Jump to content

Error Code while updating 80070216 windows 7

TIFFTRISS
 Share

Recommended Posts

TIFFTRISS

TIFFTRISS

Posted
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by April Bowers Agency (administrator) on APRILBOWERSINS2 on 10-04-2014 12:57:29
Running from C:\Users\April Bowers Agency\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\system32\PrintDisp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(ScanPoint, Inc.) C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe
(j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Juniper Networks, Inc.) C:\Users\April Bowers Agency\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(ScanPoint) C:\Program Files (x86)\ScanPoint\DocBuild Plus\dbviewer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [screwDrivers RDP Plugin] - C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
HKLM\...\Run: [CANON DR2510C SVC] - C:\Windows\system32\DR251SVC.dll [158720 2009-09-15] (Canon Electronics)
HKLM\...\Run: [PrintDisp] - C:\Windows\system32\PrintDisp.exe [875008 2013-02-10] (ActMask Co.,Ltd - http://www.all2pdf.com)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [256152 2011-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CDAServer] - C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe [311296 2010-07-29] ()
HKLM-x32\...\Run: [EFUpdater] - C:\Program Files (x86)\ScanPoint\Easyfile\clientupdate.exe [81920 2012-11-29] (ScanPoint, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [shStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKU\S-1-5-21-4234849188-1163541568-2843079188-1000\...\Run: [MetroFax 4.4] - C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe [95232 2013-12-10] (j2 Global, Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hotfolder.lnk
ShortcutTarget: Hotfolder.lnk -> C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe (ScanPoint, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MetroFax 4.4.lnk
ShortcutTarget: MetroFax 4.4.lnk -> C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe (j2 Global, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netlogin.bat ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {8A2A1F46-B256-4F42-BB7E-97F8A6A06F11} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - 197F8597FDE1425FA34FE4EB92076F5B URL = http://mysearch.avg.com/search?cid={43CE3F6A-E2FA-477D-8E0A-786FD9F12614}&mid=51294f39f16447d2bd4605cc2242a07b-acee7f0a0a68a23e1acdbc83359e9745286962de〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-08 15:49:18&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {31DCD56E-EB15-43F2-A979-C874D0B401C6} URL =
SearchScopes: HKCU - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

==================== Services (Whitelisted) =================

R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [641336 2011-09-12] (McAfee, Inc.)
S4 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
S4 LkWebLink; C:\Users\April Bowers Agency\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [32768 2007-09-20] (Inter-Tel (Delaware), Inc)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-07-10] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-08-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-07-10] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes)
S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [48840 2011-10-07] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [195024 2011-09-12] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-10] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-07-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-07-10] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481504 2011-08-16] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-07-10] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-08-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-07-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-07-10] (McAfee, Inc.)
R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Firehk; system32\DRIVERS\firehk.sys [X]
S3 FirehkMP; system32\DRIVERS\firehk.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-10 12:57 - 2014-04-10 12:57 - 02157056 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
2014-04-10 12:57 - 2014-04-10 12:57 - 00019296 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
2014-04-10 12:57 - 2014-04-10 12:57 - 00000000 ____D () C:\FRST
2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
2014-04-10 09:17 - 2014-04-10 09:17 - 00030510 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 21:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 21:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 21:05 - 2014-04-09 21:22 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
2014-04-09 20:33 - 2014-04-10 12:19 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 20:33 - 2014-04-09 21:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-09 20:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
2014-04-09 17:39 - 2014-04-10 10:05 - 00000000 ____D () C:\Windows\ERDNT
2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
2014-04-09 17:30 - 2014-04-09 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-09 14:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-09 14:40 - 2014-04-09 14:41 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-09 14:37 - 2014-04-09 14:41 - 00012827 _____ () C:\Windows\IE11_main.log
2014-04-09 13:45 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-04-09 13:45 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-09 11:36 - 2014-04-09 11:49 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-04-09 11:21 - 2014-04-09 11:23 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
2014-04-08 20:35 - 2014-04-09 13:43 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
2014-04-08 15:45 - 2014-04-08 20:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-08 15:45 - 2014-04-08 20:54 - 00000000 ____D () C:\$AVG
2014-04-08 15:40 - 2014-04-09 12:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-08 15:40 - 2014-04-09 09:22 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-04 16:56 - 2014-04-10 12:52 - 00000087 _____ () C:\Windows\system32\zdmm.zze
2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-04 16:34 - 2014-04-04 16:34 - 00000064 _____ () C:\Windows\system32\txlanj.xiz
2014-04-04 16:34 - 2014-04-04 16:34 - 00000000 _____ () C:\Windows\system32\avkyz.fqp
2014-04-04 16:18 - 2014-04-04 16:18 - 00305834 ____S () C:\Windows\system32\rxdkjif.gjl
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-03-19 12:39 - 2014-03-19 12:40 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
2014-03-13 03:01 - 2014-02-23 02:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 03:01 - 2014-02-23 01:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 03:01 - 2014-02-23 01:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 03:01 - 2014-02-23 01:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:01 - 2014-02-23 01:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 03:01 - 2014-02-23 01:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 03:01 - 2014-02-23 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 03:01 - 2014-02-23 01:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 03:01 - 2014-02-23 01:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 03:01 - 2014-02-23 01:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 03:01 - 2014-02-23 01:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 03:01 - 2014-02-23 01:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 03:01 - 2014-02-23 01:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 03:01 - 2014-02-23 01:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 03:01 - 2014-02-23 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 03:01 - 2014-02-23 01:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 03:01 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 03:01 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 03:01 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 03:01 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 03:01 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 03:01 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 03:01 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 03:01 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 03:01 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 03:01 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 03:01 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 03:01 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 01:43 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 01:43 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 01:43 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 01:43 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 01:43 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 01:43 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 01:43 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 01:43 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-11 16:06 - 2014-04-09 11:31 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\easy file

