Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rootkit?


  • This topic is locked This topic is locked
26 replies to this topic

#1 omo

omo

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 27 August 2014 - 06:27 AM

the pc is repeatedly infected by a trojan, which can be successfully removed by mbam or mcafee (they report nothing suspicious afterwards), but the same trojan always comes back a few days later (not necessarily after the reboot). suspect a rootkit.

thanks in advance!

 

-------------------------------------------------------------------------------

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17239  BrowserJavaVersion: 10.67.2
Run by me at 12:51:56 on 2014-08-27
Microsoft Windows 7 Enterprise   6.1.7601.1.1251.7.1033.18.4046.1124 [GMT 2:00]
.
AV: McAfee VirusScan Enterprise *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee VirusScan Enterprise Antispyware Module *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\Hpservice.exe
C:\windows\system32\vcsFPService.exe
C:\windows\system32\atieclxx.exe
c:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe
C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe
C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\windows\SysWOW64\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe
C:\windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
c:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\taskhost.exe
C:\windows\System32\rundll32.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\RA2HP\HPRAService.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe
C:\Program Files (x86)\G-Recorder\G-Recorder.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
C:\UTIL\PROCEXP\PROCEXP.EXE
C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
C:\windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\System32\WUDFHost.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\msiexec.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uSearch Bar = Preserve
mStart Page = about:blank
mWinlogon: Userinit = userinit.exe,
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140627115738.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Lync] "C:\Program Files (x86)\Microsoft Office\Office15\lync.exe" /fromrunkey
uRun: [Google Update] "C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpiderOak] C:\Program Files\SpiderOak\SpiderOak.exe --windows_startup
uRun: [ChromeUpdate] C:\Users\me\AppData\Roaming\ChromeUpdate.exe
mRun: [COEMsgDisplay] c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
mRun: [ShStatEXE] "C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
mRun: [GetITIcon] C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
mRun: [IDA] C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [QLBController] c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe /start
mRun: [eepc_SmartClient] C:\Program Files (x86)\SmartClient\Smart.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [DcaTray] C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
mRun: [JunosPulse] c:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe -tray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [McAfeeUpdaterUI] "C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADAPTE~1.LNK - C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\AdapterTroubleshooter.exe
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\certreq.lnk - C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\certreq.exe
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\compact.lnk - C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\compact.exe
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\G-RECO~1.LNK - C:\Program Files (x86)\G-Recorder\G-Recorder.exe
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\rasautou.lnk - C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\rasautou.exe
StartupFolder: C:\Users\me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\launch_splashscreen.vbs
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: Run = "C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\compact.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoWebServices = dword:1
mPolicies-Explorer: NoPublishingWizard = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:4
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: dontdisplaylockeduserid = dword:1
mPolicies-System: legalnoticecaption = Terms of Use
mPolicies-System: legalnoticetext = This computing system is a company owned asset and provided for the exclusive use of authorized personnel for business purposes.  All information and data created, accessed, processed, or stored using this system (including personal information) are subject to monitoring, auditing, or review to the extent permitted by applicable law.  Unauthorized use or abuse of this system may lead to corrective action including termination of employment, civil and/or criminal penalties.
mPolicies-System: LogonType = dword:0
mPolicies-System: HideFastUserSwitching = dword:1
mPolicies-System: ReportControllerMissing = dword:0
mPolicies-System: DisableNT4Policy = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: eds.com
DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} - hxxps://remote.hpbsc.ch/public/download/cachecleaner.cab#7090,2013,1031,1040
DPF: {2BCDB465-81F9-41CB-832C-8037A4064446} - hxxps://remote.hpbsc.ch/public/download/urxvpn.cab#version=7090,2013,1031,1040
DPF: {41EF3CD2-D8CC-4438-84B1-280BB4E77C8E} - hxxps://remote.hpbsc.ch/public/download/f5tunsrv.cab#version=7090,2013,1031,1040
DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} - C:\Users\me\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} - hxxps://remote.hpbsc.ch/public/download/urxshost.cab#7090,2013,1031,1040
DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} - hxxps://remote.hpbsc.ch/public/download/urxhost.cab#version=7090,2013,1031,1040
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: Interfaces\{3BCD6A8D-97A7-4ACE-B4A1-ADE741A8511A} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{3C8697BB-C540-4CA7-9061-C650293C12C9} : DHCPNameServer = 16.110.135.52 16.110.135.51
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D} : DHCPNameServer = 16.110.135.52 16.110.135.51
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\145627F656870727563737 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\145627F656870727563737 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\14C4943454D275C414E42373 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\14C4943454D275C414E42373 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\350756564645F6573686241373149344 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\350756564645F6573686241373149344 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\4556C656B6F6D6F5943454 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\4556C656B6F6D6F5943454 : DHCPNameServer = 10.56.10.129
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\E65687573753 : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}\E65687573753 : DHCPNameServer = 192.168.43.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp wsauth
mASetup: {86E45973-5352-439F-A115-2E8EE4D40140} - "C:\Program Files (x86)\Common Files\Hewlett-Packard\ActSet\HpActSet.exe"
IFEO: taskmgr.exe - "C:\UTIL\PROCEXP\PROCEXP.EXE"
x64-mStart Page = about:blank
x64-mDefault_Page_URL = hxxp://athp.hp.com
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140627115737.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [McAfee Host Intrusion Prevention Tray] "C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe"
x64-Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
x64-Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
x64-Run: [HPRAService] C:\Program Files\RA2HP\HPRAService.exe
x64-Run: [PasswordRegistration] C:\windows\System32\MsPwdRegistration.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [ACPW07EN] "C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-IFEO: taskmgr.exe - "C:\UTIL\PROCEXP\PROCEXP.EXE"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/webhp?complete=0
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\me\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52}\plugins\NPuroamHost.dll
FF - plugin: C:\Users\me\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\me\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
.
============= SERVICES / DRIVERS ===============
.
R0 54278597;54278597;C:\windows\System32\drivers\54278597.sys [2014-5-21 460888]
R0 75223308;75223308;C:\windows\System32\drivers\75223308.sys [2014-6-22 460888]
R0 mfehidk;McAfee Inc. mfehidk;C:\windows\System32\drivers\mfehidk.sys [2013-6-19 782968]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\windows\System32\drivers\mfewfpk.sys [2013-6-19 344176]
R0 vsock;vSockets Driver;C:\windows\System32\drivers\vsock.sys [2014-7-14 70296]
R1 mfenlfk;McAfee NDIS Light Filter;C:\windows\System32\drivers\mfenlfk.sys [2014-7-10 78960]
R2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-6-3 277032]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2014-2-18 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-6-21 235520]
R2 DcaSvc;DcaSvc;C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [2014-5-29 128000]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [2013-12-18 611152]
R2 FIMPasswordReset;Forefront Identity Manager Password Reset Client Service;C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [2012-1-29 75608]
R2 HipMgmt;McAfee Host Intrusion Prevention lpc Service;C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [2013-12-18 153832]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-9-6 197536]
R2 hpHotkeyMonitor;hpHotkeyMonitor;C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [2012-9-12 523680]
R2 hpsrv;HP Service;C:\windows\System32\hpservice.exe [2013-2-12 31040]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-2-18 13336]
R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2013-11-14 158040]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2011-5-12 324928]
R2 McAfeeFramework;McAfee Framework-Dienst;C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [2013-12-4 127520]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2013-6-19 242448]
R2 McTaskManager;McAfee Task Manager;C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [2014-1-15 208416]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-7-10 219752]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\windows\System32\mfevtps.exe [2013-6-19 185280]
R2 Radexecd;HPCA Notify Daemon;C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radexecd.exe [2012-11-22 346160]
R2 Radsched;HPCA Scheduler Daemon;C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\radsched.exe [2012-11-22 247856]
R2 Radstgms;HPCA MSI Redirector;C:\PROGRA~2\HEWLET~1\PCCOE3~1\OVCMS~1\Radstgms.exe [2012-11-22 378928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-17 5052224]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-2-18 2656536]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\System32\vcsFPService.exe [2012-7-19 2714232]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-6-6 919632]
R2 vmware-view-usbd;VMware Horizon View USB;C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2013-12-17 2437120]
R2 wsnm;VMware View Client;C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe [2014-6-10 473304]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-6-21 96896]
R3 btwampfl;Bluetooth AMP USB Filter;C:\windows\System32\drivers\btwampfl.sys [2011-6-20 344616]
R3 FireNfcp;McAfee Inc. FireNfcp;C:\windows\System32\drivers\FireNfcp.sys [2014-7-10 53728]
R3 HipShieldK;McAfee Inc. HipShieldK;C:\windows\System32\drivers\HipShieldK.sys [2014-7-10 200616]
R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-5-23 1098296]
R3 JMCR;JMCR;C:\windows\System32\drivers\jmcr.sys [2013-2-12 175928]
R3 JNPRNA;Juniper Network Agent Miniport;C:\windows\System32\drivers\jnprna6.sys [2014-6-5 522544]
R3 JnprVaMgr;Juniper Networks Virtual Adapter Manager Service;C:\windows\System32\drivers\jnprvamgr.sys [2013-10-28 45352]
R3 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2013-2-12 26208]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-7-16 122584]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\windows\System32\drivers\mfeavfk.sys [2013-6-19 311600]
R3 mfefirek;McAfee Inc. mfefirek;C:\windows\System32\drivers\mfefirek.sys [2014-7-10 520056]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\System32\drivers\nusb3xhc.sys [2011-2-15 181248]
R3 RadiaMsi;RadiaMsi;C:\windows\System32\drivers\radiamsi.sys [2012-11-22 42808]
R3 urvpndrv;F5 Networks VPN Adapter;C:\windows\System32\drivers\covpnv64.sys [2013-10-31 45776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 dmvsc;dmvsc;C:\windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 f5ipfw;F5 Networks StoneWall Filter;C:\windows\System32\drivers\urfltv64.sys [2014-2-18 30952]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-8-13 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\windows\System32\drivers\lvrs64.sys [2012-9-21 351520]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\windows\System32\drivers\lvuvc64.sys [2012-9-21 4763680]
S3 mferkdet;McAfee Inc. mferkdet;C:\windows\System32\drivers\mferkdet.sys [2013-6-19 107032]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\windows\System32\drivers\nvstusb.sys [2013-10-11 448288]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-2-18 19456]
S3 SmbDrv;SmbDrv;C:\windows\System32\drivers\Smb_driver_AMDASF.sys [2013-10-9 29424]
S3 SmbDrvI;SmbDrvI;C:\windows\System32\drivers\Smb_driver_Intel.sys [2013-10-9 33008]
S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2014-6-6 27136]
S3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;C:\windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\windows\System32\drivers\terminpt.sys [2014-2-18 29696]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-2-18 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-2-18 30208]
S3 tsusbhub;Remote Deskotop USB Hub;C:\windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-3-5 1255736]
S4 jnprTdi_801_41197;Juniper Networks TDI Filter Driver (jnprTdi_801_41197);C:\windows\System32\drivers\jnprTdi_801_41197.sys [2014-6-5 108336]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile=C:\windows\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2014-08-26 15:27:24    --------    d-----w-    C:\Program Files (x86)\Legacy8
2014-08-25 08:55:25    316416    ----a-w-    C:\windows\System32\drivers\rdbss.sys
2014-08-25 08:53:53    313344    ----a-w-    C:\windows\System32\DaOtpCredentialProvider.dll
2014-08-25 08:50:03    572416    ----a-w-    C:\windows\System32\iphlpsvc.dll
2014-08-25 08:50:03    246272    ----a-w-    C:\windows\System32\netcorehc.dll
2014-08-25 08:50:03    175104    ----a-w-    C:\windows\SysWow64\netcorehc.dll
2014-08-25 07:51:08    --------    d-----w-    C:\Users\me\AppData\Roaming\Uwwaruv
2014-08-23 08:05:34    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\df47fdd7b47fb6aaffd540fedbc6f461\Nostradamus Last Prophecy.exe
2014-08-23 08:05:34    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\95a50ce39d8614c09a3bd145b4f57093\Heavyweight Transport Simulator.exe
2014-08-23 08:05:34    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7be8eb83c877b011bdb41013b45e2fda\FIFA Manager 14.exe
2014-08-23 08:05:34    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\1b1db6e88a9e3e7753f1440624119dc2\Command And Conquer.exe
2014-08-23 01:33:15    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d7bb38c040a305909eec11c4f133fdc1\Safecracker.exe
2014-08-23 01:33:15    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\758fc24ff3e25f04497a9d37f3a2c6df\Nancy Drew® Phantom of Venice.exe
2014-08-23 01:33:15    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\56f21ca158fa25f3306289970f07ae24\Tow Truck Simulator.exe
2014-08-22 06:34:37    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\ff8dffd8104932b8ba32b9f3c0046f8b\ComiPo!.exe
2014-08-22 06:34:37    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\d3e493fe67bce4ad01706acb03e4c599\Embird.exe
2014-08-22 06:34:37    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8fa931c9bea977ca736a775b38fc4322\TVideoGrabber.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\fca2fbae34034ee7fe73f31e53507c09\Movavi Video Editor.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\bae12af2d65ecc2739d6fcc17cb0148f\PlayOn.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\9f2bfef64b3567f178fa16fd6c947d1b\TVideoGrabber.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\95010cf3a500455856e8a7b6f5b0002e\Drumagog.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\8951e0fbba6614c367e8f040e0caa4c8\TwinView Plus.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\834a0073a9e02979857556494f0d5e5a\ArcSoft Video Stabilizer.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\7c998312b0c712d7c75586fe29031154\TARGET 3001.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\768e892292b41323b9e1ce1d2a25b138\Adorage for Movie Maker.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\48bc6c001c6239b735fa763744526626\Quick View Plus.exe
2014-08-22 02:33:10    54525952    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\378dde9aaec4c2206f48b59957aa6cd1\Comodo AntiVirus.exe
2014-08-21 23:46:56    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\f7821fded8f7198f85bd361b7685e8bb\MorphVOX Pro.exe
2014-08-21 23:31:46    12582912    ----a-w-    C:\ProgramData\Microsoft\Crypto\RSA64\MachineKeys\data\cceb2090a7bd581a06ed739b81c598cc\WMP xMPG Codec Pack.exe
2014-08-21 00:05:32    87200    ----a-w-    C:\ProgramData\wrnhoah.tmp
2014-08-16 22:46:28    --------    d-----w-    C:\Program Files (x86)\TeamViewer
2014-08-16 22:24:46    --------    d-----w-    C:\Users\me\AppData\Local\Odlics
2014-08-14 23:03:24    --------    d-----w-    C:\Users\me\.shsh
2014-08-14 22:19:42    --------    d-----w-    C:\Users\me\AppData\Local\Apple Computer
2014-08-14 22:18:42    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-14 22:17:48    --------    d-----w-    C:\Users\me\AppData\Local\Apple
2014-08-14 11:23:41    99480    ----a-w-    C:\windows\SysWow64\infocardapi.dll
2014-08-14 11:23:41    619672    ----a-w-    C:\windows\SysWow64\icardagt.exe
2014-08-14 11:23:41    171160    ----a-w-    C:\windows\System32\infocardapi.dll
2014-08-14 11:23:41    1389208    ----a-w-    C:\windows\System32\icardagt.exe
2014-08-14 11:23:40    8856    ----a-w-    C:\windows\SysWow64\icardres.dll
2014-08-14 11:23:40    8856    ----a-w-    C:\windows\System32\icardres.dll
2014-08-14 11:23:36    35480    ----a-w-    C:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 11:23:36    35480    ----a-w-    C:\windows\System32\TsWpfWrp.exe
2014-08-13 11:06:59    665088    ----a-w-    C:\windows\SysWow64\rpcrt4.dll
2014-08-13 11:06:59    190464    ----a-w-    C:\windows\System32\rpchttp.dll
2014-08-13 11:06:59    141312    ----a-w-    C:\windows\SysWow64\rpchttp.dll
2014-08-13 11:06:59    1215488    ----a-w-    C:\windows\System32\rpcrt4.dll
2014-08-12 21:24:32    --------    d-----w-    C:\Users\me\AppData\Local\Temp
2014-08-05 17:20:22    227728    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2014-08-05 13:18:06    98216    ----a-w-    C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-07-30 00:13:49    93808    ----a-w-    C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2014-07-28 16:22:06    89888    ----a-w-    C:\windows\System32\NicInstC.dll
2014-07-28 16:22:06    73480    ----a-w-    C:\windows\System32\e1cmsg.dll
2014-07-28 16:22:06    495376    ----a-w-    C:\windows\System32\drivers\e1c62x64.sys
.
==================== Find3M  ====================
.
2014-08-27 10:26:02    122584    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-08-11 23:17:08    53728    ----a-w-    C:\windows\System32\drivers\FireNfcp.sys
2014-07-30 09:47:54    70832    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-30 09:47:54    692400    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-25 14:02:12    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-07-25 14:01:41    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-07-25 13:28:35    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27    548352    ----a-w-    C:\windows\System32\vbscript.dll
2014-07-25 13:25:45    83968    ----a-w-    C:\windows\System32\MshtmlDac.dll
2014-07-25 13:04:40    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-07-25 13:00:25    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-07-25 12:59:28    758272    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-07-25 12:47:25    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-07-25 12:34:03    455168    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-07-25 12:33:08    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32    61952    ----a-w-    C:\windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15    5824512    ----a-w-    C:\windows\System32\jscript9.dll
2014-07-25 12:28:05    72704    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47    597504    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47    4204032    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-07-25 11:43:16    60416    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29    2087936    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-07-25 11:39:25    1249280    ----a-w-    C:\windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49    2001920    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10    1068032    ----a-w-    C:\windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06    2266624    ----a-w-    C:\windows\System32\wininet.dll
2014-07-25 10:05:23    1792512    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-07-16 03:25:04    404480    ----a-w-    C:\windows\System32\gdi32.dll
2014-07-16 03:22:08    2048    ----a-w-    C:\windows\System32\tzres.dll
2014-07-16 02:55:01    2048    ----a-w-    C:\windows\SysWow64\tzres.dll
2014-07-16 02:46:24    311808    ----a-w-    C:\windows\SysWow64\gdi32.dll
2014-07-16 02:17:05    3166720    ----a-w-    C:\windows\System32\win32k.sys
2014-07-09 02:03:23    7168    ----a-w-    C:\windows\System32\KBDYAK.DLL
2014-07-09 02:03:22    7168    ----a-w-    C:\windows\System32\KBDBASH.DLL
2014-07-09 01:31:42    7168    ----a-w-    C:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41    6656    ----a-w-    C:\windows\SysWow64\KBDBASH.DLL
2014-07-03 09:53:37    111016    ----a-w-    C:\windows\System32\WindowsAccessBridge-64.dll
2014-06-27 09:55:51    344176    ----a-w-    C:\windows\System32\drivers\mfewfpk.sys
2014-06-27 09:55:51    185280    ----a-w-    C:\windows\System32\mfevtps.exe
2014-06-27 09:55:48    121896    ----a-w-    C:\windows\System32\MfeOtlkAddin.dll
2014-06-27 09:55:48    107032    ----a-w-    C:\windows\System32\drivers\mferkdet.sys
2014-06-27 09:55:47    782968    ----a-w-    C:\windows\System32\drivers\mfehidk.sys
2014-06-27 09:55:45    11208    ----a-w-    C:\windows\System32\drivers\mfeclnk.sys
2014-06-27 09:55:43    311600    ----a-w-    C:\windows\System32\drivers\mfeavfk.sys
2014-06-27 09:55:41    180272    ----a-w-    C:\windows\System32\drivers\mfeapfk.sys
2014-06-27 09:55:38    94080    ----a-w-    C:\windows\SysWow64\MfeOtlkAddin.dll
2014-06-27 09:55:38    25088    ----a-w-    C:\windows\SysWow64\MFEOtlk.dll
2014-06-22 01:32:50    460888    ----a-w-    C:\windows\System32\drivers\75223308.sys
2014-06-18 02:18:30    692736    ----a-w-    C:\windows\System32\osk.exe
2014-06-18 01:51:32    646144    ----a-w-    C:\windows\SysWow64\osk.exe
2014-06-12 07:52:08    986560    ----a-w-    C:\windows\System32\drivers\dxgkrnl.sys
2014-06-10 19:50:24    6112864    ----a-w-    C:\windows\System32\usbaaplrc.dll
2014-06-10 19:50:24    54784    ----a-w-    C:\windows\System32\drivers\usbaapl64.sys
2014-06-10 03:55:22    2278616    ----a-w-    C:\windows\System32\wsauth.dll
2014-06-06 10:10:34    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-06-06 09:44:17    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15    1460736    ----a-w-    C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58    22016    ----a-w-    C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49    96768    ----a-w-    C:\windows\SysWow64\sspicli.dll
2014-06-03 10:02:21    504320    ----a-w-    C:\windows\System32\msihnd.dll
2014-06-03 10:02:21    3241984    ----a-w-    C:\windows\System32\msi.dll
2014-06-03 09:29:50    337408    ----a-w-    C:\windows\SysWow64\msihnd.dll
2014-06-03 09:29:50    2363392    ----a-w-    C:\windows\SysWow64\msi.dll
2014-06-03 02:42:19    112576    ----a-w-    C:\windows\System32\consent.exe
2014-06-03 02:42:03    1942016    ----a-w-    C:\windows\System32\authui.dll
2014-06-03 02:13:30    1806336    ----a-w-    C:\windows\SysWow64\authui.dll
2014-05-30 08:08:52    210944    ----a-w-    C:\windows\System32\wdigest.dll
2014-05-30 08:08:49    86528    ----a-w-    C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47    340992    ----a-w-    C:\windows\System32\schannel.dll
2014-05-30 08:08:41    314880    ----a-w-    C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41    307200    ----a-w-    C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36    728064    ----a-w-    C:\windows\System32\kerberos.dll
2014-05-30 08:08:31    22016    ----a-w-    C:\windows\System32\credssp.dll
2014-05-30 07:52:51    172032    ----a-w-    C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49    65536    ----a-w-    C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45    247808    ----a-w-    C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41    220160    ----a-w-    C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40    259584    ----a-w-    C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36    550912    ----a-w-    C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30    17408    ----a-w-    C:\windows\SysWow64\credssp.dll
2014-05-30 06:41:14    496640    ----a-w-    C:\windows\System32\drivers\afd.sys
.
============= FINISH: 12:52:47.70 ===============
 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:42 AM

Posted 01 September 2014 - 06:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/545898 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 omo

omo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 01 September 2014 - 07:22 PM

hello,

 

dds output is attached.

as i said, the trojan keeps coming back after being cleaned by mbam or mcafee. it is usually located in C:\ProgramData\Microsoft\Crypto\RSA64, C:\Users\me\AppData\Roaming\, etc.

i do not believe i have an installation dvd.

