviderPlugin.dll
2011-07-21 20:44 - 2011-07-21 20:44 - 02854912 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeHpDpHostPlugin.dll
2011-07-21 20:42 - 2011-07-21 20:42 - 00053248 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EpeOpalATASec4SATA.dll
2011-07-21 20:21 - 2011-07-21 20:21 - 02035712 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeCoreEncryptionPlugin.dll
2011-07-21 20:22 - 2011-07-21 20:22 - 01929216 _____ () C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeProductDetectionPlugin.dll
2010-04-06 11:25 - 2010-04-06 11:25 - 03614720 _____ () C:\Program Files (x86)\Citrix\ICA Client\VOScan.dll
2009-09-12 23:08 - 2009-09-12 23:08 - 00028496 _____ () C:\Program Files (x86)\Citrix\ICA Client\vdtuin.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/10/2014 11:58:38 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/09/2014 11:39:25 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/09/2014 01:15:07 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/03/2014 11:42:46 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (07/03/2014 02:53:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x15b0
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (07/03/2014 02:53:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532
Faulting module name: MSVCR100.dll, version: 10.0.40219.325, time stamp: 0x4df2be1e
Exception code: 0x40000015
Fault offset: 0x0008d6fd
Faulting process id: 0x12e4
Faulting application start time: 0xmbam.exe0
Faulting application path: mbam.exe1
Faulting module path: mbam.exe2
Report Id: mbam.exe3

Error: (06/17/2014 11:39:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/14/2014 00:13:23 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/13/2014 00:26:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="ia64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/12/2014 01:45:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17126, time stamp: 0x53882d40
Faulting module name: ieapfltr.dll, version: 11.0.9600.17126, time stamp: 0x53882f84
Exception code: 0xc0000005
Fault offset: 0x0000000000066f18
Faulting process id: 0xbd0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (07/10/2014 03:18:23 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (07/10/2014 03:16:48 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (07/08/2014 08:53:26 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1055) (User: NT AUTHORITY)
Description: The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following:
a) Name Resolution failure on the current domain controller.
B) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).

Error: (07/08/2014 08:53:25 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/12/2014 08:56:11 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (06/12/2014 03:20:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (06/12/2014 03:19:21 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (06/12/2014 03:18:01 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Error: (05/15/2014 03:20:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Image Acquisition (WIA) service hung on starting.

Error: (05/15/2014 03:18:52 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain MRC due to the following:
%%1311

This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.

 

ADDITIONAL INFO

If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.

Microsoft Office Sessions:
=========================
Error: (01/13/2014 06:11:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3874 seconds with 3180 seconds of active time.  This session ended with a crash.

Error: (05/06/2013 01:19:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 11943 seconds with 7080 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Percentage of memory in use: 27%
Total physical RAM: 8080.02 MB
Available physical RAM: 5861.57 MB
Total Pagefile: 16158.21 MB
Available Pagefile: 13918.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.16 GB) (Free:399.09 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:9.5 GB) (Free:1.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Removable) (Total:7.59 GB) (Free:5.45 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 1 (Size: 8 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=8 GB) - (Type=0B)

==================== End Of Log ============================

 

 



#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 13 July 2014 - 06:03 AM

Hi,

I don't see an indication that malware is running on your system.
Let's see if Malwarebytes finds something:
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • Uncheck Enable free trial of Malwarebytes Anti-Malware Premium if you do not want the free trial of the paid version, then click Finish
  • If you are notified the Database is out of date click Update Now
  • Click Scan Now >>
  • When completed click the down arrow on Export Log and select Text file (*.txt)
  • Save the file to your desktop as MBAM
  • Click Apply Actions then restart your computer if requested
  • Copy and past the contents of MBAM.txt in your reply


#10 yumito

yumito
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 14 July 2014 - 01:38 PM

if i ran malwarebytes previously and there were no threats detected do you still want me to attach the loggs?



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:03 PM

Posted 15 July 2014 - 01:49 AM

Sorry I missed that MBAM has already been run.
Your logs look clean to me there is no indication for an active infection.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users