==================== One Month Modified Files and Folders =======

2014-04-10 12:57 - 2014-04-10 12:57 - 02157056 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
2014-04-10 12:57 - 2014-04-10 12:57 - 00019296 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
2014-04-10 12:57 - 2014-04-10 12:57 - 00000000 ____D () C:\FRST
2014-04-10 12:57 - 2012-05-08 08:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-10 12:54 - 2013-05-06 08:53 - 00003458 _____ () C:\Windows\System32\Tasks\IE10
2014-04-10 12:52 - 2014-04-04 16:56 - 00000087 _____ () C:\Windows\system32\zdmm.zze
2014-04-10 12:22 - 2012-12-09 19:46 - 00000388 _____ () C:\Windows\Tasks\HPCeeScheduleForApril Bowers Agency.job
2014-04-10 12:19 - 2014-04-09 20:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 12:14 - 2010-11-21 13:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-10 12:05 - 2013-11-13 09:55 - 00003458 _____ () C:\Windows\System32\Tasks\IE11
2014-04-10 12:04 - 2010-09-20 19:27 - 01728899 _____ () C:\Windows\WindowsUpdate.log
2014-04-10 11:43 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 11:43 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 11:34 - 2011-01-18 10:18 - 00041986 _____ () C:\Windows\setupact.log
2014-04-10 11:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 11:31 - 2011-01-13 11:06 - 00000000 ____D () C:\Windows\pss
2014-04-10 11:19 - 2010-09-20 21:48 - 00817954 _____ () C:\Windows\PFRO.log
2014-04-10 10:05 - 2014-04-09 17:39 - 00000000 ____D () C:\Windows\ERDNT
2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
2014-04-10 09:17 - 2014-04-10 09:17 - 00030510 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
2014-04-09 22:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 21:46 - 2013-08-22 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-09 21:34 - 2012-05-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-09 21:22 - 2014-04-09 21:05 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 21:01 - 2014-04-09 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
2014-04-09 20:05 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-09 19:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-09 19:41 - 2010-11-19 09:52 - 00000000 ____D () C:\Users\April Bowers Agency
2014-04-09 19:11 - 2009-07-13 23:45 - 00302176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
2014-04-09 17:31 - 2014-04-09 17:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
2014-04-09 15:54 - 2010-11-19 09:53 - 00068736 _____ () C:\Users\April Bowers Agency\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-09 14:41 - 2014-04-09 14:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-09 14:41 - 2014-04-09 14:37 - 00012827 _____ () C:\Windows\IE11_main.log
2014-04-09 13:43 - 2014-04-08 20:35 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
2014-04-09 13:19 - 2013-08-14 18:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 12:51 - 2014-04-08 15:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-09 12:51 - 2014-01-24 10:31 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\ICAClient
2014-04-09 12:51 - 2013-04-26 08:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-09 12:51 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Network Associates
2014-04-09 12:51 - 2010-09-20 19:39 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-04-09 12:51 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-09 12:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-09 11:49 - 2014-04-09 11:36 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-04-09 11:42 - 2012-08-22 13:42 - 00000000 ____D () C:\Quarantine
2014-04-09 11:31 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\easy file
2014-04-09 11:23 - 2014-04-09 11:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
2014-04-09 09:22 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
2014-04-08 20:55 - 2014-04-08 15:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-08 20:54 - 2014-04-08 15:45 - 00000000 ____D () C:\$AVG
2014-04-08 20:41 - 2012-09-28 18:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\tiffs hours
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-01-20 11:02 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\files for system
2014-04-08 18:03 - 2012-04-27 14:35 - 00000160 _____ () C:\Windows\setscan.ini
2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-04-08 16:48 - 2011-05-23 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-08 16:47 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-08 16:09 - 2011-05-23 14:50 - 00000000 ____D () C:\Program Files\Google
2014-04-08 16:02 - 2011-05-23 14:50 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Google
2014-04-08 16:02 - 2011-05-23 14:49 - 00000000 ____D () C:\ProgramData\Google
2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
2014-04-08 13:20 - 2014-01-27 15:44 - 00000000 _____ () C:\Users\April Bowers Agency\Documents\MetroFax_4_4_Port
2014-04-08 10:35 - 2010-11-20 10:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-08 10:34 - 2012-02-18 13:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-08 10:29 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 10:24 - 2010-09-20 19:28 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-04 16:34 - 2014-04-04 16:34 - 00000064 _____ () C:\Windows\system32\txlanj.xiz
2014-04-04 16:34 - 2014-04-04 16:34 - 00000000 _____ () C:\Windows\system32\avkyz.fqp
2014-04-04 16:18 - 2014-04-04 16:18 - 00305834 ____S () C:\Windows\system32\rxdkjif.gjl
2014-04-04 16:12 - 2011-03-22 13:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\April Bowers Agency Info
2014-04-04 14:33 - 2012-05-17 12:05 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\marketing tiffs
2014-04-03 09:51 - 2014-04-09 21:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:51 - 2014-04-09 20:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-09 21:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-19 10:10 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2010-11-20 10:16 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-25 14:04 - 2012-05-07 14:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\LETTERS, NOTICES TO USE
2014-03-22 12:22 - 2012-12-09 19:46 - 00003270 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForApril Bowers Agency
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-03-19 12:40 - 2014-03-19 12:39 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-19 12:23 - 2010-11-19 22:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
2014-03-19 11:56 - 2013-10-25 17:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-13 14:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-13 10:12 - 2011-12-01 13:56 - 00000000 ____D () C:\ProgramData\WebEx
2014-03-12 06:57 - 2012-05-08 08:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 06:57 - 2012-05-08 08:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 06:57 - 2011-10-11 08:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-27 17:50] - [2010-11-20 08:27] - 0520192 ____A (Microsoft Corporation) BA54484B31B036EE87483A360EC0EA55

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 00:39

==================== End Of Log ============================

Addition.txt

Link to post
Share on other sites
B-boy/StyLe/

B-boy/StyLe/

Posted
Posted

Hello! Welcome to Malwarebytes Forums! welcome.gif
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

  • Please re-run FRST again and type the following in the edit box after Search: rpcss.dll
  • Click the Search button
  • It will make a log (Search.txt)- please post the log into your reply to me. (you can use pastebin as well).

 

 

Regards,

Georgi

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

I am having my speakers go off .. even when nothing is on.. and pop ups..

 

thank you again!!! YOU ROCK!!!!!! ;))) :ph34r:

 

Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by April Bowers Agency at 2014-04-10 18:00:00
Running from C:\Users\April Bowers Agency\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-06-27 17:50] - [2010-11-20 08:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2011-06-27 17:50] - [2010-11-20 08:27] - 0520192 ____A (Microsoft Corporation) BA54484B31B036EE87483A360EC0EA55

====== End Of Search ======

Link to post
Share on other sites
B-boy/StyLe/

B-boy/StyLe/

Posted
Posted

Hello,

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also let me know how are things now.

 

 