 

regards

Attached Files



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:42 AM

Posted 02 September 2014 - 12:06 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi omo,
 
What does MBAM and Mcafee identify the threat as? Also, what is the name of the file it detects?

 

--------------
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 omo

omo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 04 September 2014 - 07:14 AM

mbam usually deletes the following trojans:

 

Trojan.Agent.RvGen

Trojan.Agent.SCS

 

mcafee:

 

Artemis!

PWS-Zbot-FBDC

RDN/Downloader.a!sr

RDN/Generic.grp!hg

 

the files are usually in

C:\Users\me\AppData\Roaming\

C:\Windows\SysWOW64\

C:\Windows\Tasks\

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02
Ran by me (administrator) on ME2 on 04-09-2014 03:03:11
Running from C:\dl
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe
(Microsoft Corporation) C:\Windows\System32\MsPwdRegistration.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
() C:\Program Files (x86)\G-Recorder\G-Recorder.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
(Microsoft Corporation) C:\Windows\System32\wlrmdr.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Sysinternals - www.sysinternals.com) C:\util\procexp\procexp.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Sysinternals - www.sysinternals.com) C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\SpiderOak\windows_dir_watcher.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Eugene Roshal & FAR Group) C:\util\far\Far.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McScript_InUse.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239328 2013-12-18] (McAfee, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [HPRAService] => C:\Program Files\RA2HP\HPRAService.exe [139776 2013-03-13] (Hewlett-Packard Company)
HKLM\...\Run: [PasswordRegistration] => C:\Windows\system32\MsPwdRegistration.exe [31080 2012-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [COEMsgDisplay] => c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [GetITIcon] => C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IDA] => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [372224 2013-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [eepc_SmartClient] => C:\Program Files (x86)\SmartClient\Smart.exe [141312 2014-03-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [DcaTray] => C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2012-08-27] (Microsoft Corporation)
HKLM-x32\...\Run: [JunosPulse] => c:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521432 2013-11-14] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Google Update] => C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-21] (Google Inc.)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [SpiderOak] => C:\Program Files\SpiderOak\SpiderOak.exe [59904 2014-02-04] (SpiderOak)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [ChromeUpdate] => C:\Users\me\AppData\Roaming\ChromeUpdate.exe uнLwдсттту0у у   RЦlS  L   РтЯуLw   ђт8т  BфLw@                 xт
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Policies\Explorer: [Run] "C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\typeperf.exe"
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DefUserRunOnceSettings] => "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs"
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DeleteIE864BitIcon] => c:\windows\deleteie64biticon.bat
IFEO\taskmgr.exe: [Debugger] "C:\UTIL\PROCEXP\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\launch_splashscreen.vbs ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\me\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\me\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\me\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\me\reg_off2k7.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\me\create_shortcut.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\me\reg_off2k7.vbs (No File)
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G-Recorder.lnk
ShortcutTarget: G-Recorder.lnk -> C:\Program Files (x86)\G-Recorder\G-Recorder.exe ()
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\typeperf.lnk
ShortcutTarget: typeperf.lnk -> C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\typeperf.exe (No File)
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: SpiderOakOverlay -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOak\shell_extension.dll (SpiderOak)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://athp.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {3CAD4633-9858-45C1-9B40-33BD07FC45A2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {3CAD4633-9858-45C1-9B40-33BD07FC45A2} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140627115737.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140627115738.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://remote.hpbsc.ch/public/download/cachecleaner.cab#7090,2013,1031,1040
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} https://remote.hpbsc.ch/public/download/urxvpn.cab#version=7090,2013,1031,1040
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\me\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://remote.hpbsc.ch/public/download/urxshost.cab#7090,2013,1031,1040
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://remote.hpbsc.ch/public/download/urxhost.cab#version=7090,2013,1031,1040
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 acdid.acdsystems.com
Tcpip\..\Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default
FF Homepage: hxxp://www.google.com/webhp?complete=0
FF NetworkProxy: "autoconfig_url", "http://www.gixen.com/proxyconfig.txt"
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\me\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\me\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\me\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\me\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Wörterbuch Deutsch (de-CH), Hunspell-unterstützt - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\de_CH@dicts.j3e.de [2014-08-20]
FF Extension: British English Dictionary - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2014-08-01]
FF Extension: DAO.TableDef.120 - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{364CB7CE-0D07-A1D5-DCB3-EDF7BC53FA77} [2014-07-04]
FF Extension: All-in-One Gestures - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-02-18]
FF Extension: F5 Networks Host Plugin - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-02-21]
FF Extension: LiveJournal Addons - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\homo_nudus@livejournal.com.xpi [2014-07-30]
FF Extension: YouTube Center - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-07-30]
FF Extension: Remember Passwords - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi [2014-02-21]
FF Extension: Flagfox - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-07-30]
FF Extension: ScrapBook - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-07-30]
FF Extension: eBay Sidebar for Firefox - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2014-02-18]
FF Extension: NoScript - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-30]
FF Extension: Adblock Plus - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise
FF Extension: McAfee SiteAdvisor Enterprise - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise [2013-06-20]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-06-19]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DAO.TableDef.120) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-28]
CHR Extension: (Google Docs) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Cast) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-14]
CHR Extension: (Google Search) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (AdBlock) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-14]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [611152 2013-12-18] (McAfee, Inc.)
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2012-01-29] (Microsoft Corporation)
R2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832 2013-12-18] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [324928 2011-05-12] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-06-27] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-06-27] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [346160 2012-11-22] (Hewlett-Packard)
R2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [247856 2012-11-22] (Hewlett-Packard)
R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [378928 2012-11-22] (Hewlett-Packard)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2437120 2013-12-17] (VMware, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 54278597; C:\Windows\System32\DRIVERS\54278597.sys [460888 2014-05-21] (Kaspersky Lab ZAO)
R0 75223308; C:\Windows\System32\DRIVERS\75223308.sys [460888 2014-06-22] (Kaspersky Lab ZAO)
S3 f5ipfw; C:\windows\system32\drivers\urfltv64.sys [30952 2013-10-31] (F5 Networks, Inc.)
R3 FireNfcp; C:\Windows\system32\drivers\FireNfcp.sys [53728 2014-08-12] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [200616 2013-12-18] (McAfee, Inc.)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-10-28] (Juniper Networks)
S4 jnprTdi_801_41197; C:\windows\system32\Drivers\jnprTdi_801_41197.sys [108336 2013-11-14] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-28] (Juniper Networks, Inc.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-06-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-06-27] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [520056 2013-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-06-27] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [78960 2013-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-06-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-06-27] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [42808 2012-11-22] (Hewlett-Packard)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [33008 2013-04-19] (Synaptics Incorporated)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2013-10-31] (F5 Networks, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
R2 VMparport; C:\windows\system32\drivers\VMparport.sys [31384 2012-11-01] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-23] (VMware, Inc.)
S0 86587877; system32\DRIVERS\86587877.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 03:03 - 2014-09-04 03:03 - 00000000 ____D () C:\FRST
2014-09-04 01:10 - 2014-09-04 01:15 - 00002884 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-09-04 01:10 - 2014-09-04 01:15 - 00000338 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-09-04 01:10 - 2014-09-04 01:10 - 00003102 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-09-04 01:10 - 2014-09-04 01:10 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-09-04 01:09 - 2014-09-04 03:00 - 00000278 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-09-04 01:09 - 2014-09-04 01:15 - 00003104 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-09-04 01:09 - 2014-09-04 01:10 - 00003346 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-09-04 01:09 - 2014-09-04 01:10 - 00003122 _____ () C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-09-04 01:09 - 2014-09-04 01:10 - 00003022 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-09-04 01:09 - 2014-09-04 01:10 - 00002980 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-09-04 01:09 - 2014-09-04 01:10 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-09-04 01:09 - 2014-09-04 01:10 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-09-04 01:09 - 2014-09-04 01:10 - 00000370 ____H () C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-09-04 01:09 - 2014-09-04 01:10 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-09-03 12:01 - 2014-09-03 12:01 - 00293336 _____ () C:\windows\Minidump\090314-24460-01.dmp
2014-09-02 14:05 - 2014-09-02 15:10 - 00000883 _____ () C:\windows\system32\Drivers\etc\hosts.bak
2014-09-01 18:55 - 2014-09-04 03:00 - 00000290 _____ () C:\windows\Tasks\Maint.job
2014-09-01 18:55 - 2014-09-04 01:09 - 00002882 _____ () C:\windows\System32\Tasks\Maint
2014-08-31 18:15 - 2014-08-31 18:15 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-08-31 18:15 - 2014-08-31 18:15 - 00002061 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-08-27 23:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 23:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 23:25 - 2014-08-23 02:59 - 03166720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:03 - 2014-08-27 09:03 - 00000000 ____D () C:\Users\me\Documents\OneNote Notebooks
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ____D () C:\Users\me\Documents\Legacy Family Tree
2014-08-26 17:28 - 2014-08-26 17:28 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000714 _____ () C:\Users\Public\Desktop\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2014-08-26 17:28 - 2011-03-02 20:54 - 00886776 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.TaskPanel.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 02660344 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.CommandBars.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 01882104 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.Controls.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 01374200 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.ReportControl.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 00825336 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.DockingPane.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 00501752 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.ShortcutBar.v15.0.2.ocx
2014-08-26 17:28 - 2007-11-07 19:03 - 00496384 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\windows\SysWOW64\XceedZip.dll
2014-08-26 17:28 - 2005-08-09 17:14 - 00458752 _____ (ComponentOne) C:\windows\SysWOW64\vsprint8.ocx
2014-08-26 17:28 - 2005-08-09 17:14 - 00262144 _____ (ComponentOne ) C:\windows\SysWOW64\vspdf8.ocx
2014-08-26 17:28 - 2004-11-23 16:59 - 00184320 _____ (CIA, The Company) C:\windows\SysWOW64\ciaXPButton30.ocx
2014-08-26 17:28 - 2004-11-19 01:45 - 00200704 _____ (CIA, The company) C:\windows\SysWOW64\ciaSCls20.dll
2014-08-26 17:28 - 2004-03-09 01:00 - 01010720 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCHRT20.OCX
2014-08-26 17:28 - 2003-12-12 16:41 - 00053248 _____ (CIA, The Company) C:\windows\SysWOW64\ciaXPRegSvr20.dll
2014-08-26 17:28 - 2003-02-19 01:11 - 00065536 _____ (Larcom and Young) C:\windows\SysWOW64\ReSize32.ocx
2014-08-26 17:28 - 2002-02-12 16:24 - 00169216 _____ (Wintertree Software Inc.) C:\windows\SysWOW64\WSpell.ocx
2014-08-26 17:28 - 2000-12-06 09:59 - 00832448 _____ (APEX Software Corporation) C:\windows\SysWOW64\tdbg6.ocx
2014-08-26 17:28 - 2000-05-22 00:00 - 00647872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCT2.OCX
2014-08-26 17:28 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RICHTX32.OCX
2014-08-26 17:28 - 2000-05-21 23:00 - 00115920 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSINET.OCX
2014-08-26 17:28 - 1999-11-23 10:01 - 00276992 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LFCMP11n.DLL
2014-08-26 17:28 - 1999-11-22 13:58 - 00751104 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltocx11n.ocx
2014-08-26 17:28 - 1999-11-22 13:52 - 00172544 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\Lfpng11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00151040 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lftif11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00080896 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lffax11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00059392 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfwmf11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00041472 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfgif11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00036864 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfbmp11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00035328 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfcal11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00032768 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfpcx11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00031232 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfeps11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfwpg11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lftga11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027136 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfimg11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfpcd11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfmsp11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00262144 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LTDIS11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00226816 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltefx11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00127488 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltimg11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00118272 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltfil11n.DLL
2014-08-26 17:28 - 1999-11-22 13:51 - 00038400 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lttwn11n.dll
2014-08-26 17:28 - 1999-11-22 13:50 - 00391168 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltkrn11n.dll
2014-08-26 17:28 - 1999-11-22 13:49 - 00045936 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltvdd11w.drv
2014-08-26 17:28 - 1999-11-22 13:49 - 00003824 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltthk11w.dll
2014-08-26 17:28 - 1999-09-17 11:14 - 00065536 _____ (Sheridan Software Systems, Inc) C:\windows\SysWOW64\ssfm1032.dll
2014-08-26 17:28 - 1999-07-01 13:17 - 00237568 _____ (VideoSoft) C:\windows\SysWOW64\Vsocx6.ocx
2014-08-26 17:28 - 1999-05-07 00:00 - 00198640 _____ (Microsoft Corporation) C:\windows\SysWOW64\MCI32.OCX
2014-08-26 17:28 - 1998-09-11 09:14 - 00021504 _____ () C:\windows\SysWOW64\WBCustomizer.dll
2014-08-26 17:28 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\windows\SysWOW64\VB5DB.dll
2014-08-26 17:28 - 1995-07-31 11:44 - 00212480 _____ (Eastman Kodak) C:\windows\SysWOW64\PCDLIB32.DLL
2014-08-26 17:27 - 2014-08-26 17:31 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-08-25 10:55 - 2013-07-05 04:53 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-08-25 10:53 - 2014-04-12 04:31 - 00313344 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll
2014-08-25 10:50 - 2014-04-30 06:10 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-08-25 10:50 - 2012-11-02 07:49 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2014-08-25 10:50 - 2012-11-02 07:06 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2014-08-21 02:11 - 2014-08-21 02:12 - 00296072 _____ () C:\windows\Minidump\082114-20326-01.dmp
2014-08-21 02:06 - 2014-08-21 02:06 - 00000601 _____ () C:\ProgramData\@system2.att
2014-08-21 02:05 - 2014-08-21 05:16 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-08-21 02:05 - 2014-08-21 02:06 - 00000601 _____ () C:\ProgramData\@system.att
2014-08-17 00:46 - 2014-08-17 00:46 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-17 00:24 - 2014-08-29 20:47 - 00000000 ____D () C:\Users\me\AppData\Local\Odlics
2014-08-15 01:04 - 2014-08-15 01:07 - 00000884 _____ () C:\windows\system32\Drivers\etc\hosts.umbrella
2014-08-15 01:04 - 2014-08-15 01:06 - 00000576 _____ () C:\Users\me\umbrella0.log
2014-08-15 01:03 - 2014-08-15 01:06 - 00000000 ____D () C:\Users\me\.shsh
2014-08-15 00:19 - 2014-08-15 00:42 - 00000000 ____D () C:\Users\me\AppData\Roaming\Apple Computer
2014-08-15 00:19 - 2014-08-15 00:19 - 00000000 ____D () C:\Users\me\AppData\Local\Apple Computer
2014-08-15 00:18 - 2014-08-27 12:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-15 00:18 - 2014-08-15 00:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-15 00:17 - 2014-08-27 12:50 - 00000000 ____D () C:\ProgramData\Apple
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\me\AppData\Local\Apple
2014-08-14 13:23 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 13:23 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 13:23 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 13:23 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 13:23 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 13:23 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 13:23 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 13:23 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-13 13:10 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 13:10 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-13 13:10 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 13:10 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 13:10 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 13:10 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-13 13:10 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 13:10 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 13:10 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 13:10 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 13:10 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 13:10 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 13:10 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 13:10 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-13 13:10 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 13:10 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 13:10 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 13:10 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 13:10 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:10 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 13:10 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-13 13:10 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-13 13:10 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:10 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:10 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 13:10 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:10 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-13 13:10 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 13:10 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-13 13:10 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 13:10 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-13 13:10 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-13 13:10 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 13:10 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-13 13:10 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-13 13:10 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-13 13:10 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-13 13:10 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 13:10 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:10 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 13:10 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 13:10 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 13:10 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-13 13:10 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-13 13:10 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-13 13:10 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 13:10 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-13 13:10 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-13 13:10 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:10 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-13 13:10 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 13:10 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 13:10 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 13:10 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-13 13:10 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-13 13:10 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-13 13:10 - 2014-07-16 05:22 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 13:10 - 2014-07-16 04:55 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:10 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 13:10 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-13 13:10 - 2014-06-25 04:06 - 14179328 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 13:10 - 2014-06-25 03:37 - 12877312 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-13 13:10 - 2014-06-12 09:52 - 00986560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:10 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 13:10 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-13 13:10 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-13 13:10 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-13 13:10 - 2014-06-03 04:42 - 01942016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 13:10 - 2014-06-03 04:42 - 00112576 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 13:10 - 2014-06-03 04:13 - 01806336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-13 13:06 - 2014-07-14 03:52 - 01215488 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 13:06 - 2014-07-14 03:52 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2014-08-13 13:06 - 2014-07-14 03:42 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2014-08-13 13:06 - 2014-07-14 03:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-08-13 12:30 - 2014-08-30 23:57 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-me ME2.emea.hpqcorp.net
2014-08-11 14:13 - 2014-09-04 01:21 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {81906a4e-681b-41c9-a33f-52997c8ed00b} ME2.emea.hpqcorp.net
2014-08-05 15:18 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-05 15:18 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-08-05 15:18 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-08-05 15:18 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-08-05 15:13 - 2014-08-05 15:18 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-04 03:03 - 2014-09-04 03:03 - 00000000 ____D () C:\FRST
2014-09-04 03:03 - 2014-02-19 01:50 - 00000000 ____D () C:\dl
2014-09-04 03:03 - 2009-07-14 06:51 - 01623746 _____ () C:\windows\setupact.log
2014-09-04 03:00 - 2014-09-04 01:09 - 00000278 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-09-04 03:00 - 2014-09-01 18:55 - 00000290 _____ () C:\windows\Tasks\Maint.job
2014-09-04 02:48 - 2014-02-18 17:14 - 00021242 __RSH () C:\ProgramData\ntuser.pol
2014-09-04 02:38 - 2014-02-25 17:35 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893UA.job
2014-09-04 02:34 - 2014-02-20 01:20 - 00000000 ____D () C:\Users\me\AppData\Roaming\Skype
2014-09-04 02:21 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-09-04 02:09 - 2014-02-21 20:46 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-04 01:21 - 2014-08-11 14:13 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for {81906a4e-681b-41c9-a33f-52997c8ed00b} ME2.emea.hpqcorp.net
2014-09-04 01:15 - 2014-09-04 01:10 - 00002884 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-09-04 01:15 - 2014-09-04 01:10 - 00000338 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-09-04 01:15 - 2014-09-04 01:09 - 00003104 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-09-04 01:15 - 2014-02-18 18:02 - 01220184 _____ () C:\windows\WindowsUpdate.log
2014-09-04 01:13 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-04 01:12 - 2014-03-30 18:09 - 00000000 ____D () C:\Users\me\AppData\Roaming\SpiderOak
2014-09-04 01:12 - 2014-02-18 17:29 - 00003322 _____ () C:\windows\System32\Tasks\Smart Client
2014-09-04 01:12 - 2009-07-14 06:45 - 00019344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 01:12 - 2009-07-14 06:45 - 00019344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 01:11 - 2009-07-14 07:13 - 00789514 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-04 01:10 - 2014-09-04 01:10 - 00003102 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-09-04 01:10 - 2014-09-04 01:10 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-09-04 01:10 - 2014-09-04 01:09 - 00003346 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-09-04 01:10 - 2014-09-04 01:09 - 00003122 _____ () C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-09-04 01:10 - 2014-09-04 01:09 - 00003022 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-09-04 01:10 - 2014-09-04 01:09 - 00002980 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-09-04 01:10 - 2014-09-04 01:09 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-09-04 01:10 - 2014-09-04 01:09 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-09-04 01:10 - 2014-09-04 01:09 - 00000370 ____H () C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-09-04 01:10 - 2014-09-04 01:09 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-09-04 01:09 - 2014-09-01 18:55 - 00002882 _____ () C:\windows\System32\Tasks\Maint
2014-09-04 01:09 - 2014-02-28 13:59 - 00003244 _____ () C:\windows\System32\Tasks\pcpm-collector
2014-09-04 01:09 - 2014-02-28 13:59 - 00002906 _____ () C:\windows\System32\Tasks\pcpm-consolidator
2014-09-04 01:09 - 2014-02-28 13:59 - 00000314 _____ () C:\windows\Tasks\pcpm-consolidator.job
2014-09-04 01:09 - 2014-02-28 13:59 - 00000308 _____ () C:\windows\Tasks\pcpm-collector.job
2014-09-04 01:09 - 2014-02-24 01:48 - 00000000 ____D () C:\Users\me\AppData\Roaming\G-Recorder
2014-09-04 01:08 - 2014-02-21 20:46 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-04 01:06 - 2014-02-18 17:14 - 00004688 _____ () C:\windows\system32\config\netlogon.ftl
2014-09-04 01:05 - 2014-07-14 11:48 - 00000000 ____D () C:\ProgramData\VMware
2014-09-04 01:05 - 2009-07-14 07:08 - 00032572 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-04 01:05 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-04 01:04 - 2010-11-21 05:47 - 00082996 _____ () C:\windows\PFRO.log
2014-09-04 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SchCache
2014-09-04 00:35 - 2014-07-16 22:46 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 00:32 - 2014-02-20 01:20 - 00000000 ____D () C:\om
2014-09-04 00:30 - 2014-03-08 16:47 - 00000000 ____D () C:\Quarantine
2014-09-03 17:24 - 2014-02-18 17:14 - 01438079 __RSH () C:\ProgramData\tempntuser.pol
2014-09-03 17:14 - 2014-02-18 17:17 - 00008826 __RSH () C:\Users\me\ntuser.pol
2014-09-03 17:14 - 2014-02-18 17:17 - 00000000 ____D () C:\Users\me
2014-09-03 13:07 - 2014-03-19 14:06 - 00037429 _____ () C:\windows\comsetup.log
2014-09-03 13:07 - 2014-03-19 14:00 - 00519423 _____ () C:\windows\diagerr.xml
2014-09-03 13:07 - 2014-03-19 14:00 - 00365763 _____ () C:\windows\diagwrn.xml
2014-09-03 13:07 - 2014-03-19 12:20 - 00000000 ____D () C:\Users\me\Documents\MySavedSettings
2014-09-03 13:07 - 2009-07-14 06:51 - 00085251 _____ () C:\windows\setuperr.log
2014-09-03 13:05 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-09-03 12:18 - 2014-07-14 11:49 - 00000000 ____D () C:\Users\me\AppData\Roaming\VMware
2014-09-03 12:06 - 2014-02-18 17:18 - 00000000 ____D () C:\windows\HPLogin
2014-09-03 12:01 - 2014-09-03 12:01 - 00293336 _____ () C:\windows\Minidump\090314-24460-01.dmp
2014-09-03 12:01 - 2014-06-18 11:23 - 639007319 _____ () C:\windows\MEMORY.DMP
2014-09-03 12:01 - 2014-06-18 11:23 - 00000000 ____D () C:\windows\Minidump
2014-09-03 11:31 - 2014-02-24 01:49 - 00000000 ____D () C:\Users\me\AppData\Local\CrashDumps
2014-09-03 07:38 - 2014-02-25 17:35 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893Core.job
2014-09-02 15:10 - 2014-09-02 14:05 - 00000883 _____ () C:\windows\system32\Drivers\etc\hosts.bak
2014-09-02 02:16 - 2014-02-18 01:38 - 00000000 ____D () C:\Temp
2014-09-01 04:12 - 2014-02-18 17:29 - 00000000 ____D () C:\windows\SmartClient
2014-08-31 18:15 - 2014-08-31 18:15 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-08-31 18:15 - 2014-08-31 18:15 - 00002061 _____ () C:\Users\Public\Desktop\Lightroom 5.6 64-bit.lnk
2014-08-31 18:12 - 2014-02-21 01:51 - 00000000 ____D () C:\Program Files\Adobe
2014-08-30 23:57 - 2014-08-13 12:30 - 00004966 _____ () C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-me ME2.emea.hpqcorp.net
2014-08-30 12:44 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Vss
2014-08-29 20:47 - 2014-08-17 00:24 - 00000000 ____D () C:\Users\me\AppData\Local\Odlics
2014-08-29 02:36 - 2014-05-29 05:12 - 00000000 ____D () C:\windows\SysWOW64\LogSpace
2014-08-28 23:55 - 2009-07-14 06:45 - 05169800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 12:50 - 2014-08-15 00:17 - 00000000 ____D () C:\ProgramData\Apple
2014-08-27 12:42 - 2014-08-15 00:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-27 09:03 - 2014-08-27 09:03 - 00000000 ____D () C:\Users\me\Documents\OneNote Notebooks
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ____D () C:\Users\me\Documents\Legacy Family Tree
2014-08-26 17:31 - 2014-08-26 17:27 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-08-26 17:28 - 2014-08-26 17:28 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000714 _____ () C:\Users\Public\Desktop\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2014-08-26 02:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-25 18:00 - 2014-07-30 02:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 04:07 - 2014-08-27 23:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:25 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:25 - 03166720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 05:16 - 2014-08-21 02:05 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-08-21 02:12 - 2014-08-21 02:11 - 00296072 _____ () C:\windows\Minidump\082114-20326-01.dmp
2014-08-21 02:06 - 2014-08-21 02:06 - 00000601 _____ () C:\ProgramData\@system2.att
2014-08-21 02:06 - 2014-08-21 02:05 - 00000601 _____ () C:\ProgramData\@system.att
2014-08-17 02:39 - 2014-02-18 17:17 - 00118592 _____ () C:\Users\me\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 00:46 - 2014-08-17 00:46 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-15 01:07 - 2014-08-15 01:04 - 00000884 _____ () C:\windows\system32\Drivers\etc\hosts.umbrella
2014-08-15 01:06 - 2014-08-15 01:04 - 00000576 _____ () C:\Users\me\umbrella0.log
2014-08-15 01:06 - 2014-08-15 01:03 - 00000000 ____D () C:\Users\me\.shsh
2014-08-15 00:42 - 2014-08-15 00:19 - 00000000 ____D () C:\Users\me\AppData\Roaming\Apple Computer
2014-08-15 00:19 - 2014-08-15 00:19 - 00000000 ____D () C:\Users\me\AppData\Local\Apple Computer
2014-08-15 00:18 - 2014-08-15 00:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\me\AppData\Local\Apple
2014-08-14 14:06 - 2013-06-20 00:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-08-14 14:06 - 2013-06-20 00:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 13:41 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 13:33 - 2014-02-18 18:26 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 13:30 - 2013-06-20 13:08 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 13:28 - 2009-07-14 04:34 - 00000478 _____ () C:\windows\win.ini
2014-08-14 01:41 - 2014-04-14 01:12 - 00002351 _____ () C:\Users\me\Desktop\Google Chrome.lnk
2014-08-12 11:14 - 2014-02-20 01:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 08:35 - 2014-03-28 21:27 - 00000000 ____D () C:\mp3
2014-08-12 01:17 - 2014-07-10 16:01 - 00053728 _____ (McAfee, Inc.) C:\windows\system32\Drivers\FireNfcp.sys
2014-08-05 18:22 - 2014-02-18 17:17 - 00000000 ____D () C:\Users\me\AppData\Roaming\Adobe
2014-08-05 15:18 - 2014-08-05 15:13 - 00004489 _____ () C:\windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-08-05 15:18 - 2014-02-20 01:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-05 15:18 - 2014-02-20 01:30 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-05 14:13 - 2014-02-18 23:34 - 00000000 ____D () C:\util
2014-08-05 12:39 - 2013-06-20 00:49 - 00118592 _____ () C:\Users\Default\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-05 12:39 - 2013-06-20 00:49 - 00118592 _____ () C:\Users\Default User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-05 11:15 - 2014-02-18 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-05 11:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system
2014-08-05 11:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Branding
 