Regards,

Georgi

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by April Bowers Agency (administrator) on APRILBOWERSINS2 on 11-04-2014 10:07:21
Running from C:\Users\April Bowers Agency\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\system32\PrintDisp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(ScanPoint, Inc.) C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe
(j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Juniper Networks, Inc.) C:\Users\April Bowers Agency\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(ScanPoint) C:\Program Files (x86)\ScanPoint\DocBuild Plus\dbviewer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(ScanPoint) C:\Program Files (x86)\ScanPoint\DocBuild Plus\dbviewer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(ScanPoint) C:\Program Files (x86)\ScanPoint\DocBuild Plus\dbviewer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Juniper Networks") C:\Users\April Bowers Agency\AppData\Roaming\Juniper Networks\Host Checker\dsHostChecker.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Secure Application Manager\dsSamProxy.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Secure Application Manager\dsSamUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfica32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [screwDrivers RDP Plugin] - C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
HKLM\...\Run: [CANON DR2510C SVC] - C:\Windows\system32\DR251SVC.dll [158720 2009-09-15] (Canon Electronics)
HKLM\...\Run: [PrintDisp] - C:\Windows\system32\PrintDisp.exe [875008 2013-02-10] (ActMask Co.,Ltd - http://www.all2pdf.com)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [256152 2011-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [startCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [CDAServer] - C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe [311296 2010-07-29] ()
HKLM-x32\...\Run: [EFUpdater] - C:\Program Files (x86)\ScanPoint\Easyfile\clientupdate.exe [81920 2012-11-29] (ScanPoint, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [shStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-25] (Hewlett-Packard)
HKU\S-1-5-21-4234849188-1163541568-2843079188-1000\...\Run: [MetroFax 4.4] - C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe [95232 2013-12-10] (j2 Global, Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hotfolder.lnk
ShortcutTarget: Hotfolder.lnk -> C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe (ScanPoint, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MetroFax 4.4.lnk
ShortcutTarget: MetroFax 4.4.lnk -> C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe (j2 Global, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netlogin.bat ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {8A2A1F46-B256-4F42-BB7E-97F8A6A06F11} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - 197F8597FDE1425FA34FE4EB92076F5B URL = http://mysearch.avg.com/search?cid={43CE3F6A-E2FA-477D-8E0A-786FD9F12614}&mid=51294f39f16447d2bd4605cc2242a07b-acee7f0a0a68a23e1acdbc83359e9745286962de〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-08 15:49:18&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {31DCD56E-EB15-43F2-A979-C874D0B401C6} URL =
SearchScopes: HKCU - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -  No File
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

==================== Services (Whitelisted) =================

R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [641336 2011-09-12] (McAfee, Inc.)
S4 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
S4 LkWebLink; C:\Users\April Bowers Agency\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [32768 2007-09-20] (Inter-Tel (Delaware), Inc)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-07-10] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-08-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-07-10] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes)
S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [48840 2011-10-07] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [195024 2011-09-12] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-07-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-07-10] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481504 2011-08-16] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-07-10] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-08-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-07-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-07-10] (McAfee, Inc.)
R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Firehk; system32\DRIVERS\firehk.sys [X]
S3 FirehkMP; system32\DRIVERS\firehk.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-11 09:59 - 2014-04-11 10:00 - 00001788 _____ () C:\Users\April Bowers Agency\Downloads\fixlist.txt
2014-04-10 18:00 - 2014-04-10 18:12 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
2014-04-10 12:57 - 2014-04-11 10:07 - 00020552 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
2014-04-10 12:57 - 2014-04-11 10:07 - 00000000 ____D () C:\FRST
2014-04-10 12:57 - 2014-04-10 12:57 - 02157056 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
2014-04-10 09:17 - 2014-04-10 12:59 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 21:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 21:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 21:05 - 2014-04-09 21:22 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
2014-04-09 20:33 - 2014-04-11 08:48 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 20:33 - 2014-04-09 21:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-09 20:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
2014-04-09 17:39 - 2014-04-10 10:05 - 00000000 ____D () C:\Windows\ERDNT
2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
2014-04-09 17:30 - 2014-04-09 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-09 14:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-09 14:40 - 2014-04-09 14:41 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-09 14:37 - 2014-04-09 14:41 - 00012827 _____ () C:\Windows\IE11_main.log
2014-04-09 13:45 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-04-09 13:45 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-09 11:36 - 2014-04-09 11:49 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-04-09 11:21 - 2014-04-09 11:23 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
2014-04-08 20:35 - 2014-04-09 13:43 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
2014-04-08 15:45 - 2014-04-08 20:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-08 15:45 - 2014-04-08 20:54 - 00000000 ____D () C:\$AVG
2014-04-08 15:40 - 2014-04-09 12:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-08 15:40 - 2014-04-09 09:22 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-04 16:56 - 2014-04-11 09:38 - 00000088 _____ () C:\Windows\system32\zdmm.zze
2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-04 16:34 - 2014-04-04 16:34 - 00000064 _____ () C:\Windows\system32\txlanj.xiz
2014-04-04 16:34 - 2014-04-04 16:34 - 00000000 _____ () C:\Windows\system32\avkyz.fqp
2014-04-04 16:18 - 2014-04-04 16:18 - 00305834 ____S () C:\Windows\system32\rxdkjif.gjl
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-03-19 12:39 - 2014-03-19 12:40 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
2014-03-13 03:01 - 2014-02-23 02:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 03:01 - 2014-02-23 01:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 03:01 - 2014-02-23 01:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 03:01 - 2014-02-23 01:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 03:01 - 2014-02-23 01:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 03:01 - 2014-02-23 01:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 03:01 - 2014-02-23 01:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-13 03:01 - 2014-02-23 01:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 03:01 - 2014-02-23 01:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 03:01 - 2014-02-23 01:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-13 03:01 - 2014-02-23 01:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 03:01 - 2014-02-23 01:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 03:01 - 2014-02-23 01:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 03:01 - 2014-02-23 01:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 03:01 - 2014-02-23 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-13 03:01 - 2014-02-23 01:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 03:01 - 2014-02-23 00:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 03:01 - 2014-02-23 00:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 03:01 - 2014-02-23 00:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 03:01 - 2014-02-23 00:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 03:01 - 2014-02-23 00:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 03:01 - 2014-02-23 00:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 03:01 - 2014-02-23 00:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-13 03:01 - 2014-02-23 00:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 03:01 - 2014-02-23 00:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 03:01 - 2014-02-23 00:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-13 03:01 - 2014-02-23 00:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 03:01 - 2014-02-23 00:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-13 03:01 - 2014-02-23 00:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 01:43 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 01:43 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 01:43 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 01:43 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 01:43 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 01:43 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 01:43 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 01:43 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll

==================== One Month Modified Files and Folders =======

2014-04-11 10:07 - 2014-04-10 12:57 - 00020552 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
2014-04-11 10:07 - 2014-04-10 12:57 - 00000000 ____D () C:\FRST
2014-04-11 10:00 - 2014-04-11 09:59 - 00001788 _____ () C:\Users\April Bowers Agency\Downloads\fixlist.txt
2014-04-11 09:57 - 2012-05-08 08:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-11 09:38 - 2014-04-04 16:56 - 00000088 _____ () C:\Windows\system32\zdmm.zze
2014-04-11 09:20 - 2013-11-13 09:55 - 00003458 _____ () C:\Windows\System32\Tasks\IE11
2014-04-11 09:16 - 2013-05-06 08:53 - 00003458 _____ () C:\Windows\System32\Tasks\IE10
2014-04-11 08:48 - 2014-04-09 20:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-11 06:53 - 2010-09-20 19:27 - 01794109 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 06:22 - 2012-12-09 19:46 - 00000388 _____ () C:\Windows\Tasks\HPCeeScheduleForApril Bowers Agency.job
2014-04-10 18:12 - 2014-04-10 18:00 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
2014-04-10 17:36 - 2010-11-21 13:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
2014-04-10 12:59 - 2014-04-10 09:17 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
2014-04-10 12:57 - 2014-04-10 12:57 - 02157056 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
2014-04-10 11:43 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-10 11:43 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-10 11:34 - 2011-01-18 10:18 - 00041986 _____ () C:\Windows\setupact.log
2014-04-10 11:34 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-10 11:31 - 2011-01-13 11:06 - 00000000 ____D () C:\Windows\pss
2014-04-10 11:19 - 2010-09-20 21:48 - 00817954 _____ () C:\Windows\PFRO.log
2014-04-10 10:05 - 2014-04-09 17:39 - 00000000 ____D () C:\Windows\ERDNT
2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
2014-04-09 22:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 21:46 - 2013-08-22 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-09 21:34 - 2012-05-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-09 21:22 - 2014-04-09 21:05 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 21:01 - 2014-04-09 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
2014-04-09 20:05 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-09 19:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-09 19:41 - 2010-11-19 09:52 - 00000000 ____D () C:\Users\April Bowers Agency
2014-04-09 19:11 - 2009-07-13 23:45 - 00302176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
2014-04-09 17:31 - 2014-04-09 17:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
2014-04-09 15:54 - 2010-11-19 09:53 - 00068736 _____ () C:\Users\April Bowers Agency\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-09 14:41 - 2014-04-09 14:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-09 14:41 - 2014-04-09 14:37 - 00012827 _____ () C:\Windows\IE11_main.log
2014-04-09 13:43 - 2014-04-08 20:35 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
2014-04-09 13:19 - 2013-08-14 18:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 12:51 - 2014-04-08 15:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-09 12:51 - 2014-01-24 10:31 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\ICAClient
2014-04-09 12:51 - 2013-04-26 08:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-09 12:51 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Network Associates
2014-04-09 12:51 - 2010-09-20 19:39 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-04-09 12:51 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-09 12:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-09 11:49 - 2014-04-09 11:36 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-04-09 11:42 - 2012-08-22 13:42 - 00000000 ____D () C:\Quarantine
2014-04-09 11:31 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\easy file
2014-04-09 11:23 - 2014-04-09 11:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
2014-04-09 09:22 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
2014-04-08 20:55 - 2014-04-08 15:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-08 20:54 - 2014-04-08 15:45 - 00000000 ____D () C:\$AVG
2014-04-08 20:41 - 2012-09-28 18:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\tiffs hours
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-01-20 11:02 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\files for system
2014-04-08 18:03 - 2012-04-27 14:35 - 00000160 _____ () C:\Windows\setscan.ini
2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-04-08 16:48 - 2011-05-23 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-08 16:47 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-08 16:09 - 2011-05-23 14:50 - 00000000 ____D () C:\Program Files\Google
2014-04-08 16:02 - 2011-05-23 14:50 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Google
2014-04-08 16:02 - 2011-05-23 14:49 - 00000000 ____D () C:\ProgramData\Google
2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
2014-04-08 13:20 - 2014-01-27 15:44 - 00000000 _____ () C:\Users\April Bowers Agency\Documents\MetroFax_4_4_Port
2014-04-08 10:35 - 2010-11-20 10:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-08 10:34 - 2012-02-18 13:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-08 10:29 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-08 10:24 - 2010-09-20 19:28 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-04 16:34 - 2014-04-04 16:34 - 00000064 _____ () C:\Windows\system32\txlanj.xiz
2014-04-04 16:34 - 2014-04-04 16:34 - 00000000 _____ () C:\Windows\system32\avkyz.fqp
2014-04-04 16:18 - 2014-04-04 16:18 - 00305834 ____S () C:\Windows\system32\rxdkjif.gjl
2014-04-04 16:12 - 2011-03-22 13:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\April Bowers Agency Info
2014-04-04 14:33 - 2012-05-17 12:05 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\marketing tiffs
2014-04-03 09:51 - 2014-04-09 21:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:51 - 2014-04-09 20:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-09 21:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-19 10:10 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2010-11-20 10:16 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-25 14:04 - 2012-05-07 14:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\LETTERS, NOTICES TO USE
2014-03-22 12:22 - 2012-12-09 19:46 - 00003270 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForApril Bowers Agency
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-03-19 12:40 - 2014-03-19 12:39 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-19 12:23 - 2010-11-19 22:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
2014-03-19 11:56 - 2013-10-25 17:23 - 00000000 ____D () C:\ProgramData\Oracle
2014-03-13 14:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-13 10:12 - 2011-12-01 13:56 - 00000000 ____D () C:\ProgramData\WebEx
2014-03-12 06:57 - 2012-05-08 08:47 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 06:57 - 2012-05-08 08:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 06:57 - 2011-10-11 08:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-27 17:50] - [2010-11-20 08:27] - 0520192 ____A (Microsoft Corporation) BA54484B31B036EE87483A360EC0EA55

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 00:39

==================== End Of Log ============================

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

ok.. i have a question.. i put fixlist into the downloads folder.. but was i suppose to put it on top of first64 ????  if it did not work that might be why.. its only inthe folder and  its like 3 away from frst64 

fixlist.txt

front4 ( a pic )

first.txt

first64

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

sorry.. i was an airhead and forgot to click the fix button because the report popped up.. :(

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by April Bowers Agency at 2014-04-11 10:33:02 Run:1
Running from C:\Users\April Bowers Agency\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
SearchScopes: HKLM - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/w...}&l=dis&o=ushpd
SearchScopes: HKCU - {1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} URL = http://www.ask.com/w...}&l=dis&o=ushpd
BHO-x32: No Name - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
2014-04-04 16:56 - 2014-04-10 12:52 - 00000087 _____ () C:\Windows\system32\zdmm.zze
2014-04-04 16:34 - 2014-04-04 16:34 - 00000064 _____ () C:\Windows\system32\txlanj.xiz
2014-04-04 16:34 - 2014-04-04 16:34 - 00000000 _____ () C:\Windows\system32\avkyz.fqp
2014-04-04 16:18 - 2014-04-04 16:18 - 00305834 ____S () C:\Windows\system32\rxdkjif.gjl
Replace: C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\Windows\System32\rpcss.dll
Reboot:
end
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} => Key deleted successfully.
HKCR\CLSID\{1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} => Key deleted successfully.
HKCR\CLSID\{1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
C:\Windows\system32\zdmm.zze => Moved successfully.
C:\Windows\system32\txlanj.xiz => Moved successfully.
Could not move "C:\Windows\system32\avkyz.fqp" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\rxdkjif.gjl" => Scheduled to move on reboot.
C:\Windows\System32\rpcss.dll => Moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\Windows\System32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-11 10:37:03)<=

C:\Windows\system32\avkyz.fqp => Is moved successfully.
C:\Windows\system32\rxdkjif.gjl => Is moved successfully.

==== End of Fixlog ====

Link to post
Share on other sites
B-boy/StyLe/

B-boy/StyLe/

Posted
Posted

Hi,

 

No worries. I am here to guide you through the steps till the end of the cleaning process. :)

 

Please download Malwarebytes Anti-Malware to your desktop.
 