Files to move or delete:
====================
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs
C:\Users\hpadmin\create_shortcut.vbs
C:\Users\hpadmin\reg_off2k7.vbs
 
 
Some content of TEMP:
====================
C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-27 20:42
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02
Ran by me at 2014-09-04 03:05:03
Running from C:\dl
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Host Intrusion Prevention Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.32134 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
7-Zip 9.25 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0925-000001000000}) (Version: 9.25.00.0 - Igor Pavlov)
ACDSee Pro 7 (64-bit) (HKLM\...\{D2A6EC54-CB46-49E4-A6FC-A9179F9D9D12}) (Version: 7.0.138 - ACD Systems International Inc.)
ActivClient (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Adroit Photo Recovery 2012 (HKLM-x32\...\{D60D9D59-8AAF-4F7B-B355-EA7363B2B02F}) (Version: 3.1.001 - Digital Assembly)
BIG-IP Edge Client Components (All Users) (HKLM-x32\...\F5 Networks Client Components) (Version: 70.2013.1031.1040 - F5 Networks, Inc.)
BS.Player PRO (HKLM-x32\...\BSPlayerp) (Version: 2.67.1076 - AB Team, d.o.o.)
calibre 64bit (HKLM\...\{4C296BF8-1A08-4C8D-A4B3-16FB6AECEF20}) (Version: 1.30.0 - Kovid Goyal)
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{0B79C91F-978F-4C2E-9FE4-D4B567808858}) (Version:  - Microsoft)
Device Installer x64 (HKLM\...\{90FE5BFC-C6C5-45D3-A7E3-463D707E2D44}) (Version: 2.2 - ActivIdentity)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FinePrint (HKLM\...\FinePrint) (Version: 8.05 - FinePrint Software, LLC)
FLAC Frontend (HKLM-x32\...\{315E5E8B-0560-413A-B604-622A4C8BECBD}) (Version: 2.1.1 - Xiph.org)
Follow-Me Settings (HKLM-x32\...\{95CDF79E-C7DE-4C22-9A06-DF8A013C4547}) (Version: 2.0.0506 - Hewlett-Packard)
foobar2000 v1.3.1 (HKLM-x32\...\foobar2000) (Version: 1.3.1 - Peter Pawlowski)
Forefront Identity Manager Add-ins and Extensions (HKLM\...\{82602802-91A2-449B-98BF-7F86BDE7F7E5}) (Version: 4.0.3606.2 - Microsoft Corporation)
Get IT Icon (x32 Version: 6.0.48 - Hewlett-Packard) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk Plugin (HKLM-x32\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
G-Recorder (remove only) (HKLM-x32\...\G-Recorder) (Version: 2.3.20 - G-Recorder)
HiDownloadPlatinum (HKLM-x32\...\HiDownload Platinum_is1) (Version:  - )
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Client Automation Application Manager Agent (HKLM-x32\...\{71C1542A-0767-4731-B4C9-119073501295}) (Version: 9.00.0000 - Hewlett-Packard Company)
HP Connection Manager (HKLM-x32\...\{7A6B4340-7090-418F-8976-EE9650B35550}) (Version: 4.1.22.1 - Hewlett-Packard Company)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{840021F2-FFC0-467A-BF85-29B8B7803717}) (Version: 2.0.8.1 - Hewlett-Packard Company)
HP Fonts (HKLM-x32\...\{05FCDAAC-6974-439F-872C-6921F1424FC5}) (Version: 2.0 - Hewlett-Packard)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.6.11.2 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{94BB4B4F-BD6D-4166-A580-F868C8384CA6}) (Version: 4.6.8.1 - Hewlett-Packard Company)
HP Timing Service (HKLM-x32\...\{C74C286B-67D8-453B-A639-9C99053E76A2}) (Version:  - Hewlett-Packard)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron 1394 Filter Driver (HKLM-x32\...\{13C96625-28E4-4c58-ADE0-CDAFC64752EB}) (Version: 1.00.25.03 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
JOSM (HKCU\...\JOSM) (Version:  - OpenStreetMap)
Juniper Networks Setup Client (HKCU\...\Juniper_Setup_Client) (Version: 8.0.1.41197 - Juniper Networks)
Juniper Networks Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Juniper Networks Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks)
Junos Pulse (Version: 5.0.41197 - Juniper Networks) Hidden
Junos Pulse 5.0 (HKLM-x32\...\Junos Pulse 5.0) (Version: 5.0.41197 - Juniper Networks, Inc.)
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.2.100 - LSI Corporation)
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Agent (HKLM-x32\...\{EBF3D65F-011E-44D2-8F4F-C74B52682EDD}) (Version: 4.8.0.1500 - McAfee, Inc.)
McAfee Host Intrusion Prevention (HKLM\...\{D2B9C003-A3CD-44A0-9DE5-52FE986C03E5}_Uninst) (Version: 8.00.0402 - McAfee, Inc.)
McAfee Host Intrusion Prevention (Version: 8.00.0402 - McAfee, Inc.) Hidden
McAfee SiteAdvisor Enterprise Plus (HKLM-x32\...\{00FC3F65-86EB-475E-881F-A5B1CF731320}) (Version: 3.0.0.638 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM-x32\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.04001 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office OSM MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Runtime (HKLM-x32\...\{1F8E64E0-FFAB-4D7D-A793-F451D580EF65}) (Version: 8.0.50727.76201 - Hewlett-Packard Company)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Migrate My Computer (HKLM-x32\...\{99957DEE-C5BF-4869-B807-C399316678FA}) (Version: 6.1.13176 - Hewlett-Packard)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mp3tag v2.60 (HKLM-x32\...\Mp3tag) (Version: v2.60 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Outlook Diagnostics (HKLM-x32\...\{8BD2B13B-9361-4005-B5BD-7FBEC4AEB105}) (Version: 2.1.0.20 - Hewlett-Packard Company)
PC COE (HKLM-x32\...\{DF6F1789-2C07-49CB-993D-6B3D5586C34E}) (Version: 31.1.2 - Hewlett-Packard Company)
PC COE Required Settings (HKLM-x32\...\{4D9D12CD-B714-4A8F-A4AB-C33C4DD7F770}) (Version: 31.1.0 - Hewlett-Packard Company)
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
R for Windows 3.0.2 (HKLM\...\R for Windows 3.0.2_is1) (Version: 3.0.2 - R Core Team)
Remote Access to HP Network 6.5 (HKLM\...\{F55AC315-3443-4A7A-9C01-621C776E1AA4}) (Version: 6.5.4.52064 - Hewlett-Packard Company)
R-Word Demo 2.0 (HKLM-x32\...\R-Word Demo_is1) (Version:  - R-tools Technology Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
SpiderOak x64 (HKLM\...\{4D2E5937-E78A-44AC-9218-BC8FEB75CDFD}) (Version: 5.1.2.10091 - SpiderOak)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.18.8 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.31064 - TeamViewer)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2883061) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{4CFCE804-3034-4F3A-84E2-3C97665F80EC}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{35E5FACD-A5AA-46AD-93C7-F6D7969044E7}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{35E5FACD-A5AA-46AD-93C7-F6D7969044E7}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881070) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{35E5FACD-A5AA-46AD-93C7-F6D7969044E7}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7DF13AFE-A484-4178-A82D-EF0689A24775}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{8C07AD38-38EB-4332-BCB3-F55A77C927DF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7A3EF4FF-A9C8-4F7E-8020-A45F7D319387}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0016-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM-x32\...\{90150000-0090-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{B8E73381-09B1-4895-ACD0-34385B0F526D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{1C6260FD-A280-49FE-89D0-CCEC647FBD8E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{3F3A95FF-9F40-4B19-8227-53DF683B4CF9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883052) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{3F3A95FF-9F40-4B19-8227-53DF683B4CF9}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUS_{DA288EB3-648C-433C-88AC-71AEAAFAACF7}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUS_{51865C36-97D4-4210-A33E-50BCC8CDDF72}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0C0A-0000-0000000FF1CE}_Office15.PROPLUS_{C20FB0E0-31F6-4958-B94D-AEF3CC31FD87}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{EE35EB6C-7768-433F-B9A0-73C97699A08C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883062) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EE35EB6C-7768-433F-B9A0-73C97699A08C}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 32-Bit Edition (HKLM-x32\...\{90150000-00BA-0409-0000-0000000FF1CE}_Office15.PROPLUS_{90EEAEDF-CD51-4E8C-B781-7A071EC53C36}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 32-Bit Edition (HKLM-x32\...\{90150000-00A1-0409-0000-0000000FF1CE}_Office15.PROPLUS_{CA0F0611-10FB-47D4-A642-E3BABCC73393}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2881011) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{E2362D6B-C590-4698-A990-35B4A77A294D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{01923A0F-BA34-4A75-8D43-97F536E44D95}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2883051) 32-Bit Edition (HKLM-x32\...\{90150000-0018-0409-0000-0000000FF1CE}_Office15.PROPLUS_{01923A0F-BA34-4A75-8D43-97F536E44D95}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 32-Bit Edition (HKLM-x32\...\{90150000-0019-0409-0000-0000000FF1CE}_Office15.PROPLUS_{7500AD77-83C6-400B-8B2F-F8E401A7B697}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0409-0000-0000000FF1CE}_Office15.PROPLUS_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{90150000-001A-0409-0000-0000000FF1CE}_Office15.PROPLUS_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{90150000-001B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2883058) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{78F4AB20-5992-425F-BCFB-ECCFF3531F55}) (Version:  - Microsoft)
Validity Fingerprint Sensor Driver (HKLM\...\{AA51ED2E-DCE7-415F-9C32-CB9B561D216D}) (Version: 4.4.228.0 - Validity Sensors, Inc.)
VMware Horizon View Client (HKLM\...\{5A9DFDB4-4056-4558-8619-CFA5D105AD99}) (Version: 5.4.1.1888861 - VMware, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinDjView 2.0.2 (HKLM\...\WinDjView) (Version: 2.0.2 - Andrew Zhezherun)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Средства проверки правописания Microsoft Office 2013 — русский (HKLM-x32\...\{90150000-001F-0419-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1957994488-842925246-40105171-1219893_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\me\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1957994488-842925246-40105171-1219893_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-842925246-40105171-1219893_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1957994488-842925246-40105171-1219893_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
31-08-2014 16:05:41 Installed Adobe Photoshop Lightroom 5.6 64-bit.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-09-01 03:54 - 2014-09-04 00:24 - 00000883 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 acdid.acdsystems.com
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {14854941-F381-4A90-8893-D1CEA68A138A} - System32\Tasks\{30AEBC17-B8D3-4970-8983-F1A48B805445} => C:\util\VMware View Client.exe
Task: {1C86D542-B8CC-406D-9E5C-30AA1C2EF51F} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,CheckForUpdates
Task: {1CC99A73-7738-49C8-9FDD-1039897D7122} - System32\Tasks\Microsoft Office 15 Sync Maintenance for EMEA-me ME2.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {35ED6648-6159-4BCC-BF94-4D454940B907} - System32\Tasks\Smart Client => C:\Program Files (x86)\SmartClient\Smart.exe [2014-03-21] (Hewlett-Packard Company)
Task: {3D113B6B-825A-41F3-96CC-83C7F727C1D2} - System32\Tasks\FMS-Scheduled-Capture_me => C:\Program Files (x86)\Hewlett-Packard\FMD\Follow-Me Settings\FMS.exe [2013-08-15] (Hewlett-Packard Company)
Task: {541ED0D8-2ED8-43A0-8174-1B741019D44B} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {81906a4e-681b-41c9-a33f-52997c8ed00b} ME2.emea.hpqcorp.net => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [2014-07-27] (Microsoft Corporation)
Task: {651A0896-BAA9-44AB-8DAC-C4CE6A00F808} - System32\Tasks\{2B7FF00D-06CE-4DA2-9BFC-C90E093B2254} => C:\util\VMware View Client.exe
Task: {6A268CE6-8EC4-4C2B-95FD-88686EC3D957} - System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll,RunPatch
Task: {7BFFECAA-427D-4631-A836-C67631AC81A4} - System32\Tasks\{46B1AE7A-A5C2-40BB-BBBB-AB3933F4429C} => C:\util\VMware View Client.exe
Task: {81057ACE-0C47-44AA-9C68-6122F413D5F5} - System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000 => Rundll32.exe C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin A
Task: {87CC3488-E9CF-4B2C-88DE-D4E4A2DCEC05} - System32\Tasks\pcpm-collector => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28] (Hewlett-Packard Company)
Task: {87EF629D-D8A3-4239-A45F-93C4AFB21D0E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: {8810F6C5-94A3-4DB7-B343-6C730870961F} - System32\Tasks\pcpm-consolidator => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28] (Hewlett-Packard Company)
Task: {959765D4-AC88-4919-B2E4-48E0E35A200F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {A61D893C-C386-46E4-8E26-F90953F5782E} - System32\Tasks\{07D7AFAD-1BC7-4932-83F9-5989E7E2C8E8} => C:\util\VMware View Client.exe
Task: {AF286D98-55CA-4DCF-8338-AF05CC8F28F1} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll,SendInventory
Task: {B41791B9-7425-4817-B46C-377B4869074E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893UA => C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {B55B9720-12F6-4388-B6FB-D76DCEABEC99} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {CCBA85D8-EBA3-47F8-A214-7D655F1D5793} - System32\Tasks\Maint => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe [2010-10-28] (Hewlett-Packard Company)
Task: {CFDEAAEB-CE99-4430-8E02-A395095BAAF9} - System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001 => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe [2007-06-24] (Hewlett-Packard)
Task: {DF4152BE-C919-4FBE-819C-826992AED309} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893Core => C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe [2014-02-21] (Google Inc.)
Task: {DF5ED4F3-7973-42DF-AC79-64B1E5061F5B} - System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000 => Rundll32.exe C:\PROGRA~2\HEWLET~1\PCCOE~1\BIOSSI.dll,RunBIOSSnapin
Task: {E2A24EA4-5FB5-473D-9B37-7024401F49E5} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {ED4CCB81-6A98-4DA1-B355-8213BDC1EB89} - System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000 => Rundll32.exe c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll,RunHourlyHook
Task: {FC4123C7-A74B-42F4-B20B-0EF0955ABB06} - System32\Tasks\{B26E9FA5-5571-4798-853A-64A1A45A84A3} => C:\util\VMware View Client.exe
Task: {FE952DEE-9838-42D4-8524-227AFD384128} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-22] (Microsoft Corporation)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893Core.job => C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893UA.job => C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\Aimsi.dll
Task: C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job => Ѓяэ†Ъ:ЕJ–aу›
чЅAFj<
 яяяя Б!C:\windows\system32\rundll32.exe?C:\PROGRA~2\HEWLET~1\PCCOE~1\SWBUND~1.DLL,RunSWBundlesSnapin APC COEPC COE Software Bundles update0Ю
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\clinvsi.dll
Task: C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job => c:\Program Files (x86)\Hewlett-Packard\PC COE\coetl32.exe
Task: C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job => C:\PROGRA~2\HEWLET~1\PCCOE~1\BIOSSI.dll
Task: C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job => c:\PROGRA~2\HEWLET~1\PCCOE~1\critupsi.dll
Task: C:\windows\Tasks\Maint.job => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe
Task: C:\windows\Tasks\pcpm-collector.job => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe
Task: C:\windows\Tasks\pcpm-consolidator.job => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDASnapIn2.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-04-25 23:35 - 2014-04-25 23:35 - 02967040 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll
2013-12-20 09:45 - 2013-12-20 09:45 - 00129024 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32api.pyd
2013-12-20 09:43 - 2013-12-20 09:43 - 00138240 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pywintypes27.dll
2013-12-20 09:49 - 2013-12-20 09:49 - 00548864 _____ () C:\Program Files\SpiderOak\shell_extension_lib\pythoncom27.dll
2013-12-20 09:45 - 2013-12-20 09:45 - 00017920 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32trace.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00136192 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32security.pyd
2013-12-20 09:56 - 2013-12-20 09:56 - 00520192 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.shell.shell.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00061440 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32evtlog.pyd
2012-04-10 22:25 - 2012-04-10 22:25 - 00111616 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_ctypes.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00149504 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32file.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00027648 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32pipe.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00023040 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32event.pyd
2012-04-10 22:30 - 2012-04-10 22:30 - 00471552 _____ () C:\Program Files\SpiderOak\shell_extension_lib\_hashlib.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00045056 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32process.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00223232 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32gui.pyd
2013-12-20 09:57 - 2013-12-20 09:57 - 00125952 _____ () C:\Program Files\SpiderOak\shell_extension_lib\win32com.propsys.propsys.pyd
2014-04-25 23:35 - 2014-04-25 23:35 - 02278912 _____ () C:\ProgramData\Microsoft\Crypto\RSA64\rsa64.dll
2011-08-08 18:29 - 2011-08-08 18:29 - 00094208 _____ () C:\Program Files\RA2HP\psWinControl.dll
2012-04-10 22:30 - 2012-04-10 22:30 - 01167360 _____ () C:\Program Files\SpiderOak\lib\_ssl.pyd
2012-04-10 22:24 - 2012-04-10 22:24 - 00046080 _____ () C:\Program Files\SpiderOak\lib\_socket.pyd
2012-04-10 22:24 - 2012-04-10 22:24 - 00058368 _____ () C:\Program Files\SpiderOak\lib\_sqlite3.pyd
2012-04-10 22:24 - 2012-04-10 22:24 - 00535040 _____ () C:\Program Files\SpiderOak\lib\sqlite3.dll
2012-09-28 21:43 - 2012-09-28 21:43 - 00025088 _____ () C:\Program Files\SpiderOak\lib\zope.interface._zope_interface_coptimizations.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00067584 _____ () C:\Program Files\SpiderOak\lib\BTrees._OOBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00022528 _____ () C:\Program Files\SpiderOak\lib\persistent.cPersistence.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00012800 _____ () C:\Program Files\SpiderOak\lib\persistent.TimeStamp.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00018944 _____ () C:\Program Files\SpiderOak\lib\persistent.cPickleCache.pyd
2012-04-10 22:30 - 2012-04-10 22:30 - 00471552 _____ () C:\Program Files\SpiderOak\lib\_hashlib.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00072192 _____ () C:\Program Files\SpiderOak\lib\BTrees._OIBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00075264 _____ () C:\Program Files\SpiderOak\lib\BTrees._IIBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00072704 _____ () C:\Program Files\SpiderOak\lib\BTrees._IOBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00075776 _____ () C:\Program Files\SpiderOak\lib\BTrees._IFBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00073728 _____ () C:\Program Files\SpiderOak\lib\BTrees._OLBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00076288 _____ () C:\Program Files\SpiderOak\lib\BTrees._LLBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00073728 _____ () C:\Program Files\SpiderOak\lib\BTrees._LOBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00076288 _____ () C:\Program Files\SpiderOak\lib\BTrees._LFBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00073216 _____ () C:\Program Files\SpiderOak\lib\BTrees._fsBTree.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00006656 _____ () C:\Program Files\SpiderOak\lib\twisted.python._initgroups.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00129024 _____ () C:\Program Files\SpiderOak\lib\win32api.pyd
2013-12-20 09:43 - 2013-12-20 09:43 - 00138240 _____ () C:\Program Files\SpiderOak\lib\pywintypes27.dll
2012-09-28 21:42 - 2012-09-28 21:42 - 00011264 _____ () C:\Program Files\SpiderOak\lib\Crypto.Hash.SHA256.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00149504 _____ () C:\Program Files\SpiderOak\lib\win32file.pyd
2012-09-28 22:55 - 2012-09-28 22:55 - 00016384 _____ () C:\Program Files\SpiderOak\lib\bcrypt._bcrypt.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00010752 _____ () C:\Program Files\SpiderOak\lib\Crypto.Random.OSRNG.winrandom.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00010752 _____ () C:\Program Files\SpiderOak\lib\Crypto.Util._counter.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00033280 _____ () C:\Program Files\SpiderOak\lib\Crypto.Cipher.AES.pyd
2012-06-26 08:57 - 2012-06-26 08:57 - 02145792 _____ () C:\Program Files\SpiderOak\lib\PyQt4.QtCore.pyd
2012-06-26 08:48 - 2012-06-26 08:48 - 00089088 _____ () C:\Program Files\SpiderOak\lib\sip.pyd
2012-04-10 22:25 - 2012-04-10 22:25 - 00111616 _____ () C:\Program Files\SpiderOak\lib\_ctypes.pyd
2013-12-20 09:49 - 2013-12-20 09:49 - 00548864 _____ () C:\Program Files\SpiderOak\lib\pythoncom27.dll
2013-12-20 09:56 - 2013-12-20 09:56 - 00520192 _____ () C:\Program Files\SpiderOak\lib\win32com.shell.shell.pyd
2012-06-26 09:13 - 2012-06-26 09:13 - 07643648 _____ () C:\Program Files\SpiderOak\lib\PyQt4.QtGui.pyd
2012-06-26 09:16 - 2012-06-26 09:16 - 00641536 _____ () C:\Program Files\SpiderOak\lib\PyQt4.QtNetwork.pyd
2012-06-26 09:23 - 2012-06-26 09:23 - 00009216 _____ () C:\Program Files\SpiderOak\lib\PyQt4.Qt.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00048128 _____ () C:\Program Files\SpiderOak\lib\win32inet.pyd
2012-04-10 22:24 - 2012-04-10 22:24 - 00010752 _____ () C:\Program Files\SpiderOak\lib\select.pyd
2012-05-15 14:51 - 2012-05-15 14:51 - 00066560 _____ () C:\Program Files\SpiderOak\lib\OpenSSL.crypto.pyd
2012-05-15 14:51 - 2012-05-15 14:51 - 00010240 _____ () C:\Program Files\SpiderOak\lib\OpenSSL.rand.pyd
2012-05-15 14:51 - 2012-05-15 14:51 - 00050688 _____ () C:\Program Files\SpiderOak\lib\OpenSSL.SSL.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00045056 _____ () C:\Program Files\SpiderOak\lib\win32process.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00059392 _____ () C:\Program Files\SpiderOak\lib\Crypto.Cipher.DES3.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00009728 _____ () C:\Program Files\SpiderOak\lib\Crypto.Cipher.XOR.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00008192 _____ () C:\Program Files\SpiderOak\lib\Crypto.Util.strxor.pyd
2012-09-28 21:43 - 2012-09-28 21:43 - 00007680 _____ () C:\Program Files\SpiderOak\lib\twisted.protocols._c_urlarg.pyd
2012-04-10 22:24 - 2012-04-10 22:24 - 00689664 _____ () C:\Program Files\SpiderOak\lib\unicodedata.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00027648 _____ () C:\Program Files\SpiderOak\lib\win32pipe.pyd
2013-12-20 09:44 - 2013-12-20 09:44 - 00023040 _____ () C:\Program Files\SpiderOak\lib\win32event.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00061440 _____ () C:\Program Files\SpiderOak\lib\win32evtlog.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00136192 _____ () C:\Program Files\SpiderOak\lib\win32security.pyd
2013-12-20 09:45 - 2013-12-20 09:45 - 00223232 _____ () C:\Program Files\SpiderOak\lib\win32gui.pyd
2012-05-28 23:27 - 2012-05-28 23:27 - 03039232 _____ () C:\Program Files (x86)\G-Recorder\G-Recorder.exe
2011-04-08 10:57 - 2011-04-08 10:57 - 01102336 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\System.Data.SQLite.dll
2013-12-20 09:45 - 2013-12-20 09:45 - 00055296 _____ () C:\Program Files\SpiderOak\lib\win32console.pyd
2012-09-28 21:42 - 2012-09-28 21:42 - 00035840 _____ () C:\Program Files\SpiderOak\lib\simplejson._speedups.pyd
2012-01-14 09:31 - 2012-01-14 09:31 - 01228800 _____ () C:\Program Files\SpiderOak\lib\pycurl.pyd
2014-02-04 12:29 - 2014-02-04 12:29 - 00013824 _____ () C:\Program Files\SpiderOak\lib\spideroak_version_matcher.pyd
2012-09-24 06:40 - 2012-09-24 06:40 - 01068544 _____ () C:\Program Files\SpiderOak\lib\PIL._imaging.pyd
2014-02-04 12:32 - 2014-02-04 12:32 - 00013824 _____ () C:\Program Files\SpiderOak\windows_dir_watcher.exe
2014-02-19 01:58 - 2014-02-18 02:02 - 00428820 _____ () C:\util\far\lua5.1.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00393216 _____ () C:\Program Files (x86)\McAfee\Common Framework\cryptocme2.dll
2007-04-18 19:30 - 2007-04-18 19:30 - 00471040 _____ () C:\Program Files (x86)\McAfee\Common Framework\ccme_base.dll
2012-11-22 19:32 - 2012-11-22 19:32 - 00141184 _____ () C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\expat.dll
2012-11-01 02:34 - 2012-11-01 02:34 - 01260184 _____ () C:\Program Files\VMware\VMware View\Client\Local Mode\libxml2.dll
2014-08-14 16:56 - 2014-08-14 16:56 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\1e70f9aada009e40c4f131cfdbe52126\IsdiInterop.ni.dll
2014-02-18 17:11 - 2011-01-13 01:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-13 10:54 - 2013-09-13 10:54 - 00022696 _____ () C:\Program Files (x86)\Microsoft Office\Office15\lynchtmlconvpxy.dll
2011-04-08 10:57 - 2011-04-08 10:57 - 00514570 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\sqlite3.dll
2014-07-30 02:13 - 2014-07-30 02:13 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-11 03:00 - 2014-07-11 03:00 - 17029808 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Microsoft:aPSVSrEk8d76SQiEhFy
AlternateDataStreams: C:\ProgramData\Microsoft:CrGuAcc519aWtjmzzKh9iPcCNdocb
AlternateDataStreams: C:\ProgramData\Microsoft:ii8oBOPn1HHEtiR0Zjs
AlternateDataStreams: C:\Users\me\Local Settings:J250PnYKguJ872rfcLMJM4
AlternateDataStreams: C:\Users\me\AppData\Local:J250PnYKguJ872rfcLMJM4
AlternateDataStreams: C:\Users\me\AppData\Local\Application Data:J250PnYKguJ872rfcLMJM4
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/04/2014 01:05:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={EF7E713B-8422-4EC0-9B01-8A6E1482C615}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={12FE9A02-94D4-485A-A44E-494DAB26FC93}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={ADD6D792-D604-45E9-850D-447AB0255E9C}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={18DFE2D9-6566-420D-9C87-AAD76E612DF3}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/04/2014 00:24:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={514CDDA9-81EC-4AAC-B566-CB1DC33C9206}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/04/2014 00:24:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={18DFE6F0-A0DC-4F5B-A03E-E271FA932E08}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/04/2014 00:24:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={593ED09C-C83A-4DCC-B1FA-F534BCDAD5C6}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/03/2014 11:49:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={7A629BC7-316D-4776-B394-A27A07DDCB2B}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 0.
 
Error: (09/03/2014 11:48:42 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={4E5DA255-3505-41C3-8A3F-E9B81967306E}: The user EMEA\me dialed a connection named _Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly which has failed. The error code returned on failure is 628.
 
 
System errors:
=============
Error: (09/04/2014 02:50:30 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (09/04/2014 02:48:20 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (09/04/2014 02:48:20 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (09/04/2014 01:54:54 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (09/04/2014 01:54:50 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (09/04/2014 01:09:32 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80070422
 
Error: (09/04/2014 01:08:55 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: EMEA)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (09/04/2014 01:05:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
86587877
 
Error: (09/04/2014 01:05:16 AM) (Source: Microsoft-Windows-GroupPolicy) (EventID: 1129) (User: NT AUTHORITY)
Description: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
 
Error: (09/04/2014 01:05:16 AM) (Source: NETLOGON) (EventID: 5719) (User: )
Description: This computer was not able to set up a secure session with a domain
controller in domain EMEA due to the following: 
%%1311
 
This may lead to authentication problems. Make sure that this
computer is connected to the network. If the problem persists,
please contact your domain administrator.
 
 
 
ADDITIONAL INFO
 
If this computer is a domain controller for the specified domain, it
sets up the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain controller
in the specified domain.
 