  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • With some infections, you may see this message box.
    • 'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

Regards,

Georgi

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

" NO MALICIOUS ITEMS WERE DETECTED"

 

So it did not ask me to restart

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/11/2014
Scan Time: 1:22:07 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.11.11
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: April Bowers Agency

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 309649
Time Elapsed: 25 min, 19 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Link to post
Share on other sites
B-boy/StyLe/

B-boy/StyLe/

Posted
Posted

Nice work! We managed to clean the infection! smile.png

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please post the log in your next reply.

 

 

STEP 2

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!
 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 3

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

and then if there aren't any issues left I'll give you my final recommendations. smile.png

 

 

Regards,

Georgi

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

:wub:  You are amazing!!!!

 

Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/14/2014 12:11:29 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Windows\System32\PrintDisp.exe (PID: 2544) [WD-HEUR]

1 proccess terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 04/14/2014 12:14:26 PM
Execution time: 0 hours(s), 2 minute(s), and 57 seconds(s)

 

HitmanPro 3.7.9.216www.hitmanpro.com   Computer name . . . . : APRILBOWERSINS2   Windows . . . . . . . : 6.1.1.7601.X64/2   User name . . . . . . : AprilBowersIns2\April Bowers Agency   UAC . . . . . . . . . : Disabled   License . . . . . . . : Free   Scan date . . . . . . : 2014-04-14 12:34:41   Scan mode . . . . . . : Normal   Scan duration . . . . : 4m 29s   Disk access mode  . . : Direct disk access (SRB)   Cloud . . . . . . . . : Internet   Reboot  . . . . . . . : No   Threats . . . . . . . : 0   Traces  . . . . . . . : 9   Objects scanned . . . : 1,337,894   Files scanned . . . . : 32,386   Remnants scanned  . . : 328,020 files / 977,488 keysPotential Unwanted Programs _________________________________________________   ask.com   C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Web Data   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3}\ (AskBar)Cookies _____________________________________________________________________   C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Cookies\0PG1RD6B.txt   C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Cookies\4A4PO5SK.txt   C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Cookies\4L94TYZA.txt   C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Cookies\6ST8EXV1.txt   C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Cookies\C9GEFI28.txt   C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Cookies\F0M8W1RI.txt   C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Cookies\PFAE3578.txt

 

 Results of screen317's Security Check version 0.99.81 
 Windows 7 Service Pack 1 x64 (UAC is disabled!) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
McAfee VirusScan Enterprise  
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 McAfee SiteAdvisor Enterprise Plus 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

Link to post
Share on other sites
B-boy/StyLe/

B-boy/StyLe/

Posted
Posted

Hello,

 

Nice work...We are almost done here. :)

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "run as administrator".

 

Copy the following text

 

reg delete "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1B0C79B2-74B3-4296-8ADD-AAD0CB28D8D3}" /f

 

and right-click at the command prompt and then click Paste and hit Enter.

 

Close the Command Prompt now.

 

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.
Please download Adobe Reader 11.0.06 to your PC's desktop.
 

  • Uninstall Adobe Reader 10.0.9 via Start => Control Panel > Uninstall a program
  • Install the new downloaded updated software.

 

 

Also it's a good idea to defragment your system drive: (only if your HDD is not SSD)

 

Please Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter

Select the drive you want to Defragment (the drive where Windows is installed).

Click Defragment Now.

 

 

 

Also if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

STEP 1

 

  • Please download RogueKillerX64.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
  • Click the Start Scan button.
     
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

 

 

 

I'll give you my final recommendations in my next reply. smile.png

 

 

Regards,

Georgi

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

sorry.. I started this.. but could not make it the rest of the day..  We had to put my dog down yesterday.. 17 years old.  I have been a mess.. :(

 

so here it goes:

so the command thing said file not found on the 14th when i started to do this.. but today, jsut now it worked..

 

 

I am doing the rest and will get back to you

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

here we go:

1)  http://pastebin.com/ZRkJxe8f

 

2) http://pastebin.com/iA58MABa

 

3)

Farbar Service Scanner Version: 25-02-2014
Ran by April Bowers Agency (administrator) on 17-04-2014 at 17:05:39
Running from "C:\Users\April Bowers Agency\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

oh crap ... i went on youtube.com to listen to a video and when it was done.. my computer just restarted for no reason.. when it came back up teh speakers were going again.. it has not been doing that since the 2nd day i was working with you!!! uggggghhhh :angry2:  wtheck... i just wanted to listen to john legends " all of me" because that song was on when i was reading a letter from my dad about putting down my dog and that song spoke to me and is helping me cope by listening to it... I think it loaded another stinking bug..

 

Link to post
Share on other sites
B-boy/StyLe/

B-boy/StyLe/

Posted
Posted

sorry.. I started this.. but could not make it the rest of the day..  We had to put my dog down yesterday.. 17 years old.  I have been a mess.. :(

 

so here it goes:

so the command thing said file not found on the 14th when i started to do this.. but today, jsut now it worked..

 

 

I am doing the rest and will get back to you

 

Hello,

 

Thank you for the update. I am sorry to hear about your dog. :(

 

About the cmd - I saw an error in my instructions and edited the post and that's why it worked when you tried the command again.. Sorry for the inconvenience...tired eyes. :)

 

Both logs are clean but the log from Farbar Service Scanner is cut-off. Can you please post the full log? Thanks!

 

 

oh crap ... i went on youtube.com to listen to a video and when it was done.. my computer just restarted for no reason.. when it came back up teh speakers were going again.. it has not been doing that since the 2nd day i was working with you!!! uggggghhhh :angry2:  wtheck... i just wanted to listen to john legends " all of me" because that song was on when i was reading a letter from my dad about putting down my dog and that song spoke to me and is helping me cope by listening to it... I think it loaded another stinking bug..

 

Well...we need to check the system again then. When we remove the bugs (if any are present on the system) then I'll give you my final recommendations on how to avoid re-infection in the future. Please download the latest version of Farbar Recovery Scan tool frol the link below and run a new scan, then post the log in your next reply:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Wish you nice holidays! :)

 

 

 

Regards,

Georgi

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

Just fyi too.. some search blinkx.com thingy.. malwarebytes is blocking i got a few pop ups yesterday about that and 3 today while turning on computer..

I still had farbar on from recent run so it updated and i scanned it..