 
Microsoft Office Sessions:
=========================
Error: (09/04/2014 01:05:27 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {EF7E713B-8422-4EC0-9B01-8A6E1482C615}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {12FE9A02-94D4-485A-A44E-494DAB26FC93}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {ADD6D792-D604-45E9-850D-447AB0255E9C}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/04/2014 00:24:58 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {18DFE2D9-6566-420D-9C87-AAD76E612DF3}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/04/2014 00:24:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {514CDDA9-81EC-4AAC-B566-CB1DC33C9206}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/04/2014 00:24:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {18DFE6F0-A0DC-4F5B-A03E-E271FA932E08}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/04/2014 00:24:53 AM) (Source: RasClient) (EventID: 20227) (User: )
Description: {593ED09C-C83A-4DCC-B1FA-F534BCDAD5C6}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/03/2014 11:49:03 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {7A629BC7-316D-4776-B394-A27A07DDCB2B}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly0
 
Error: (09/03/2014 11:48:42 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {4E5DA255-3505-41C3-8A3F-E9B81967306E}EMEA\me_Common_netacc_remote - Go to remote.hpbsc.ch instead of dialing directly628
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-04 03:02:28.545
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 03:02:12.149
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 03:02:10.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 03:01:50.260
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 03:01:00.951
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 03:00:59.541
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 02:59:22.391
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 02:59:20.091
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 02:56:09.241
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-09-04 02:37:29.872
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\AESTAR64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2520M CPU @ 2.50GHz
Percentage of memory in use: 71%
Total physical RAM: 4046.36 MB
Available physical RAM: 1133.76 MB
Total Pagefile: 8090.91 MB
Available Pagefile: 4426.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (PC COE) (Fixed) (Total:464.78 GB) (Free:156.54 GB) NTFS
Drive q: () (Network) (Total:1832.31 GB) (Free:716.25 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 38D3E205)
Partition 1: (Not Active) - (Size=500 MB) - (Type=27)
Partition 2: (Active) - (Size=499 MB) - (Type=27)
Partition 3: (Not Active) - (Size=464.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

Attached Files


Edited by xXToffeeXx, 04 September 2014 - 08:16 AM.
Posted log for ease


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:42 AM

Posted 04 September 2014 - 08:24 AM

Hi Omo,
 
Going over your logs I noticed that you have µTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
 
If you wish to keep it, please do not use it until your computer is cleaned.
 
--------------
 
Did you set this in your hosts file?:
127.0.0.1 acdid.acdsystems.com
 
--------------
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [ChromeUpdate] => C:\Users\me\AppData\Roaming\ChromeUpdate.exe uнLwдсттту0у у   RЦlS  L   РтЯуLw   ђт8т  BфLw@                 xт
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Policies\Explorer: [Run] "C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\typeperf.exe"
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DefUserRunOnceSettings] => "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs"
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DeleteIE864BitIcon] => c:\windows\deleteie64biticon.bat
IFEO\taskmgr.exe: [Debugger] "C:\UTIL\PROCEXP\PROCEXP.EXE"
C:\Users\me\AppData\Roaming\ChromeUpdate.exe
C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\typeperf.exe
c:\windows\custmenu\runonce_settings.vbs
c:\windows\deleteie64biticon.bat
C:\UTIL\PROCEXP\PROCEXP.EXE
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\me\create_shortcut.vbs (No File)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\me\reg_off2k7.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\me\create_shortcut.vbs (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\me\reg_off2k7.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\create_shortcut.lnk
ShortcutTarget: create_shortcut.lnk -> C:\Users\me\create_shortcut.vbs (No File)
Startup: C:\Users\hpadmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\reg_off2k7.lnk
ShortcutTarget: reg_off2k7.lnk -> C:\Users\me\reg_off2k7.vbs (No File)
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\typeperf.lnk
ShortcutTarget: typeperf.lnk -> C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\typeperf.exe (No File)
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = 
U3 mfeavfk01; No ImagePath
2014-08-21 02:06 - 2014-08-21 02:06 - 00000601 _____ () C:\ProgramData\@system2.att
2014-08-21 02:05 - 2014-08-21 05:16 - 00087200 _____ () C:\ProgramData\wrnhoah.tmp
2014-08-21 02:05 - 2014-08-21 02:06 - 00000601 _____ () C:\ProgramData\@system.att
2014-08-17 00:24 - 2014-08-29 20:47 - 00000000 ____D () C:\Users\me\AppData\Local\Odlics
C:\Users\Default\create_shortcut.vbs
C:\Users\Default\reg_off2k7.vbs
C:\Users\hpadmin\create_shortcut.vbs
C:\Users\hpadmin\reg_off2k7.vbs
C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
AlternateDataStreams: C:\ProgramData\Microsoft:aPSVSrEk8d76SQiEhFy
AlternateDataStreams: C:\ProgramData\Microsoft:CrGuAcc519aWtjmzzKh9iPcCNdocb
AlternateDataStreams: C:\ProgramData\Microsoft:ii8oBOPn1HHEtiR0Zjs
AlternateDataStreams: C:\Users\me\Local Settings:J250PnYKguJ872rfcLMJM4
AlternateDataStreams: C:\Users\me\AppData\Local:J250PnYKguJ872rfcLMJM4
AlternateDataStreams: C:\Users\me\AppData\Local\Application Data:J250PnYKguJ872rfcLMJM4
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:42 AM

Posted 07 September 2014 - 08:24 AM

Hi Omo,
 
This is a 3 day bump:
 
It has been 3 days since my last post.

  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#8 omo

omo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 September 2014 - 08:22 AM

Hello,

 

Thank you for your reply and sorry for the delay.

Here is fixlog.txt.

I have also uninstalled µTorrent and removed the entry you mentioned from the hosts file.

Attached Files


Edited by omo, 09 September 2014 - 08:24 AM.


#9 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:42 AM

Posted 10 September 2014 - 11:26 AM

Hi omo,

 

Has your antivirus been alerting to any detected threats after that fix?

 

Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#10 omo

omo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 10 September 2014 - 08:16 PM

yes, it did continue alerting.

e.g. today:

mcafee:
C:\Users\me\AppData\Local\Temp\F75C.tmp    Artemis!E295A62BF0E8 (Trojan)
C:\USERS\ME\APPDATA\ROAMING\7OCE79.EXE    Artemis!E295A62BF0E8 (Trojan)

mbam:
Registry Values: 1
Trojan.Agent.FSAVXGen, HKU\S-1-5-21-1957994488-842925246-40105171-1219893-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|7oCE79, , [bb4530bcd4a74beb1ef44048b64b758b],
Files: 1
Trojan.Agent.FSAVXGen, c:\Users\me\AppData\Roaming\7oce79.exe, , [bb4530bcd4a74beb1ef44048b64b758b],

 

(they have all been removed since)

is there a specific reason you want me to use the standard task manager instead of process explorer? I've reverted to using process explorer for now, but I can turn it off temporarily, of course.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by me (administrator) on ME2 on 11-09-2014 03:02:44
Running from C:\dl
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Sysinternals - www.sysinternals.com) C:\util\procexp\ProcExp.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe
(Sysinternals - www.sysinternals.com) C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
() C:\Program Files (x86)\G-Recorder\G-Recorder.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
() C:\Program Files\SpiderOak\windows_dir_watcher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Eugene Roshal & FAR Group) C:\util\far\Far.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239328 2013-12-18] (McAfee, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [HPRAService] => C:\Program Files\RA2HP\HPRAService.exe [139776 2013-03-13] (Hewlett-Packard Company)
HKLM\...\Run: [PasswordRegistration] => C:\Windows\system32\MsPwdRegistration.exe [31080 2012-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [COEMsgDisplay] => c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [GetITIcon] => C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IDA] => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [372224 2013-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [eepc_SmartClient] => C:\Program Files (x86)\SmartClient\Smart.exe [141312 2014-03-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [DcaTray] => C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2012-08-27] (Microsoft Corporation)
HKLM-x32\...\Run: [JunosPulse] => c:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521432 2013-11-14] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19049112 2014-07-27] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Google Update] => C:\Users\me\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-02-21] (Google Inc.)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [SpiderOak] => C:\Program Files\SpiderOak\SpiderOak.exe [59904 2014-02-04] (SpiderOak)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\RunOnce: [PasswordCheck] => C:\windows\HPLogin\SetLocalPwds.exe [331776 2008-07-10] () <===== ATTENTION
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DefUserRunOnceSettings] => "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs"
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DeleteIE864BitIcon] => c:\windows\deleteie64biticon.bat
IFEO\taskmgr.exe: [Debugger] "C:\UTIL\PROCEXP\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\launch_splashscreen.vbs ()
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G-Recorder.lnk
ShortcutTarget: G-Recorder.lnk -> C:\Program Files (x86)\G-Recorder\G-Recorder.exe ()
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmc.lnk
ShortcutTarget: mmc.lnk -> C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: SpiderOakOverlay -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOak\shell_extension.dll (SpiderOak)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://athp.hp.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKCU - DefaultScope {3CAD4633-9858-45C1-9B40-33BD07FC45A2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {3CAD4633-9858-45C1-9B40-33BD07FC45A2} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140627115737.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140627115738.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://remote.hpbsc.ch/public/download/cachecleaner.cab#7090,2013,1031,1040
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} https://remote.hpbsc.ch/public/download/urxvpn.cab#version=7090,2013,1031,1040
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\me\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://remote.hpbsc.ch/public/download/urxshost.cab#7090,2013,1031,1040
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://remote.hpbsc.ch/public/download/urxhost.cab#version=7090,2013,1031,1040
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default
FF Homepage: hxxp://www.google.com/webhp?complete=0
FF NetworkProxy: "autoconfig_url", "http://autocache.hp.com/"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\me\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\me\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\me\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\me\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Wörterbuch Deutsch (de-CH), Hunspell-unterstützt - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\de_CH@dicts.j3e.de [2014-08-20]
FF Extension: British English Dictionary - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2014-08-01]
FF Extension: DAO.TableDef.120 - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{364CB7CE-0D07-A1D5-DCB3-EDF7BC53FA77} [2014-07-04]
FF Extension: All-in-One Gestures - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-02-18]
FF Extension: F5 Networks Host Plugin - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-02-21]
FF Extension: LiveJournal Addons - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\homo_nudus@livejournal.com.xpi [2014-07-30]
FF Extension: YouTube Center - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-07-30]
FF Extension: Remember Passwords - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi [2014-02-21]
FF Extension: Flagfox - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-07-30]
FF Extension: ScrapBook - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-07-30]
FF Extension: eBay Sidebar for Firefox - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2014-02-18]
FF Extension: NoScript - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-30]
FF Extension: Adblock Plus - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise
FF Extension: McAfee SiteAdvisor Enterprise - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise [2013-06-20]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-06-19]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DAO.TableDef.120) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-28]
CHR Extension: (Google Docs) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Cast) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-14]
CHR Extension: (Google Search) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (AdBlock) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-14]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [611152 2013-12-18] (McAfee, Inc.)
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2012-01-29] (Microsoft Corporation)
R2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832 2013-12-18] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [324928 2011-05-12] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-06-27] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-06-27] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [346160 2012-11-22] (Hewlett-Packard)
R2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [247856 2012-11-22] (Hewlett-Packard)
R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [378928 2012-11-22] (Hewlett-Packard)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2437120 2013-12-17] (VMware, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 54278597; C:\Windows\System32\DRIVERS\54278597.sys [460888 2014-05-21] (Kaspersky Lab ZAO)
R0 75223308; C:\Windows\System32\DRIVERS\75223308.sys [460888 2014-06-22] (Kaspersky Lab ZAO)
S3 f5ipfw; C:\windows\system32\drivers\urfltv64.sys [30952 2013-10-31] (F5 Networks, Inc.)
R3 FireNfcp; C:\Windows\system32\drivers\FireNfcp.sys [53728 2014-08-12] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [200616 2013-12-18] (McAfee, Inc.)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-10-28] (Juniper Networks)
S4 jnprTdi_801_41197; C:\windows\system32\Drivers\jnprTdi_801_41197.sys [108336 2013-11-14] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-28] (Juniper Networks, Inc.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-06-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-06-27] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [520056 2013-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-06-27] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [78960 2013-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-06-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-06-27] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [42808 2012-11-22] (Hewlett-Packard)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [33008 2013-04-19] (Synaptics Incorporated)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2013-10-31] (F5 Networks, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
R2 VMparport; C:\windows\system32\drivers\VMparport.sys [31384 2012-11-01] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-23] (VMware, Inc.)
S0 86587877; system32\DRIVERS\86587877.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 00:49 - 2014-09-11 00:50 - 00002884 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-09-11 00:49 - 2014-09-11 00:50 - 00000338 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-09-11 00:49 - 2014-09-11 00:49 - 00003346 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-09-11 00:49 - 2014-09-11 00:49 - 00003098 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-09-11 00:49 - 2014-09-11 00:49 - 00003022 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-09-11 00:49 - 2014-09-11 00:49 - 00002980 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-09-11 00:49 - 2014-09-11 00:49 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-09-11 00:49 - 2014-09-11 00:49 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-09-11 00:49 - 2014-09-11 00:49 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-09-11 00:48 - 2014-09-11 02:50 - 00000278 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-09-11 00:48 - 2014-09-11 00:50 - 00003104 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-09-11 00:48 - 2014-09-11 00:49 - 00003122 _____ () C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-09-11 00:48 - 2014-09-11 00:49 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-09-11 00:48 - 2014-09-11 00:49 - 00000370 ____H () C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-09-09 15:57 - 2014-09-10 12:16 - 00000884 _____ () C:\windows\system32\Drivers\etc\hosts.bak
2014-09-09 15:19 - 2014-09-09 15:19 - 00003124 _____ () C:\windows\System32\Tasks\Process Explorer-EMEA-me
2014-09-06 22:59 - 2014-09-06 22:59 - 01002888 _____ () C:\windows\Minidump\090614-44772-01.dmp
2014-09-05 03:22 - 2014-09-05 03:22 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-09-04 03:03 - 2014-09-11 03:03 - 00000000 ____D () C:\FRST
2014-08-27 23:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 23:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 23:25 - 2014-08-23 02:59 - 03166720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:03 - 2014-08-27 09:03 - 00000000 ____D () C:\Users\me\Documents\OneNote Notebooks
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ____D () C:\Users\me\Documents\Legacy Family Tree
2014-08-26 17:28 - 2014-09-05 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2014-08-26 17:28 - 2014-08-26 17:28 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000714 _____ () C:\Users\Public\Desktop\Legacy 8.0.lnk
2014-08-26 17:28 - 2011-03-02 20:54 - 00886776 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.TaskPanel.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 02660344 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.CommandBars.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 01882104 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.Controls.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 01374200 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.ReportControl.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 00825336 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.DockingPane.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 00501752 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.ShortcutBar.v15.0.2.ocx
2014-08-26 17:28 - 2007-11-07 19:03 - 00496384 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\windows\SysWOW64\XceedZip.dll
2014-08-26 17:28 - 2005-08-09 17:14 - 00458752 _____ (ComponentOne) C:\windows\SysWOW64\vsprint8.ocx
2014-08-26 17:28 - 2005-08-09 17:14 - 00262144 _____ (ComponentOne ) C:\windows\SysWOW64\vspdf8.ocx
2014-08-26 17:28 - 2004-11-23 16:59 - 00184320 _____ (CIA, The Company) C:\windows\SysWOW64\ciaXPButton30.ocx
2014-08-26 17:28 - 2004-11-19 01:45 - 00200704 _____ (CIA, The company) C:\windows\SysWOW64\ciaSCls20.dll
2014-08-26 17:28 - 2004-03-09 01:00 - 01010720 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCHRT20.OCX
2014-08-26 17:28 - 2003-12-12 16:41 - 00053248 _____ (CIA, The Company) C:\windows\SysWOW64\ciaXPRegSvr20.dll
2014-08-26 17:28 - 2003-02-19 01:11 - 00065536 _____ (Larcom and Young) C:\windows\SysWOW64\ReSize32.ocx
2014-08-26 17:28 - 2002-02-12 16:24 - 00169216 _____ (Wintertree Software Inc.) C:\windows\SysWOW64\WSpell.ocx
2014-08-26 17:28 - 2000-12-06 09:59 - 00832448 _____ (APEX Software Corporation) C:\windows\SysWOW64\tdbg6.ocx
2014-08-26 17:28 - 2000-05-22 00:00 - 00647872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCT2.OCX
2014-08-26 17:28 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RICHTX32.OCX
2014-08-26 17:28 - 2000-05-21 23:00 - 00115920 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSINET.OCX
2014-08-26 17:28 - 1999-11-23 10:01 - 00276992 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LFCMP11n.DLL
2014-08-26 17:28 - 1999-11-22 13:58 - 00751104 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltocx11n.ocx
2014-08-26 17:28 - 1999-11-22 13:52 - 00172544 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\Lfpng11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00151040 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lftif11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00080896 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lffax11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00059392 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfwmf11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00041472 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfgif11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00036864 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfbmp11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00035328 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfcal11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00032768 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfpcx11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00031232 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfeps11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfwpg11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lftga11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027136 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfimg11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfpcd11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfmsp11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00262144 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LTDIS11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00226816 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltefx11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00127488 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltimg11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00118272 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltfil11n.DLL
2014-08-26 17:28 - 1999-11-22 13:51 - 00038400 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lttwn11n.dll
2014-08-26 17:28 - 1999-11-22 13:50 - 00391168 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltkrn11n.dll
2014-08-26 17:28 - 1999-11-22 13:49 - 00045936 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltvdd11w.drv
2014-08-26 17:28 - 1999-11-22 13:49 - 00003824 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltthk11w.dll
2014-08-26 17:28 - 1999-09-17 11:14 - 00065536 _____ (Sheridan Software Systems, Inc) C:\windows\SysWOW64\ssfm1032.dll
2014-08-26 17:28 - 1999-07-01 13:17 - 00237568 _____ (VideoSoft) C:\windows\SysWOW64\Vsocx6.ocx
2014-08-26 17:28 - 1999-05-07 00:00 - 00198640 _____ (Microsoft Corporation) C:\windows\SysWOW64\MCI32.OCX
2014-08-26 17:28 - 1998-09-11 09:14 - 00021504 _____ () C:\windows\SysWOW64\WBCustomizer.dll
2014-08-26 17:28 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\windows\SysWOW64\VB5DB.dll
2014-08-26 17:28 - 1995-07-31 11:44 - 00212480 _____ (Eastman Kodak) C:\windows\SysWOW64\PCDLIB32.DLL
2014-08-26 17:27 - 2014-09-05 12:12 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-08-25 22:36 - 2014-09-11 00:48 - 00002882 _____ () C:\windows\System32\Tasks\Maint
2014-08-25 10:55 - 2013-07-05 04:53 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-08-25 10:53 - 2014-04-12 04:31 - 00313344 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll
2014-08-25 10:50 - 2014-04-30 06:10 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-08-25 10:50 - 2012-11-02 07:49 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2014-08-25 10:50 - 2012-11-02 07:06 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2014-08-21 02:11 - 2014-08-21 02:12 - 00296072 _____ () C:\windows\Minidump\082114-20326-01.dmp
2014-08-17 00:46 - 2014-08-17 00:46 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-15 01:04 - 2014-09-09 08:06 - 00001758 _____ () C:\Users\me\umbrella0.log
2014-08-15 01:04 - 2014-09-09 08:06 - 00000885 _____ () C:\windows\system32\Drivers\etc\hosts.umbrella
2014-08-15 01:03 - 2014-08-15 01:06 - 00000000 ____D () C:\Users\me\.shsh
2014-08-15 00:19 - 2014-08-15 00:42 - 00000000 ____D () C:\Users\me\AppData\Roaming\Apple Computer
2014-08-15 00:19 - 2014-08-15 00:19 - 00000000 ____D () C:\Users\me\AppData\Local\Apple Computer
2014-08-15 00:18 - 2014-08-27 12:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-15 00:18 - 2014-08-15 00:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-15 00:17 - 2014-08-27 12:50 - 00000000 ____D () C:\ProgramData\Apple
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\me\AppData\Local\Apple
2014-08-14 13:23 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-08-14 13:23 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-08-14 13:23 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-08-14 13:23 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-08-14 13:23 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-08-14 13:23 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-08-14 13:23 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-08-14 13:23 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-08-13 13:10 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-13 13:10 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-13 13:10 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-13 13:10 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-13 13:10 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-13 13:10 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-13 13:10 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-13 13:10 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-13 13:10 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-13 13:10 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-13 13:10 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-13 13:10 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-13 13:10 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-13 13:10 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-13 13:10 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-13 13:10 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-13 13:10 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-13 13:10 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-13 13:10 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-13 13:10 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-13 13:10 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-13 13:10 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-13 13:10 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-13 13:10 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-13 13:10 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-13 13:10 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-13 13:10 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-13 13:10 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-13 13:10 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-13 13:10 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-13 13:10 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-13 13:10 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-13 13:10 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-13 13:10 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-13 13:10 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-13 13:10 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-13 13:10 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-13 13:10 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-13 13:10 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-13 13:10 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-13 13:10 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-13 13:10 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-13 13:10 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-13 13:10 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-13 13:10 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-13 13:10 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-13 13:10 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-13 13:10 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-13 13:10 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-13 13:10 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-13 13:10 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-13 13:10 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-13 13:10 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-13 13:10 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-13 13:10 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-13 13:10 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-13 13:10 - 2014-07-16 05:22 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-08-13 13:10 - 2014-07-16 04:55 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-08-13 13:10 - 2014-07-09 04:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-08-13 13:10 - 2014-07-09 03:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-08-13 13:10 - 2014-07-09 00:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-08-13 13:10 - 2014-07-09 00:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-08-13 13:10 - 2014-06-25 04:06 - 14179328 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-08-13 13:10 - 2014-06-25 03:37 - 12877312 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-08-13 13:10 - 2014-06-12 09:52 - 00986560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-08-13 13:10 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-08-13 13:10 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-08-13 13:10 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-08-13 13:10 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-08-13 13:10 - 2014-06-03 04:42 - 01942016 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-08-13 13:10 - 2014-06-03 04:42 - 00112576 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-08-13 13:10 - 2014-06-03 04:13 - 01806336 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-08-13 13:06 - 2014-07-14 03:52 - 01215488 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-08-13 13:06 - 2014-07-14 03:52 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2014-08-13 13:06 - 2014-07-14 03:42 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2014-08-13 13:06 - 2014-07-14 03:41 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-11 03:04 - 2014-02-20 01:20 - 00000000 ____D () C:\Users\me\AppData\Roaming\Skype