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-04-2014 01
Ran by April Bowers Agency (administrator) on APRILBOWERSINS2 on 18-04-2014 09:29:30
Running from C:\Users\April Bowers Agency\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(McAfee, Inc.) C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\mfeann.exe
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\system32\PrintDisp.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
() C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\Receiver\Receiver.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe
(ScanPoint, Inc.) C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe
(j2 Global, Inc.) C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
(Juniper Networks, Inc.) C:\Users\April Bowers Agency\AppData\Roaming\Juniper Networks\Setup Client\JuniperSetupClient.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
(Microsoft Corporation) C:\Windows\system32\LogonUI.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [screwDrivers RDP Plugin] => C:\Program Files (x86)\triCerat\Simplify Printing\ScrewDrivers Client v4\install_rdp.exe [136520 2011-08-26] ()
HKLM\...\Run: [CANON DR2510C SVC] => C:\Windows\system32\DR251SVC.dll [158720 2009-09-15] (Canon Electronics)
HKLM\...\Run: [PrintDisp] => C:\Windows\system32\PrintDisp.exe [559752 2014-03-04] (ActMask Co.,Ltd - http://www.all2pdf.com)
HKLM\...\Run: [McAfee Host Intrusion Prevention Tray] => C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe [256152 2011-09-12] (McAfee, Inc.)
HKLM-x32\...\Run: [startCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CDAServer] => C:\Program Files (x86)\Common Files\Common Desktop Agent\CDASrv.exe [311296 2010-07-29] ()
HKLM-x32\...\Run: [EFUpdater] => C:\Program Files (x86)\ScanPoint\Easyfile\clientupdate.exe [81920 2012-11-29] (ScanPoint, Inc.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [383544 2012-12-14] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [shStatEXE] => C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [215656 2012-08-14] (McAfee, Inc.)
HKLM-x32\...\Run: [McAfeeUpdaterUI] => C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333376 2011-11-15] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-04-08] (Hewlett-Packard)
HKU\S-1-5-21-4234849188-1163541568-2843079188-1000\...\Run: [MetroFax 4.4] => C:\Program Files (x86)\MetroFax Messenger 4.4\J2GDllCmd.exe [95232 2013-12-10] (j2 Global, Inc.)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [256568 2012-12-14] (Citrix Systems, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Hotfolder.lnk
ShortcutTarget: Hotfolder.lnk -> C:\Program Files (x86)\ScanPoint\Easyfile\hotfolder.exe (ScanPoint, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MetroFax 4.4.lnk
ShortcutTarget: MetroFax 4.4.lnk -> C:\Program Files (x86)\MetroFax Messenger 4.4\J2GTray.exe (j2 Global, Inc.)
Startup: C:\Users\April Bowers Agency\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netlogin.bat ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {8A2A1F46-B256-4F42-BB7E-97F8A6A06F11} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - 197F8597FDE1425FA34FE4EB92076F5B URL = http://mysearch.avg.com/search?cid={43CE3F6A-E2FA-477D-8E0A-786FD9F12614}&mid=51294f39f16447d2bd4605cc2242a07b-acee7f0a0a68a23e1acdbc83359e9745286962de〈=en&ds=AVG&coid=avgtbavg&cmpid=&pr=pr&d=2014-04-08 15:49:18&v=18.0.5.292&pid=safeguard&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {31DCD56E-EB15-43F2-A979-C874D0B401C6} URL =
SearchScopes: HKCU - {3467317D-8403-488B-B107-487CFB015395} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130710110811.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {33415AC7-AFFA-4D55-B41C-C64C0D07DFCA} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {9916D178-71C8-4764-969C-95B9B67A1F76} https://onestop.nationwide.com/one-stop-web/scan/OneStopScan.CAB
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.1.10.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0041-ABCDEFFEDCBA} [2013-02-26]
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
FF Extension: McAfee SiteAdvisor Enterprise - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\ []
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF Extension: IDS_SS_NAME - C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013-02-21]

Chrome:
=======


CHR Extension: (Docs) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14]
CHR Extension: (Google Drive) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (YouTube) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14]
CHR Extension: (Google Search) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14]
CHR Extension: (Google Wallet) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-14]
CHR Extension: (Gmail) - C:\Users\April Bowers Agency\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14]