2014-09-11 03:03 - 2014-09-04 03:03 - 00000000 ____D () C:\FRST
2014-09-11 03:02 - 2014-02-19 01:50 - 00000000 ____D () C:\dl
2014-09-11 03:00 - 2014-02-18 17:18 - 00000290 _____ () C:\windows\Tasks\Maint.job
2014-09-11 02:50 - 2014-09-11 00:48 - 00000278 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-09-11 02:38 - 2014-02-25 17:35 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893UA.job
2014-09-11 02:38 - 2014-02-18 17:14 - 01500903 __RSH () C:\ProgramData\ntuser.pol
2014-09-11 02:37 - 2014-03-30 18:09 - 00000000 ____D () C:\Users\me\AppData\Roaming\SpiderOak
2014-09-11 02:37 - 2014-02-18 17:17 - 00008826 __RSH () C:\Users\me\ntuser.pol
2014-09-11 02:37 - 2014-02-18 17:17 - 00000000 ____D () C:\Users\me
2014-09-11 02:36 - 2014-02-18 17:14 - 00004688 _____ () C:\windows\system32\config\netlogon.ftl
2014-09-11 02:09 - 2014-02-21 20:46 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 01:55 - 2009-07-14 06:51 - 01686370 _____ () C:\windows\setupact.log
2014-09-11 01:36 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-09-11 01:01 - 2009-07-14 06:45 - 00019344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 01:01 - 2009-07-14 06:45 - 00019344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 00:56 - 2014-07-16 22:46 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-11 00:52 - 2014-02-18 18:02 - 01622675 _____ () C:\windows\WindowsUpdate.log
2014-09-11 00:51 - 2014-02-18 17:29 - 00003322 _____ () C:\windows\System32\Tasks\Smart Client
2014-09-11 00:50 - 2014-09-11 00:49 - 00002884 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-09-11 00:50 - 2014-09-11 00:49 - 00000338 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-09-11 00:50 - 2014-09-11 00:48 - 00003104 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-09-11 00:49 - 2014-09-11 00:49 - 00003346 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-09-11 00:49 - 2014-09-11 00:49 - 00003098 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-09-11 00:49 - 2014-09-11 00:49 - 00003022 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-09-11 00:49 - 2014-09-11 00:49 - 00002980 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-09-11 00:49 - 2014-09-11 00:49 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-09-11 00:49 - 2014-09-11 00:49 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-09-11 00:49 - 2014-09-11 00:49 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-09-11 00:49 - 2014-09-11 00:48 - 00003122 _____ () C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-09-11 00:49 - 2014-09-11 00:48 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-09-11 00:49 - 2014-09-11 00:48 - 00000370 ____H () C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-09-11 00:48 - 2014-08-25 22:36 - 00002882 _____ () C:\windows\System32\Tasks\Maint
2014-09-11 00:48 - 2014-02-28 13:59 - 00003244 _____ () C:\windows\System32\Tasks\pcpm-collector
2014-09-11 00:48 - 2014-02-28 13:59 - 00002906 _____ () C:\windows\System32\Tasks\pcpm-consolidator
2014-09-11 00:48 - 2014-02-28 13:59 - 00000314 _____ () C:\windows\Tasks\pcpm-consolidator.job
2014-09-11 00:48 - 2014-02-28 13:59 - 00000308 _____ () C:\windows\Tasks\pcpm-collector.job
2014-09-11 00:48 - 2014-02-24 01:48 - 00000000 ____D () C:\Users\me\AppData\Roaming\G-Recorder
2014-09-11 00:48 - 2014-02-21 20:46 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 00:48 - 2014-02-18 17:18 - 00000000 ____D () C:\windows\HPLogin
2014-09-11 00:47 - 2014-07-14 11:48 - 00000000 ____D () C:\ProgramData\VMware
2014-09-11 00:47 - 2010-11-21 05:47 - 00086198 _____ () C:\windows\PFRO.log
2014-09-11 00:47 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-10 23:39 - 2014-03-08 16:47 - 00000000 ____D () C:\Quarantine
2014-09-10 23:33 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-10 13:08 - 2014-03-19 14:00 - 00541059 _____ () C:\windows\diagerr.xml
2014-09-10 13:08 - 2014-03-19 14:00 - 00381003 _____ () C:\windows\diagwrn.xml
2014-09-10 13:08 - 2014-03-19 12:20 - 00000000 ____D () C:\Users\me\Documents\MySavedSettings
2014-09-10 13:08 - 2009-07-14 06:51 - 00088803 _____ () C:\windows\setuperr.log
2014-09-10 13:07 - 2014-03-19 14:06 - 00039005 _____ () C:\windows\comsetup.log
2014-09-10 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-09-10 12:16 - 2014-09-09 15:57 - 00000884 _____ () C:\windows\system32\Drivers\etc\hosts.bak
2014-09-10 12:16 - 2014-07-14 11:49 - 00000000 ____D () C:\Users\me\AppData\Roaming\VMware
2014-09-10 07:38 - 2014-02-25 17:35 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893Core.job
2014-09-09 15:19 - 2014-09-09 15:19 - 00003124 _____ () C:\windows\System32\Tasks\Process Explorer-EMEA-me
2014-09-09 15:17 - 2014-02-24 01:49 - 00000000 ____D () C:\Users\me\AppData\Local\CrashDumps
2014-09-09 15:16 - 2014-02-18 17:05 - 00000000 ____D () C:\Users\hpadmin
2014-09-09 15:16 - 2014-02-18 01:38 - 00000000 ____D () C:\Temp
2014-09-09 15:16 - 2013-07-26 21:41 - 00000000 ____D () C:\windows\custmenu
2014-09-09 15:16 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-09 08:22 - 2009-07-14 07:13 - 00789514 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-09 08:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-09-09 08:06 - 2014-08-15 01:04 - 00001758 _____ () C:\Users\me\umbrella0.log
2014-09-09 08:06 - 2014-08-15 01:04 - 00000885 _____ () C:\windows\system32\Drivers\etc\hosts.umbrella
2014-09-09 07:56 - 2014-07-30 02:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-08 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Vss
2014-09-08 10:33 - 2014-04-14 01:12 - 00002351 _____ () C:\Users\me\Desktop\Google Chrome.lnk
2014-09-06 23:04 - 2009-07-14 07:08 - 00032572 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-06 22:59 - 2014-09-06 22:59 - 01002888 _____ () C:\windows\Minidump\090614-44772-01.dmp
2014-09-06 22:59 - 2014-06-18 11:23 - 490071085 _____ () C:\windows\MEMORY.DMP
2014-09-06 22:59 - 2014-06-18 11:23 - 00000000 ____D () C:\windows\Minidump
2014-09-05 12:19 - 2013-06-20 00:48 - 00000000 ____D () C:\Program Files\RA2HP
2014-09-05 12:19 - 2013-06-20 00:35 - 00000000 ____D () C:\Program Files\Common Files\ActivIdentity
2014-09-05 12:19 - 2010-11-21 08:30 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\oobe
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Msdtc
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\com
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Cursors
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-05 12:18 - 2014-05-29 04:58 - 00000000 ____D () C:\Program Files (x86)\DirectAccess Connectivity Assistant
2014-09-05 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-05 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-05 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Setup
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\servicing
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2014-09-05 12:16 - 2013-06-20 00:12 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-05 12:16 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\restore
2014-09-05 12:15 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-09-05 12:14 - 2014-08-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2014-09-05 12:14 - 2014-07-16 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 12:14 - 2014-07-14 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-09-05 12:14 - 2014-06-30 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-09-05 12:14 - 2014-06-13 02:52 - 00000000 ___RD () C:\Users\me\Documents\Notes
2014-09-05 12:14 - 2014-05-17 22:52 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-05 12:14 - 2014-05-03 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-05 12:14 - 2014-04-14 01:12 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-05 12:14 - 2014-04-11 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Migrate My Computer
2014-09-05 12:14 - 2014-04-08 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-09-05 12:14 - 2014-04-08 22:52 - 00000000 ____D () C:\Users\me\AppData\Roaming\Winamp
2014-09-05 12:14 - 2014-04-07 23:58 - 00000000 ____D () C:\windows\en
2014-09-05 12:14 - 2014-03-30 18:11 - 00000000 ___RD () C:\Users\me\Documents\SpiderOak Hive
2014-09-05 12:14 - 2014-03-30 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpiderOak
2014-09-05 12:14 - 2014-03-29 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-09-05 12:14 - 2014-03-28 21:25 - 00000000 ____D () C:\Users\me\AppData\Roaming\uTorrent
2014-09-05 12:14 - 2014-03-23 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Digital Camera Updater
2014-09-05 12:14 - 2014-03-19 12:20 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-09-05 12:14 - 2014-02-23 21:12 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2014-09-05 12:14 - 2014-02-21 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-09-05 12:14 - 2014-02-21 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-09-05 12:14 - 2014-02-21 12:09 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP Office Print
2014-09-05 12:14 - 2014-02-21 04:31 - 00000000 ____D () C:\Users\me\AppData\Roaming\Mp3tag
2014-09-05 12:14 - 2014-02-21 01:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2014-09-05 12:14 - 2014-02-19 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-05 12:14 - 2014-02-18 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Encryption
2014-09-05 12:14 - 2014-02-18 17:17 - 00000000 ___RD () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-05 12:14 - 2014-02-18 17:17 - 00000000 ___RD () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 12:14 - 2014-02-18 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-05 12:14 - 2014-02-18 17:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-05 12:14 - 2014-02-18 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-05 12:14 - 2013-06-20 00:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-05 12:14 - 2013-06-19 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-05 12:14 - 2013-06-19 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COE Utils
2014-09-05 12:13 - 2014-07-12 01:06 - 00000000 ____D () C:\Program Files (x86)\Vector NTI Advance
2014-09-05 12:13 - 2014-05-09 13:20 - 00000000 ____D () C:\Program Files\WinDjView
2014-09-05 12:13 - 2014-05-03 05:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-05 12:13 - 2014-04-08 22:52 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-09-05 12:13 - 2014-03-30 18:07 - 00000000 ____D () C:\Program Files\SpiderOak
2014-09-05 12:13 - 2014-03-29 17:25 - 00000000 ____D () C:\Program Files\Calibre2
2014-09-05 12:13 - 2014-03-23 18:12 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-05 12:13 - 2014-02-23 20:26 - 00000000 ____D () C:\Program Files (x86)\WugFresh Development
2014-09-05 12:13 - 2014-02-19 01:55 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-05 12:13 - 2014-02-18 23:19 - 00000000 ____D () C:\ProgramData\F5 Networks
2014-09-05 12:13 - 2014-02-18 18:02 - 00000000 ____D () C:\Program Files\LSI SoftModem
2014-09-05 12:13 - 2014-02-18 18:02 - 00000000 ____D () C:\Program Files\IDT
2014-09-05 12:13 - 2014-02-18 17:29 - 00000000 ____D () C:\Program Files (x86)\SmartClient
2014-09-05 12:13 - 2013-06-19 20:55 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-05 12:12 - 2014-08-26 17:27 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-09-05 12:12 - 2014-07-16 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 12:12 - 2014-07-12 01:07 - 00000000 ____D () C:\Program Files (x86)\Informax Installations
2014-09-05 12:12 - 2014-05-21 03:17 - 00000000 ____D () C:\Program Files (x86)\FLAC Frontend
2014-09-05 12:12 - 2014-05-03 05:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-05 12:12 - 2014-04-29 15:38 - 00000000 ____D () C:\Program Files (x86)\R-Word Demo
2014-09-05 12:12 - 2014-04-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Migrate My Computer
2014-09-05 12:12 - 2014-04-08 21:39 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-09-05 12:12 - 2014-02-24 01:48 - 00000000 ____D () C:\Program Files (x86)\G-Recorder
2014-09-05 12:12 - 2014-02-21 20:18 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-09-05 12:12 - 2014-02-21 04:20 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-05 12:12 - 2014-02-20 02:51 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2014-09-05 12:12 - 2014-02-20 01:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-05 12:12 - 2014-02-18 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-05 11:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Branding
2014-09-05 03:22 - 2014-09-05 03:22 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-09-05 03:18 - 2014-02-21 01:51 - 00000000 ____D () C:\Program Files\Adobe
2014-09-05 02:41 - 2014-02-18 17:29 - 00000000 ____D () C:\windows\SmartClient
2014-09-04 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SchCache
2014-08-29 02:36 - 2014-05-29 05:12 - 00000000 ____D () C:\windows\SysWOW64\LogSpace
2014-08-28 23:55 - 2009-07-14 06:45 - 05169800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 13:18 - 2014-02-20 01:20 - 00000000 ____D () C:\om
2014-08-27 12:50 - 2014-08-15 00:17 - 00000000 ____D () C:\ProgramData\Apple
2014-08-27 12:42 - 2014-08-15 00:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-27 09:03 - 2014-08-27 09:03 - 00000000 ____D () C:\Users\me\Documents\OneNote Notebooks
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ____D () C:\Users\me\Documents\Legacy Family Tree
2014-08-26 17:28 - 2014-08-26 17:28 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000714 _____ () C:\Users\Public\Desktop\Legacy 8.0.lnk
2014-08-26 02:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-08-23 04:07 - 2014-08-27 23:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:25 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:25 - 03166720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 02:12 - 2014-08-21 02:11 - 00296072 _____ () C:\windows\Minidump\082114-20326-01.dmp
2014-08-17 02:39 - 2014-02-18 17:17 - 00118592 _____ () C:\Users\me\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 00:46 - 2014-08-17 00:46 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-08-15 01:06 - 2014-08-15 01:03 - 00000000 ____D () C:\Users\me\.shsh
2014-08-15 00:42 - 2014-08-15 00:19 - 00000000 ____D () C:\Users\me\AppData\Roaming\Apple Computer
2014-08-15 00:19 - 2014-08-15 00:19 - 00000000 ____D () C:\Users\me\AppData\Local\Apple Computer
2014-08-15 00:18 - 2014-08-15 00:18 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-08-15 00:17 - 2014-08-15 00:17 - 00000000 ____D () C:\Users\me\AppData\Local\Apple
2014-08-14 14:06 - 2013-06-20 00:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 13:41 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-08-14 13:33 - 2014-02-18 18:26 - 00000000 ____D () C:\windows\system32\MRT
2014-08-14 13:30 - 2013-06-20 13:08 - 99218768 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-08-14 13:28 - 2009-07-14 04:34 - 00000478 _____ () C:\windows\win.ini
2014-08-12 11:14 - 2014-02-20 01:19 - 00000000 ____D () C:\ProgramData\Skype
2014-08-12 08:35 - 2014-03-28 21:27 - 00000000 ____D () C:\mp3
2014-08-12 01:17 - 2014-07-10 16:01 - 00053728 _____ (McAfee, Inc.) C:\windows\system32\Drivers\FireNfcp.sys
 
Files to move or delete:
====================
C:\windows\HPLogin\SetLocalPwds.exe
 
 
Some content of TEMP:
====================
C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-09 00:41
 
==================== End Of Log ============================

 

Attached Files

  • Attached File  FRST.txt   72.78KB   1 downloads

Edited by xXToffeeXx, 11 September 2014 - 12:24 PM.


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:42 AM

Posted 11 September 2014 - 12:26 PM

Hi omo,
 

is there a specific reason you want me to use the standard task manager instead of process explorer? I've reverted to using process explorer for now, but I can turn it off temporarily, of course.

I'm not completely sure what you are referring to within my posts. Process explorer is a fine tool to use instead of task manager.
 
Running Combofix:

Download Combofix from this link and save it to your desktop

  • Close any open browsers or any other programs that are open.
  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • You can also find the log here: C:\ComboFix.txt

Please also note:

  • Do not click combofix's window while it's running. That may cause combofix to stall.
  • Combofix may reboot your computer a number of times, this is normal.
  • If you receive an error, "Illegal operation attempted on a registry key that has been marked for deletion,"  then please restart the computer to resolve this.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Combofix.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:42 AM

Posted 11 September 2014 - 02:29 PM

Hi omo,
 
I will not be able to reply for the next two days, sorry about the delay, but as soon as I can reply I will.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 omo

omo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 12 September 2014 - 05:14 PM

Hi omo,
 

is there a specific reason you want me to use the standard task manager instead of process explorer? I've reverted to using process explorer for now, but I can turn it off temporarily, of course.

I'm not completely sure what you are referring to within my posts. Process explorer is a fine tool to use instead of task manager.

I mean that in your fixlist.txt you specified that procexp.exe should be deleted. I have downloaded it again now, hope it is ok.

 

I had to disable mcafee temporarily, since it wouldn't allow me to download or run combofix (it complained about Artemis!... trojan in Combofix.exe).

I have indeed got "Illegal operation..." error from combofix, and rebooted afterwards.

Since running combofix, I had again been alerted to the following malware:

 

mcafee:

Parent: C:\windows\Explorer.EXE    C:\Users\me\AppData\Local\Temp\UpdateFlashPlayer_0f5a7284.exe    Artemis!4870ED4884E2 (Trojan)

 

 

mbam:

Malwarebytes Anti-Malware
www.malwarebytes.org

Processes: 1
Trojan.Dorkbot.ED, C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpD0F5.exe, 3720, , [1aaa31bba0dbe3534b781658946d7e82]

Registry Values: 1
Trojan.Dorkbot.ED, HKU\S-1-5-21-1957994488-842925246-40105171-1219893-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Odlics, C:\Users\me\AppData\Local\Odlics\tmpD0F5.exe, , [b3114f9df883003601c20569aa57649c]

Files: 3
Trojan.Dorkbot.ED, C:\ProgramData\Microsoft\Crypto\RSA64\temp\tmpD0F5.exe, , [1aaa31bba0dbe3534b781658946d7e82],
Trojan.Dorkbot.ED, C:\Users\me\AppData\Local\Odlics\tmpD0F5.exe, , [b3114f9df883003601c20569aa57649c],
Spyware.Zbot.VXGen, C:\Users\me\AppData\Local\Temp\UpdateFlashPlayer_e297aca9.exe, , [e8dc08e4bfbc73c3ff2c8038639e768a],

Attached Files


Edited by omo, 12 September 2014 - 05:16 PM.


#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,039 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:42 AM

Posted 14 September 2014 - 01:48 PM

Hi Omo,
 
I'd like to see if anything has changed in the logs, so please do this for me:
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 omo

omo
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 14 September 2014 - 07:20 PM

here you are.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by me (administrator) on ME2 on 15-09-2014 01:00:15
Running from C:\dl
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JUNS\dsAccessService.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\wsnm.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Sysinternals - www.sysinternals.com) C:\util\procexp\ProcExp.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Sysinternals - www.sysinternals.com) C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\MSOSYNC.EXE
(SpiderOak) C:\Program Files\SpiderOak\SpiderOak.exe
(Microsoft Corporation) C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\wlrmdr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Program Files\SpiderOak\windows_dir_watcher.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPConnectionManager.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
(Google) C:\Users\me\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [239328 2013-12-18] (McAfee, Inc.)
HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)
HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)
HKLM\...\Run: [HPRAService] => C:\Program Files\RA2HP\HPRAService.exe [139776 2013-03-13] (Hewlett-Packard Company)
HKLM\...\Run: [PasswordRegistration] => C:\Windows\system32\MsPwdRegistration.exe [31080 2012-01-29] (Microsoft Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-10-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2804976 2013-10-30] (Synaptics Incorporated)
HKLM\...\Run: [ACPW07EN] => C:\Program Files\ACD Systems\ACDSee Pro\7.0\acdIDInTouch2.exe [1739080 2013-09-25] (ACD Systems)
HKLM-x32\...\Run: [COEMsgDisplay] => c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)
HKLM-x32\...\Run: [ShStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [243560 2014-01-15] (McAfee, Inc.)
HKLM-x32\...\Run: [GetITIcon] => C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)
HKLM-x32\...\Run: [IDA] => C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [372224 2013-09-22] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-05-23] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [QLBController] => c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [334240 2012-09-12] (Hewlett-Packard Company)
HKLM-x32\...\Run: [eepc_SmartClient] => C:\Program Files (x86)\SmartClient\Smart.exe [141312 2014-03-21] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [DcaTray] => C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaTray.exe [524288 2012-08-27] (Microsoft Corporation)
HKLM-x32\...\Run: [JunosPulse] => c:\Program Files (x86)\Common Files\Juniper Networks\JamUI\Pulse.exe [2521432 2013-11-14] (Juniper Networks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [337440 2013-12-04] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoWebServices] 1
HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1
HKLM\...\Policies\Explorer: [NoPublishingWizard] 1
HKLM\...\Policies\Explorer: [NoAutorun] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\Office15\lync.exe [19049120 2014-08-12] (Microsoft Corporation)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Run: [SpiderOak] => C:\Program Files\SpiderOak\SpiderOak.exe [59904 2014-02-04] (SpiderOak)
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\RunOnce: [PasswordCheck] => C:\windows\HPLogin\SetLocalPwds.exe [331776 2008-07-10] () <===== ATTENTION
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\RunOnce: [1gM31w] => C:\Users\me\AppData\Roaming\1gM31w.exe [626688 2014-09-15] ()
HKU\S-1-5-21-1957994488-842925246-40105171-1219893\...\Policies\Explorer: [Run] "C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\setx.exe"
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DefUserRunOnceSettings] => "c:\windows\system32\wscript.exe c:\windows\custmenu\runonce_settings.vbs"
HKU\S-1-5-21-4056082805-1757451967-2496915192-1000\...\RunOnce: [DeleteIE864BitIcon] => c:\windows\deleteie64biticon.bat
IFEO\taskmgr.exe: [Debugger] "C:\UTIL\PROCEXP\PROCEXP.EXE"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ActivClient Agent.lnk
ShortcutTarget: ActivClient Agent.lnk -> C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\launch_splashscreen.vbs ()
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\G-Recorder.lnk
ShortcutTarget: G-Recorder.lnk -> C:\Program Files (x86)\G-Recorder\G-Recorder.exe ()
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setx.lnk
ShortcutTarget: setx.lnk -> C:\Users\me\AppData\Roaming\Microsoft\Windows\IEUpdate\setx.exe (No File)
ShellIconOverlayIdentifiers: 1CryptoProviderIcons -> {24808826-C2BF-4269-B3BA-89D1D5F431A4} => C:\ProgramData\Microsoft\Crypto\RSA64\CryptoProvider.dll ()
ShellIconOverlayIdentifiers: SpiderOakOverlay -> {6E1010DC-3571-45DE-9CA2-C5890119BBBE} => C:\Program Files\SpiderOak\shell_extension.dll (SpiderOak)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {3CAD4633-9858-45C1-9B40-33BD07FC45A2} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {3CAD4633-9858-45C1-9B40-33BD07FC45A2} URL = https://www.google.com/search?q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20140627115737.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20140627115738.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} https://remote.hpbsc.ch/public/download/cachecleaner.cab#7090,2013,1031,1040
DPF: HKLM-x32 {2BCDB465-81F9-41CB-832C-8037A4064446} https://remote.hpbsc.ch/public/download/urxvpn.cab#version=7090,2013,1031,1040
DPF: HKLM-x32 {45B69029-F3AB-4204-92DE-D5140C3E8E74} C:\Users\me\AppData\Local\Temp\IXP000.TMP\InstallerControl.cab#-1,-1,-1,-1
DPF: HKLM-x32 {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} https://remote.hpbsc.ch/public/download/urxshost.cab#7090,2013,1031,1040
DPF: HKLM-x32 {E0FF21FA-B857-45C5-8621-F120A0C17FF2} https://remote.hpbsc.ch/public/download/urxhost.cab#version=7090,2013,1031,1040
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{8DCD14EF-FEA4-4057-B413-6583CC8E7B5D}: [NameServer] 8.8.8.8,8.8.4.4
 
FireFox:
========
FF ProfilePath: C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default
FF Homepage: hxxp://www.google.com/webhp?complete=0
FF NetworkProxy: "autoconfig_url", "http://autocache.hp.com/"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\me\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\me\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\me\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\me\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\me\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Wörterbuch Deutsch (de-CH), Hunspell-unterstützt - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\de_CH@dicts.j3e.de [2014-08-20]
FF Extension: British English Dictionary - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\en-GB@dictionaries.addons.mozilla.org [2014-08-01]
FF Extension: DAO.TableDef.120 - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{364CB7CE-0D07-A1D5-DCB3-EDF7BC53FA77} [2014-07-04]
FF Extension: All-in-One Gestures - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2014-02-18]
FF Extension: F5 Networks Host Plugin - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{DBBB3167-6E81-400f-BBFD-BD8921726F52} [2014-02-21]
FF Extension: LiveJournal Addons - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\homo_nudus@livejournal.com.xpi [2014-07-30]
FF Extension: YouTube Center - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\jid1-cwbvBTE216jjpg@jetpack.xpi [2014-07-30]
FF Extension: Remember Passwords - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\remember-passwords@stanimir-stamenkov.addons.mozilla.org.xpi [2014-02-21]
FF Extension: Flagfox - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2014-07-30]
FF Extension: ScrapBook - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-07-30]
FF Extension: eBay Sidebar for Firefox - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}.xpi [2014-02-18]
FF Extension: NoScript - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-07-30]
FF Extension: Adblock Plus - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\j40li1bf.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise
FF Extension: McAfee SiteAdvisor Enterprise - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise [2013-06-20]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-06-19]
 
Chrome: 
=======
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\me\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DAO.TableDef.120) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-04-28]
CHR Extension: (Google Docs) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Cast) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-04-14]
CHR Extension: (Google Search) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (AdBlock) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-04-14]
CHR Extension: (Gestures for Google Chrome™) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpkfjicglakibpenojifdiepckckakgk [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\me\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)
R2 AESTFilters; C:\Program Files\IDT\WDM\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation) [File not signed]
R2 DcaSvc; C:\Program Files (x86)\DirectAccess Connectivity Assistant\DcaSvc.exe [128000 2012-08-27] (Microsoft Corporation)
R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [611152 2013-12-18] (McAfee, Inc.)
R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2012-01-29] (Microsoft Corporation)
R2 HipMgmt; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HipMgmt.exe [153832 2013-12-18] (McAfee, Inc.)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [523680 2012-09-12] (Hewlett-Packard Company)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [324928 2011-05-12] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [127520 2013-12-04] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [242448 2014-06-27] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [208416 2014-01-15] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2013-12-18] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185280 2014-06-27] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [50688 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [66048 2011-04-13] (Hewlett-Packard) [File not signed]
R2 Radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [346160 2012-11-22] (Hewlett-Packard)
R2 Radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [247856 2012-11-22] (Hewlett-Packard)
R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [378928 2012-11-22] (Hewlett-Packard)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 VMAuthdService; C:\Program Files\VMware\VMware View\Client\Local Mode\vmware-authd.exe [79872 2012-11-01] (VMware, Inc.) [File not signed]
R2 vmware-view-usbd; C:\Program Files\VMware\VMware View\Client\bin\vmware-view-usbd.exe [2437120 2013-12-17] (VMware, Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 54278597; C:\Windows\System32\DRIVERS\54278597.sys [460888 2014-05-21] (Kaspersky Lab ZAO)
R0 75223308; C:\Windows\System32\DRIVERS\75223308.sys [460888 2014-06-22] (Kaspersky Lab ZAO)
S3 f5ipfw; C:\windows\system32\drivers\urfltv64.sys [30952 2013-10-31] (F5 Networks, Inc.)
R3 FireNfcp; C:\Windows\system32\drivers\FireNfcp.sys [53728 2014-08-12] (McAfee, Inc.)
R3 HipShieldK; C:\Windows\system32\drivers\HipShieldK.sys [200616 2013-12-18] (McAfee, Inc.)
R3 JNPRNA; C:\Windows\System32\DRIVERS\jnprna6.sys [522544 2013-10-28] (Juniper Networks)
S4 jnprTdi_801_41197; C:\windows\system32\Drivers\jnprTdi_801_41197.sys [108336 2013-11-14] (Juniper Networks, Inc.)
R3 JnprVaMgr; C:\Windows\System32\DRIVERS\jnprvamgr.sys [45352 2013-10-28] (Juniper Networks, Inc.)
R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26208 2012-08-24] (JMicron Technology Corp.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-06-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-06-27] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [520056 2013-12-18] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782968 2014-06-27] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [78960 2013-12-18] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [107032 2014-06-27] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344176 2014-06-27] (McAfee, Inc.)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [42808 2012-11-22] (Hewlett-Packard)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SmbDrv; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-19] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\system32\drivers\Smb_driver_Intel.sys [33008 2013-04-19] (Synaptics Incorporated)
R3 urvpndrv; C:\Windows\System32\DRIVERS\covpnv64.sys [45776 2013-10-31] (F5 Networks, Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-06-10] (Apple, Inc.) [File not signed]
R2 VMparport; C:\windows\system32\drivers\VMparport.sys [31384 2012-11-01] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-23] (VMware, Inc.)
S0 86587877; system32\DRIVERS\86587877.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 00:48 - 2014-09-15 00:48 - 00626688 _____ () C:\Users\me\AppData\Roaming\1gM31w.exe
2014-09-15 00:46 - 2014-09-15 01:01 - 00000278 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-09-15 00:46 - 2014-09-15 00:47 - 00003346 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-09-15 00:46 - 2014-09-15 00:47 - 00003122 _____ () C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-09-15 00:46 - 2014-09-15 00:47 - 00003098 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-09-15 00:46 - 2014-09-15 00:47 - 00003022 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-09-15 00:46 - 2014-09-15 00:47 - 00002980 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-09-15 00:46 - 2014-09-15 00:47 - 00002884 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-09-15 00:46 - 2014-09-15 00:47 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-09-15 00:46 - 2014-09-15 00:47 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-09-15 00:46 - 2014-09-15 00:47 - 00000370 ____H () C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-09-15 00:46 - 2014-09-15 00:47 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-09-15 00:46 - 2014-09-15 00:47 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-09-15 00:46 - 2014-09-15 00:47 - 00000338 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-09-15 00:46 - 2014-09-15 00:46 - 00003104 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-09-15 00:45 - 2014-09-15 00:45 - 00002882 _____ () C:\windows\System32\Tasks\Maint
2014-09-13 02:39 - 2014-09-13 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-12 23:24 - 2014-09-13 00:29 - 00000000 ____D () C:\Users\me\AppData\Local\Odlics
2014-09-12 08:04 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-12 08:04 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-12 08:04 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-12 08:04 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-12 08:04 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-12 08:04 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-12 08:04 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-12 08:04 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-12 08:04 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-12 08:04 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-12 08:04 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-12 08:04 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-12 08:04 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-12 08:04 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-12 08:04 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-12 08:04 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-12 08:04 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-12 08:04 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-12 08:04 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-12 08:04 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-12 08:04 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-12 08:04 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-12 08:04 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-12 08:04 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 08:04 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-12 08:04 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-12 08:04 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-12 08:04 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-12 08:04 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-12 08:04 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-12 08:04 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-12 08:04 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-12 08:04 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-12 08:04 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-12 08:04 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-12 08:04 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-12 08:04 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-12 08:04 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-12 08:04 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-12 08:04 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-12 08:04 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-12 08:04 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 08:04 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-12 08:04 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-12 08:04 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-12 08:04 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-12 08:04 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-12 08:04 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-12 08:04 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-12 08:04 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-12 08:04 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-12 08:04 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-12 08:04 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-12 08:04 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-12 08:04 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-12 08:04 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-12 07:52 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-12 07:52 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-12 03:53 - 2014-09-12 03:53 - 00044266 _____ () C:\ComboFix.txt
2014-09-12 03:01 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-09-12 03:01 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-09-12 03:01 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-09-12 03:01 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-09-12 03:01 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-09-12 03:01 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-09-12 03:01 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-09-12 03:01 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-09-12 03:00 - 2014-09-12 03:55 - 00000000 ____D () C:\Qoobox
2014-09-12 03:00 - 2014-09-12 03:42 - 00000000 ____D () C:\windows\erdnt
2014-09-10 06:00 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-10 06:00 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-10 06:00 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-10 06:00 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-10 05:59 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-10 05:59 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-10 05:59 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-10 05:59 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-10 05:59 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-09 15:57 - 2014-09-13 17:23 - 00000025 _____ () C:\windows\system32\Drivers\etc\hosts.bak
2014-09-09 15:19 - 2014-09-09 15:19 - 00003124 _____ () C:\windows\System32\Tasks\Process Explorer-EMEA-me
2014-09-06 22:59 - 2014-09-06 22:59 - 01002888 _____ () C:\windows\Minidump\090614-44772-01.dmp
2014-09-05 03:22 - 2014-09-05 03:22 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-09-04 03:03 - 2014-09-15 01:00 - 00000000 ____D () C:\FRST
2014-08-27 23:25 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-27 23:25 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-27 23:25 - 2014-08-23 02:59 - 03166720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-27 09:03 - 2014-08-27 09:03 - 00000000 ____D () C:\Users\me\Documents\OneNote Notebooks
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ____D () C:\Users\me\Documents\Legacy Family Tree
2014-08-26 17:28 - 2014-09-05 12:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2014-08-26 17:28 - 2014-08-26 17:28 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000714 _____ () C:\Users\Public\Desktop\Legacy 8.0.lnk
2014-08-26 17:28 - 2011-03-02 20:54 - 00886776 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.TaskPanel.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 02660344 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.CommandBars.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 01882104 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.Controls.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 01374200 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.ReportControl.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 00825336 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.DockingPane.v15.0.2.ocx
2014-08-26 17:28 - 2011-03-02 20:53 - 00501752 _____ (Codejock Software) C:\windows\SysWOW64\Codejock.ShortcutBar.v15.0.2.ocx
2014-08-26 17:28 - 2007-11-07 19:03 - 00496384 _____ (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) C:\windows\SysWOW64\XceedZip.dll
2014-08-26 17:28 - 2005-08-09 17:14 - 00458752 _____ (ComponentOne) C:\windows\SysWOW64\vsprint8.ocx
2014-08-26 17:28 - 2005-08-09 17:14 - 00262144 _____ (ComponentOne ) C:\windows\SysWOW64\vspdf8.ocx
2014-08-26 17:28 - 2004-11-23 16:59 - 00184320 _____ (CIA, The Company) C:\windows\SysWOW64\ciaXPButton30.ocx
2014-08-26 17:28 - 2004-11-19 01:45 - 00200704 _____ (CIA, The company) C:\windows\SysWOW64\ciaSCls20.dll
2014-08-26 17:28 - 2004-03-09 01:00 - 01010720 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCHRT20.OCX
2014-08-26 17:28 - 2003-12-12 16:41 - 00053248 _____ (CIA, The Company) C:\windows\SysWOW64\ciaXPRegSvr20.dll
2014-08-26 17:28 - 2003-02-19 01:11 - 00065536 _____ (Larcom and Young) C:\windows\SysWOW64\ReSize32.ocx
2014-08-26 17:28 - 2002-02-12 16:24 - 00169216 _____ (Wintertree Software Inc.) C:\windows\SysWOW64\WSpell.ocx
2014-08-26 17:28 - 2000-12-06 09:59 - 00832448 _____ (APEX Software Corporation) C:\windows\SysWOW64\tdbg6.ocx
2014-08-26 17:28 - 2000-05-22 00:00 - 00647872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCT2.OCX
2014-08-26 17:28 - 2000-05-22 00:00 - 00203976 _____ (Microsoft Corporation) C:\windows\SysWOW64\RICHTX32.OCX
2014-08-26 17:28 - 2000-05-21 23:00 - 00115920 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSINET.OCX
2014-08-26 17:28 - 1999-11-23 10:01 - 00276992 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LFCMP11n.DLL
2014-08-26 17:28 - 1999-11-22 13:58 - 00751104 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltocx11n.ocx
2014-08-26 17:28 - 1999-11-22 13:52 - 00172544 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\Lfpng11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00151040 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lftif11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00080896 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lffax11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00059392 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfwmf11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00041472 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfgif11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00036864 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfbmp11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00035328 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfcal11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00032768 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfpcx11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00031232 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfeps11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfwpg11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027648 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lftga11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00027136 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfimg11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfpcd11n.dll
2014-08-26 17:28 - 1999-11-22 13:52 - 00026112 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lfmsp11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00262144 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\LTDIS11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00226816 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltefx11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00127488 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltimg11n.dll
2014-08-26 17:28 - 1999-11-22 13:51 - 00118272 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltfil11n.DLL
2014-08-26 17:28 - 1999-11-22 13:51 - 00038400 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\lttwn11n.dll
2014-08-26 17:28 - 1999-11-22 13:50 - 00391168 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltkrn11n.dll
2014-08-26 17:28 - 1999-11-22 13:49 - 00045936 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltvdd11w.drv
2014-08-26 17:28 - 1999-11-22 13:49 - 00003824 _____ (LEAD Technologies, Inc.) C:\windows\SysWOW64\ltthk11w.dll
2014-08-26 17:28 - 1999-09-17 11:14 - 00065536 _____ (Sheridan Software Systems, Inc) C:\windows\SysWOW64\ssfm1032.dll
2014-08-26 17:28 - 1999-07-01 13:17 - 00237568 _____ (VideoSoft) C:\windows\SysWOW64\Vsocx6.ocx
2014-08-26 17:28 - 1999-05-07 00:00 - 00198640 _____ (Microsoft Corporation) C:\windows\SysWOW64\MCI32.OCX
2014-08-26 17:28 - 1998-09-11 09:14 - 00021504 _____ () C:\windows\SysWOW64\WBCustomizer.dll
2014-08-26 17:28 - 1998-06-18 00:00 - 00089360 _____ (Microsoft Corporation) C:\windows\SysWOW64\VB5DB.dll
2014-08-26 17:28 - 1995-07-31 11:44 - 00212480 _____ (Eastman Kodak) C:\windows\SysWOW64\PCDLIB32.DLL
2014-08-26 17:27 - 2014-09-05 12:12 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-08-25 10:55 - 2013-07-05 04:53 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-08-25 10:53 - 2014-04-12 04:31 - 00313344 _____ (Microsoft Corporation) C:\windows\system32\DaOtpCredentialProvider.dll
2014-08-25 10:50 - 2014-04-30 06:10 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-08-25 10:50 - 2012-11-02 07:49 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\netcorehc.dll
2014-08-25 10:50 - 2012-11-02 07:06 - 00175104 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcorehc.dll
2014-08-21 02:11 - 2014-08-21 02:12 - 00296072 _____ () C:\windows\Minidump\082114-20326-01.dmp
2014-08-17 00:46 - 2014-08-17 00:46 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-15 01:01 - 2014-09-15 00:46 - 00000278 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
2014-09-15 01:00 - 2014-09-04 03:03 - 00000000 ____D () C:\FRST
2014-09-15 01:00 - 2014-02-20 01:20 - 00000000 ____D () C:\Users\me\AppData\Roaming\Skype
2014-09-15 01:00 - 2014-02-19 01:50 - 00000000 ____D () C:\dl
2014-09-15 00:59 - 2014-03-30 18:09 - 00000000 ____D () C:\Users\me\AppData\Roaming\SpiderOak
2014-09-15 00:59 - 2014-03-08 16:47 - 00000000 ____D () C:\Quarantine
2014-09-15 00:59 - 2009-07-14 06:45 - 00019344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 00:59 - 2009-07-14 06:45 - 00019344 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 00:49 - 2014-02-18 18:02 - 01898061 _____ () C:\windows\WindowsUpdate.log
2014-09-15 00:49 - 2014-02-18 17:29 - 00003322 _____ () C:\windows\System32\Tasks\Smart Client
2014-09-15 00:48 - 2014-09-15 00:48 - 00626688 _____ () C:\Users\me\AppData\Roaming\1gM31w.exe
2014-09-15 00:47 - 2014-09-15 00:46 - 00003346 _____ () C:\windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000
2014-09-15 00:47 - 2014-09-15 00:46 - 00003122 _____ () C:\windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000
2014-09-15 00:47 - 2014-09-15 00:46 - 00003098 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001
2014-09-15 00:47 - 2014-09-15 00:46 - 00003022 _____ () C:\windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000
2014-09-15 00:47 - 2014-09-15 00:46 - 00002980 _____ () C:\windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000
2014-09-15 00:47 - 2014-09-15 00:46 - 00002884 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000
2014-09-15 00:47 - 2014-09-15 00:46 - 00000412 ____H () C:\windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job
2014-09-15 00:47 - 2014-09-15 00:46 - 00000392 ____H () C:\windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job
2014-09-15 00:47 - 2014-09-15 00:46 - 00000370 ____H () C:\windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job
2014-09-15 00:47 - 2014-09-15 00:46 - 00000370 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job
2014-09-15 00:47 - 2014-09-15 00:46 - 00000346 ____H () C:\windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job
2014-09-15 00:47 - 2014-09-15 00:46 - 00000338 ____H () C:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job
2014-09-15 00:47 - 2014-02-24 01:49 - 00000000 ____D () C:\Users\me\AppData\Local\CrashDumps
2014-09-15 00:46 - 2014-09-15 00:46 - 00003104 _____ () C:\windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001
2014-09-15 00:46 - 2014-02-28 13:59 - 00003244 _____ () C:\windows\System32\Tasks\pcpm-collector
2014-09-15 00:46 - 2014-02-28 13:59 - 00002906 _____ () C:\windows\System32\Tasks\pcpm-consolidator
2014-09-15 00:46 - 2014-02-28 13:59 - 00000314 _____ () C:\windows\Tasks\pcpm-consolidator.job
2014-09-15 00:46 - 2014-02-28 13:59 - 00000308 _____ () C:\windows\Tasks\pcpm-collector.job
2014-09-15 00:46 - 2014-02-18 17:17 - 00003934 __RSH () C:\Users\me\ntuser.pol
2014-09-15 00:46 - 2014-02-18 17:17 - 00000000 ____D () C:\Users\me
2014-09-15 00:45 - 2014-09-15 00:45 - 00002882 _____ () C:\windows\System32\Tasks\Maint
2014-09-15 00:45 - 2014-02-24 01:48 - 00000000 ____D () C:\Users\me\AppData\Roaming\G-Recorder
2014-09-15 00:45 - 2014-02-21 20:46 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 00:45 - 2014-02-18 17:18 - 00000290 _____ () C:\windows\Tasks\Maint.job
2014-09-15 00:45 - 2014-02-18 17:18 - 00000000 ____D () C:\windows\HPLogin
2014-09-15 00:45 - 2014-02-18 17:14 - 00004688 _____ () C:\windows\system32\config\netlogon.ftl
2014-09-15 00:44 - 2014-07-14 11:48 - 00000000 ____D () C:\ProgramData\VMware
2014-09-15 00:44 - 2014-02-18 17:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-15 00:44 - 2010-11-21 05:47 - 00088826 _____ () C:\windows\PFRO.log
2014-09-15 00:44 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-15 00:44 - 2009-07-14 06:51 - 01687098 _____ () C:\windows\setupact.log
2014-09-15 00:38 - 2014-02-25 17:35 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893UA.job
2014-09-15 00:28 - 2013-06-20 00:13 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 00:27 - 2013-06-20 00:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-15 00:09 - 2014-02-21 20:46 - 00000902 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 00:01 - 2014-02-18 17:14 - 01506965 __RSH () C:\ProgramData\ntuser.pol
2014-09-14 22:22 - 2014-02-25 17:35 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-842925246-40105171-1219893Core.job
2014-09-13 17:28 - 2014-07-14 11:49 - 00000000 ____D () C:\Users\me\AppData\Roaming\VMware
2014-09-13 17:23 - 2014-09-09 15:57 - 00000025 _____ () C:\windows\system32\Drivers\etc\hosts.bak
2014-09-13 16:51 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\tracing
2014-09-13 16:41 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\NDF
2014-09-13 11:37 - 2014-07-16 22:46 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 09:11 - 2009-07-14 07:13 - 00789514 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-13 02:46 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-13 02:39 - 2014-09-13 02:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-13 00:32 - 2010-11-21 08:30 - 00000000 ____D () C:\windows\ShellNew
2014-09-13 00:29 - 2014-09-12 23:24 - 00000000 ____D () C:\Users\me\AppData\Local\Odlics
2014-09-12 23:26 - 2014-02-18 01:38 - 00000000 ____D () C:\Temp
2014-09-12 08:02 - 2014-02-18 17:26 - 00773916 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-12 08:00 - 2014-02-18 18:26 - 00000000 ____D () C:\windows\system32\MRT
2014-09-12 07:54 - 2013-06-20 13:08 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-12 03:55 - 2014-09-12 03:00 - 00000000 ____D () C:\Qoobox
2014-09-12 03:54 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-12 03:53 - 2014-09-12 03:53 - 00044266 _____ () C:\ComboFix.txt
2014-09-12 03:42 - 2014-09-12 03:00 - 00000000 ____D () C:\windows\erdnt
2014-09-12 03:21 - 2009-07-14 04:34 - 00000215 _____ () C:\windows\system.ini
2014-09-11 06:45 - 2014-04-14 01:12 - 00002351 _____ () C:\Users\me\Desktop\Google Chrome.lnk
2014-09-10 13:08 - 2014-03-19 14:00 - 00541059 _____ () C:\windows\diagerr.xml
2014-09-10 13:08 - 2014-03-19 14:00 - 00381003 _____ () C:\windows\diagwrn.xml
2014-09-10 13:08 - 2014-03-19 12:20 - 00000000 ____D () C:\Users\me\Documents\MySavedSettings
2014-09-10 13:08 - 2009-07-14 06:51 - 00088803 _____ () C:\windows\setuperr.log
2014-09-10 13:07 - 2014-03-19 14:06 - 00039005 _____ () C:\windows\comsetup.log
2014-09-10 13:06 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\registration
2014-09-09 15:19 - 2014-09-09 15:19 - 00003124 _____ () C:\windows\System32\Tasks\Process Explorer-EMEA-me
2014-09-09 15:16 - 2014-02-18 17:05 - 00000000 ____D () C:\Users\hpadmin
2014-09-09 15:16 - 2013-07-26 21:41 - 00000000 ____D () C:\windows\custmenu
2014-09-09 08:15 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\LiveKernelReports
2014-09-09 08:06 - 2014-08-15 01:04 - 00001758 _____ () C:\Users\me\umbrella0.log
2014-09-09 08:06 - 2014-08-15 01:04 - 00000885 _____ () C:\windows\system32\Drivers\etc\hosts.umbrella
2014-09-08 23:28 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Vss
2014-09-06 23:04 - 2009-07-14 07:08 - 00032572 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-09-06 22:59 - 2014-09-06 22:59 - 01002888 _____ () C:\windows\Minidump\090614-44772-01.dmp
2014-09-06 22:59 - 2014-06-18 11:23 - 490071085 _____ () C:\windows\MEMORY.DMP
2014-09-06 22:59 - 2014-06-18 11:23 - 00000000 ____D () C:\windows\Minidump
2014-09-05 12:19 - 2013-06-20 00:48 - 00000000 ____D () C:\Program Files\RA2HP
2014-09-05 12:19 - 2013-06-20 00:35 - 00000000 ____D () C:\Program Files\Common Files\ActivIdentity
2014-09-05 12:19 - 2010-11-21 08:30 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\DVD Maker
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-09-05 12:19 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 __RSD () C:\windows\Media
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\oobe
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\oobe
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Msdtc
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\com
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Cursors
2014-09-05 12:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-09-05 12:18 - 2014-05-29 04:58 - 00000000 ____D () C:\Program Files (x86)\DirectAccess Connectivity Assistant
2014-09-05 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-05 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-05 12:18 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SysWOW64\com
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\Setup
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\migwiz
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\servicing
2014-09-05 12:18 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\IME
2014-09-05 12:16 - 2013-06-20 00:12 - 00000000 ____D () C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-09-05 12:16 - 2009-07-14 07:32 - 00000000 ____D () C:\windows\system32\restore
2014-09-05 12:15 - 2009-07-14 05:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-09-05 12:14 - 2014-08-26 17:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0
2014-09-05 12:14 - 2014-07-16 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-05 12:14 - 2014-07-14 11:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-09-05 12:14 - 2014-06-30 12:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2014-09-05 12:14 - 2014-06-13 02:52 - 00000000 ___RD () C:\Users\me\Documents\Notes
2014-09-05 12:14 - 2014-05-17 22:52 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-05 12:14 - 2014-05-03 05:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-09-05 12:14 - 2014-04-14 01:12 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-05 12:14 - 2014-04-11 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Migrate My Computer
2014-09-05 12:14 - 2014-04-08 22:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-09-05 12:14 - 2014-04-08 22:52 - 00000000 ____D () C:\Users\me\AppData\Roaming\Winamp
2014-09-05 12:14 - 2014-04-07 23:58 - 00000000 ____D () C:\windows\en
2014-09-05 12:14 - 2014-03-30 18:11 - 00000000 ___RD () C:\Users\me\Documents\SpiderOak Hive
2014-09-05 12:14 - 2014-03-30 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpiderOak
2014-09-05 12:14 - 2014-03-29 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-09-05 12:14 - 2014-03-28 21:25 - 00000000 ____D () C:\Users\me\AppData\Roaming\uTorrent
2014-09-05 12:14 - 2014-03-23 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Digital Camera Updater
2014-09-05 12:14 - 2014-03-19 12:20 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Backup and Restore
2014-09-05 12:14 - 2014-02-23 21:12 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wugs Nexus Root Tookit
2014-09-05 12:14 - 2014-02-21 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
2014-09-05 12:14 - 2014-02-21 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-09-05 12:14 - 2014-02-21 12:09 - 00000000 ____D () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP Office Print
2014-09-05 12:14 - 2014-02-21 04:31 - 00000000 ____D () C:\Users\me\AppData\Roaming\Mp3tag
2014-09-05 12:14 - 2014-02-21 01:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2014-09-05 12:14 - 2014-02-19 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-05 12:14 - 2014-02-18 17:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Encryption
2014-09-05 12:14 - 2014-02-18 17:17 - 00000000 ___RD () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-05 12:14 - 2014-02-18 17:17 - 00000000 ___RD () C:\Users\me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-05 12:14 - 2014-02-18 17:13 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
2014-09-05 12:14 - 2014-02-18 17:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-09-05 12:14 - 2014-02-18 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-05 12:14 - 2013-06-19 21:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-09-05 12:14 - 2013-06-19 20:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COE Utils
2014-09-05 12:13 - 2014-07-12 01:06 - 00000000 ____D () C:\Program Files (x86)\Vector NTI Advance
2014-09-05 12:13 - 2014-05-09 13:20 - 00000000 ____D () C:\Program Files\WinDjView
2014-09-05 12:13 - 2014-05-03 05:07 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-05 12:13 - 2014-04-08 22:52 - 00000000 ____D () C:\Program Files (x86)\Winamp
2014-09-05 12:13 - 2014-03-30 18:07 - 00000000 ____D () C:\Program Files\SpiderOak
2014-09-05 12:13 - 2014-03-29 17:25 - 00000000 ____D () C:\Program Files\Calibre2
2014-09-05 12:13 - 2014-03-23 18:12 - 00000000 ____D () C:\Program Files (x86)\WinPcap
2014-09-05 12:13 - 2014-02-23 20:26 - 00000000 ____D () C:\Program Files (x86)\WugFresh Development
2014-09-05 12:13 - 2014-02-19 01:55 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-05 12:13 - 2014-02-18 23:19 - 00000000 ____D () C:\ProgramData\F5 Networks
2014-09-05 12:13 - 2014-02-18 18:02 - 00000000 ____D () C:\Program Files\LSI SoftModem
2014-09-05 12:13 - 2014-02-18 18:02 - 00000000 ____D () C:\Program Files\IDT
2014-09-05 12:13 - 2014-02-18 17:29 - 00000000 ____D () C:\Program Files (x86)\SmartClient
2014-09-05 12:13 - 2013-06-19 20:55 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-05 12:12 - 2014-08-26 17:27 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-09-05 12:12 - 2014-07-16 22:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-05 12:12 - 2014-07-12 01:07 - 00000000 ____D () C:\Program Files (x86)\Informax Installations
2014-09-05 12:12 - 2014-05-21 03:17 - 00000000 ____D () C:\Program Files (x86)\FLAC Frontend
2014-09-05 12:12 - 2014-05-03 05:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-05 12:12 - 2014-04-29 15:38 - 00000000 ____D () C:\Program Files (x86)\R-Word Demo
2014-09-05 12:12 - 2014-04-11 16:29 - 00000000 ____D () C:\Program Files (x86)\Migrate My Computer
2014-09-05 12:12 - 2014-04-08 21:39 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-09-05 12:12 - 2014-02-24 01:48 - 00000000 ____D () C:\Program Files (x86)\G-Recorder
2014-09-05 12:12 - 2014-02-21 20:18 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-09-05 12:12 - 2014-02-21 04:20 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-09-05 12:12 - 2014-02-20 02:51 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2014-09-05 12:12 - 2014-02-20 01:19 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-05 11:49 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\Branding
2014-09-05 03:22 - 2014-09-05 03:22 - 00002081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.6 64-bit.lnk
2014-09-05 03:18 - 2014-02-21 01:51 - 00000000 ____D () C:\Program Files\Adobe
2014-09-05 02:41 - 2014-02-18 17:29 - 00000000 ____D () C:\windows\SmartClient
2014-09-04 01:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\SchCache
2014-08-29 02:36 - 2014-05-29 05:12 - 00000000 ____D () C:\windows\SysWOW64\LogSpace
2014-08-28 23:55 - 2009-07-14 06:45 - 05169800 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-27 13:18 - 2014-02-20 01:20 - 00000000 ____D () C:\om
2014-08-27 12:50 - 2014-08-15 00:17 - 00000000 ____D () C:\ProgramData\Apple
2014-08-27 12:42 - 2014-08-15 00:18 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-27 09:03 - 2014-08-27 09:03 - 00000000 ____D () C:\Users\me\Documents\OneNote Notebooks
2014-08-26 17:31 - 2014-08-26 17:31 - 00000000 ____D () C:\Users\me\Documents\Legacy Family Tree
2014-08-26 17:28 - 2014-08-26 17:28 - 00000726 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Legacy 8.0.lnk
2014-08-26 17:28 - 2014-08-26 17:28 - 00000714 _____ () C:\Users\Public\Desktop\Legacy 8.0.lnk
2014-08-23 04:07 - 2014-08-27 23:25 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-27 23:25 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-27 23:25 - 03166720 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-08-21 02:12 - 2014-08-21 02:11 - 00296072 _____ () C:\windows\Minidump\082114-20326-01.dmp
2014-08-19 20:05 - 2014-09-12 08:04 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-12 08:04 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-12 08:04 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-12 08:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-12 08:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-12 08:04 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-12 08:04 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-12 08:04 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-12 08:04 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-12 08:04 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-12 08:04 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-12 08:04 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-12 08:04 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-08-19 00:08 - 2014-09-12 08:04 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-12 08:04 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-08-19 00:05 - 2014-09-12 08:04 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-12 08:04 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-12 08:04 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-12 08:04 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-08-18 23:57 - 2014-09-12 08:04 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-08-18 23:56 - 2014-09-12 08:04 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:51 - 2014-09-12 08:04 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-08-18 23:46 - 2014-09-12 08:04 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-08-18 23:45 - 2014-09-12 08:04 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:45 - 2014-09-12 08:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-08-18 23:44 - 2014-09-12 08:04 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-12 08:04 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-12 08:04 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-08-18 23:40 - 2014-09-12 08:04 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-08-18 23:39 - 2014-09-12 08:04 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-08-18 23:39 - 2014-09-12 08:04 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-08-18 23:39 - 2014-09-12 08:04 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-08-18 23:38 - 2014-09-12 08:04 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-08-18 23:37 - 2014-09-12 08:04 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-08-18 23:36 - 2014-09-12 08:04 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-08-18 23:35 - 2014-09-12 08:04 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-08-18 23:27 - 2014-09-12 08:04 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-08-18 23:25 - 2014-09-12 08:04 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-08-18 23:25 - 2014-09-12 08:04 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-08-18 23:23 - 2014-09-12 08:04 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-08-18 23:23 - 2014-09-12 08:04 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-08-18 23:22 - 2014-09-12 08:04 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-12 08:04 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-08-18 23:17 - 2014-09-12 08:04 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-08-18 23:17 - 2014-09-12 08:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-08-18 23:16 - 2014-09-12 08:04 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-08-18 23:15 - 2014-09-12 08:04 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-08-18 23:15 - 2014-09-12 08:04 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-08-18 23:09 - 2014-09-12 08:04 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-08-18 23:08 - 2014-09-12 08:04 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-08-18 23:07 - 2014-09-12 08:04 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-08-18 22:55 - 2014-09-12 08:04 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-08-18 22:46 - 2014-09-12 08:04 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-08-18 22:38 - 2014-09-12 08:04 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-08-18 22:38 - 2014-09-12 08:04 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-08-18 22:36 - 2014-09-12 08:04 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-08-17 02:39 - 2014-02-18 17:17 - 00118592 _____ () C:\Users\me\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-17 00:46 - 2014-08-17 00:46 - 00001184 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00001172 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-08-17 00:46 - 2014-08-17 00:46 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
 
Files to move or delete:
====================
C:\windows\HPLogin\SetLocalPwds.exe
 
 
Some content of TEMP:
====================
C:\Users\me\AppData\Local\Temp\PROCEXP64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-09 00:41
 
==================== End Of Log ============================

Attached Files

  • Attached File  FRST.txt   76.47KB   1 downloads

Edited by xXToffeeXx, 15 September 2014 - 10:40 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users