==================== Services (Whitelisted) =================

R2 enterceptAgent; C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe [641336 2011-09-12] (McAfee, Inc.)
S4 HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [107576 2010-03-11] ()
S4 LkWebLink; C:\Users\April Bowers Agency\Documents\Inter-Tel\Collaboration Client 2.0\lkWebLink.exe [32768 2007-09-20] (Inter-Tel (Delaware), Inc)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [226624 2010-03-25] (McAfee, Inc.)
R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132672 2011-11-15] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [201864 2013-07-10] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\vstskmgr.exe [209760 2011-09-14] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [208272 2011-08-09] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [170440 2013-07-10] (McAfee, Inc.)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [635416 2009-10-14] (PDF Complete Inc)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R3 DM150Drv; C:\Windows\System32\DRIVERS\DM150Drv.sys [24312 2010-07-30] (Pitney Bowes)
S3 FireNfcp; C:\Windows\System32\drivers\FireNfcp.sys [48840 2011-10-07] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [195024 2011-09-12] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-18] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [160952 2013-07-10] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [274880 2013-07-10] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [481504 2011-08-16] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [665768 2013-07-10] (McAfee, Inc.)
R1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [75672 2011-08-16] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [101200 2013-07-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [303464 2013-07-10] (McAfee, Inc.)
R1 NEOFLTR_720_21697; C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS [100728 2012-08-23] (Juniper Networks)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 Firehk; system32\DRIVERS\firehk.sys [X]
S3 FirehkMP; system32\DRIVERS\firehk.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 75E4BACA583AE02C11E9AC8747E2ABE0
C:\Windows\System32\DRIVERS\atikmpag.sys B765CF4B32F347BE747B21AE22641025
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdsata.sys F747497A0EE5498F79B207F215B3D2D8
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys 2946D695E158615BAAA16248E63C7ADB
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AtiPcie64.sys E82E61F46D1336447F4DEFF8C074F13E
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ctxusbm.sys C20E2A7A29F06A69C40E949255257B01
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\DM150Drv.sys F2BD97B3AF9557F8B17AD9FA831BFE11
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\drivers\FireNfcp.sys 528EB2FCEBA6B12E28159DCD2DE97763
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HipShieldK.sys B18B4AB7012EF2304546DF6D0D6C656D
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 2B888BBDF6962E608A5E1A1D7A626ADF
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys FD5465B876D55534117963FAAA4B9DFC
C:\Windows\system32\drivers\MBAMSwissArmy.sys 6140163BFE9D8F2DFDBA088ED5521C13
C:\Windows\system32\drivers\mwac.sys C49915271600CFC2305FAA4271D0002F
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys 581AFAFA23A61CE6C4D96EFB2A28DE8C
C:\Windows\System32\drivers\mfeavfk.sys DCC7ACD0A249B0952A7C73BA85CF5DC4
C:\Windows\System32\drivers\mfefirek.sys DF470D7B1F7E17998C352F8215AF2C37
C:\Windows\System32\drivers\mfehidk.sys 3EF12141921EDEC8D83C644759AD7F00
C:\Windows\System32\DRIVERS\mfenlfk.sys C18DDD3B83E941571634DB0D82A70023
C:\Windows\System32\drivers\mferkdet.sys 92FD2EB7C52B4A8504BCE111F5810B55
C:\Windows\System32\drivers\mfewfpk.sys 173751FF26D45B462D0D27E1561912C2
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\system32\Drivers\NEOFLTR_720_21697.SYS A35AE9B54B4C854E4B90940EF7FC0864
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\system32\DRIVERS\usbfilter.sys 2C780746DC44A28FE67004DC58173F05
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-18 09:29 - 2014-04-18 09:29 - 00000000 ____D () C:\Users\April Bowers Agency\Downloads\FRST-OlderVersion
2014-04-17 17:35 - 2014-04-18 09:25 - 00000086 _____ () C:\Windows\system32\tuflbf.xus
2014-04-17 17:28 - 2014-04-18 09:16 - 00037888 _____ () C:\Windows\system32\qjkhykp.ldz
2014-04-17 17:25 - 2014-04-18 09:16 - 00000109 _____ () C:\Windows\system32\uyhkvj.mnr
2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\liroxn.ase
2014-04-17 17:09 - 2014-04-17 17:09 - 00301959 ____S () C:\Windows\system32\jvfaz.ofr
2014-04-17 17:09 - 2014-04-17 17:09 - 00245760 _____ (Applied Systems) C:\Users\April Bowers Agency\AppData\Roaming\yxxqj.dll
2014-04-17 17:05 - 2014-04-17 17:05 - 00409600 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FSS.exe
2014-04-17 17:05 - 2014-04-17 17:05 - 00002249 _____ () C:\Users\April Bowers Agency\Desktop\FSS.txt
2014-04-17 16:26 - 2014-04-17 16:26 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\April Bowers Agency\Desktop\tdsskiller.exe
2014-04-17 16:16 - 2014-04-17 16:16 - 00003314 _____ () C:\Users\April Bowers Agency\Desktop\RKreport[0]_S_04172014_161650.txt
2014-04-17 16:11 - 2014-04-17 17:42 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\RK_Quarantine
2014-04-15 09:30 - 2014-04-15 09:30 - 00002022 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-15 09:28 - 2014-04-15 09:29 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\April Bowers Agency\Downloads\AdbeRdr11006_en_US.exe
2014-04-15 09:10 - 2014-04-15 09:10 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\CrashDumps
2014-04-14 14:23 - 2014-04-14 14:23 - 00002609 _____ () C:\Users\Public\Desktop\DocBuild Plus.lnk
2014-04-14 14:23 - 2014-04-14 14:23 - 00001446 _____ () C:\Users\Public\Desktop\Docs.lnk
2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\SureScan
2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\ScanPoint Printer
2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\DocBuild
2014-04-14 14:23 - 2013-05-29 11:43 - 00929792 _____ (ActMask http://www.all2pdf.com) C:\Windows\SysWOW64\SaveTo.dll
2014-04-14 14:18 - 2013-12-07 13:25 - 04454128 _____ (DynaForms GmbH) C:\Windows\SysWOW64\CPDF4.dll
2014-04-14 12:50 - 2014-04-14 12:50 - 00001008 _____ () C:\Users\April Bowers Agency\Desktop\checkup.txt
2014-04-14 12:49 - 2014-04-14 12:49 - 00987448 _____ () C:\Users\April Bowers Agency\Desktop\SecurityCheck.exe
2014-04-14 12:48 - 2014-04-14 12:48 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck (1).exe
2014-04-14 12:48 - 2014-04-14 12:48 - 00003450 _____ () C:\Users\April Bowers Agency\Desktop\HitmanPro_20140414_1248.log
2014-04-14 12:34 - 2014-04-14 12:48 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-14 11:43 - 2014-04-14 11:44 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\New folder
2014-04-14 09:21 - 2014-04-18 09:31 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-14 09:21 - 2014-04-18 09:31 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-14 09:21 - 2014-04-14 09:26 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-14 09:21 - 2014-04-14 09:26 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-12 03:01 - 2014-03-07 23:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 03:01 - 2014-03-07 23:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 03:01 - 2014-03-07 22:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 03:01 - 2014-03-07 22:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 03:01 - 2014-03-07 22:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 03:01 - 2014-03-07 22:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-12 03:01 - 2014-03-07 22:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-12 03:01 - 2014-03-07 22:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 03:01 - 2014-03-07 22:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-12 03:01 - 2014-03-07 22:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-12 03:01 - 2014-03-07 22:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-12 03:01 - 2014-03-07 22:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 03:01 - 2014-03-07 22:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 03:01 - 2014-03-07 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-12 03:01 - 2014-03-07 22:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 03:01 - 2014-03-07 22:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 03:01 - 2014-03-07 18:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 03:01 - 2014-03-07 18:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-12 03:01 - 2014-03-07 18:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-12 03:01 - 2014-03-07 18:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-12 03:01 - 2014-03-07 18:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-12 03:01 - 2014-03-07 18:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-12 03:01 - 2014-03-07 17:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 03:01 - 2014-03-07 17:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-12 03:01 - 2014-03-07 17:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-12 03:01 - 2014-03-07 17:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-12 03:01 - 2014-03-07 17:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 03:01 - 2014-03-07 17:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-12 03:01 - 2014-03-07 17:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 03:01 - 2014-03-07 17:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-12 03:01 - 2014-03-07 17:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-12 03:00 - 2014-03-07 18:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-11 13:50 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-11 13:50 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-11 13:50 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-11 13:50 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-11 13:50 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-11 13:50 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-11 13:50 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-11 13:50 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-11 13:50 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-11 13:50 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-11 13:50 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-11 13:50 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-11 13:50 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-11 13:50 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-11 13:50 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-11 13:50 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-11 13:50 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 18:00 - 2014-04-10 18:12 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
2014-04-10 12:57 - 2014-04-18 09:29 - 02158592 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
2014-04-10 12:57 - 2014-04-18 09:29 - 00037921 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
2014-04-10 12:57 - 2014-04-18 09:29 - 00000000 ____D () C:\FRST
2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
2014-04-10 09:17 - 2014-04-10 12:59 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 21:46 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 21:46 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 21:05 - 2014-04-09 21:22 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
2014-04-09 20:33 - 2014-04-18 09:17 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-09 20:33 - 2014-04-09 21:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-09 20:33 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
2014-04-09 17:39 - 2014-04-10 10:05 - 00000000 ____D () C:\Windows\ERDNT
2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
2014-04-09 17:30 - 2014-04-09 17:31 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-09 14:41 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-09 14:40 - 2014-04-09 14:41 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-09 14:37 - 2014-04-09 14:41 - 00012827 _____ () C:\Windows\IE11_main.log
2014-04-09 13:45 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-04-09 13:45 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-04-09 11:36 - 2014-04-09 11:49 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-04-09 11:21 - 2014-04-09 11:23 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
2014-04-08 20:35 - 2014-04-09 13:43 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
2014-04-08 15:45 - 2014-04-08 20:55 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-08 15:45 - 2014-04-08 20:54 - 00000000 ____D () C:\$AVG
2014-04-08 15:40 - 2014-04-09 12:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-08 15:40 - 2014-04-09 09:22 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-03-19 12:39 - 2014-03-19 12:40 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle

==================== One Month Modified Files and Folders =======

2014-04-18 09:34 - 2010-11-21 13:35 - 00000072 _____ () C:\Users\Public\LMDebug.log
2014-04-18 09:33 - 2014-04-10 12:57 - 00037921 _____ () C:\Users\April Bowers Agency\Downloads\FRST.txt
2014-04-18 09:33 - 2010-09-20 19:27 - 02051373 _____ () C:\Windows\WindowsUpdate.log
2014-04-18 09:31 - 2014-04-14 09:21 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 09:31 - 2014-04-14 09:21 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 09:29 - 2014-04-18 09:29 - 00000000 ____D () C:\Users\April Bowers Agency\Downloads\FRST-OlderVersion
2014-04-18 09:29 - 2014-04-10 12:57 - 02158592 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FRST64.exe
2014-04-18 09:29 - 2014-04-10 12:57 - 00000000 ____D () C:\FRST
2014-04-18 09:25 - 2014-04-17 17:35 - 00000086 _____ () C:\Windows\system32\tuflbf.xus
2014-04-18 09:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-18 09:22 - 2009-07-13 23:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-18 09:17 - 2014-04-09 20:33 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 09:16 - 2014-04-17 17:28 - 00037888 _____ () C:\Windows\system32\qjkhykp.ldz
2014-04-18 09:16 - 2014-04-17 17:25 - 00000109 _____ () C:\Windows\system32\uyhkvj.mnr
2014-04-18 09:13 - 2011-01-18 10:18 - 00042602 _____ () C:\Windows\setupact.log
2014-04-18 09:13 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-17 18:27 - 2012-12-09 19:46 - 00000388 _____ () C:\Windows\Tasks\HPCeeScheduleForApril Bowers Agency.job
2014-04-17 17:57 - 2012-05-08 08:47 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-17 17:44 - 2013-11-13 09:55 - 00003458 _____ () C:\Windows\System32\Tasks\IE11
2014-04-17 17:42 - 2014-04-17 16:11 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\RK_Quarantine
2014-04-17 17:25 - 2014-04-17 17:25 - 00000064 _____ () C:\Windows\system32\liroxn.ase
2014-04-17 17:24 - 2010-09-20 21:48 - 00825168 _____ () C:\Windows\PFRO.log
2014-04-17 17:09 - 2014-04-17 17:09 - 00301959 ____S () C:\Windows\system32\jvfaz.ofr
2014-04-17 17:09 - 2014-04-17 17:09 - 00245760 _____ (Applied Systems) C:\Users\April Bowers Agency\AppData\Roaming\yxxqj.dll
2014-04-17 17:05 - 2014-04-17 17:05 - 00409600 _____ (Farbar) C:\Users\April Bowers Agency\Downloads\FSS.exe
2014-04-17 17:05 - 2014-04-17 17:05 - 00002249 _____ () C:\Users\April Bowers Agency\Desktop\FSS.txt
2014-04-17 16:26 - 2014-04-17 16:26 - 04139360 _____ (Kaspersky Lab ZAO) C:\Users\April Bowers Agency\Desktop\tdsskiller.exe
2014-04-17 16:16 - 2014-04-17 16:16 - 00003314 _____ () C:\Users\April Bowers Agency\Desktop\RKreport[0]_S_04172014_161650.txt
2014-04-17 12:15 - 2014-03-11 16:06 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\easy file
2014-04-17 09:23 - 2013-05-06 08:53 - 00003458 _____ () C:\Windows\System32\Tasks\IE10
2014-04-16 14:46 - 2012-08-22 13:42 - 00000000 ____D () C:\Quarantine
2014-04-15 09:30 - 2014-04-15 09:30 - 00002022 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-15 09:29 - 2014-04-15 09:28 - 50837888 _____ (Adobe Systems Incorporated) C:\Users\April Bowers Agency\Downloads\AdbeRdr11006_en_US.exe
2014-04-15 09:29 - 2010-11-20 10:13 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-04-15 09:29 - 2010-11-19 20:52 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-15 09:10 - 2014-04-15 09:10 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\CrashDumps
2014-04-15 00:33 - 2010-09-20 19:28 - 00000000 ____D () C:\ProgramData\PDFC
2014-04-14 15:02 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-14 14:26 - 2011-03-16 10:04 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\ScanPoint
2014-04-14 14:23 - 2014-04-14 14:23 - 00002609 _____ () C:\Users\Public\Desktop\DocBuild Plus.lnk
2014-04-14 14:23 - 2014-04-14 14:23 - 00001446 _____ () C:\Users\Public\Desktop\Docs.lnk
2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\SureScan
2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\ScanPoint Printer
2014-04-14 14:23 - 2014-04-14 14:23 - 00000000 ____D () C:\Windows\DocBuild
2014-04-14 14:23 - 2014-01-31 14:11 - 00000000 ____D () C:\ActMask
2014-04-14 14:22 - 2012-06-26 10:19 - 00000000 ____D () C:\Windows\SysWOW64\sigplus
2014-04-14 14:22 - 2011-03-16 09:55 - 00000000 ____D () C:\Program Files (x86)\ScanPoint
2014-04-14 14:22 - 2011-03-16 09:55 - 00000000 ____D () C:\EFData
2014-04-14 13:03 - 2011-01-13 11:06 - 00000000 ____D () C:\Windows\pss
2014-04-14 12:50 - 2014-04-14 12:50 - 00001008 _____ () C:\Users\April Bowers Agency\Desktop\checkup.txt
2014-04-14 12:49 - 2014-04-14 12:49 - 00987448 _____ () C:\Users\April Bowers Agency\Desktop\SecurityCheck.exe
2014-04-14 12:48 - 2014-04-14 12:48 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck (1).exe
2014-04-14 12:48 - 2014-04-14 12:48 - 00003450 _____ () C:\Users\April Bowers Agency\Desktop\HitmanPro_20140414_1248.log
2014-04-14 12:48 - 2014-04-14 12:34 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-14 11:44 - 2014-04-14 11:43 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\New folder
2014-04-14 10:01 - 2010-11-22 10:42 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Deployment
2014-04-14 10:00 - 2010-11-22 10:42 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Apps\2.0
2014-04-14 09:35 - 2011-05-23 14:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-14 09:34 - 2011-05-23 14:50 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Google
2014-04-14 09:34 - 2010-11-19 23:06 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Adobe
2014-04-14 09:26 - 2014-04-14 09:21 - 00003920 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-14 09:26 - 2014-04-14 09:21 - 00003668 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-14 09:22 - 2011-05-23 14:50 - 00000000 ____D () C:\Program Files\Google
2014-04-14 09:22 - 2011-05-23 14:49 - 00000000 ____D () C:\ProgramData\Google
2014-04-14 09:21 - 2012-05-08 08:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-14 09:21 - 2012-05-08 08:47 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-14 09:21 - 2011-10-11 08:23 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-12 12:27 - 2012-12-09 19:46 - 00003270 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForApril Bowers Agency
2014-04-12 12:27 - 2012-02-18 13:51 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-04-12 12:27 - 2010-11-20 10:23 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-04-10 18:12 - 2014-04-10 18:00 - 00000898 _____ () C:\Users\April Bowers Agency\Downloads\Search.txt
2014-04-10 13:46 - 2014-04-10 13:46 - 00032948 _____ () C:\Users\April Bowers Agency\Desktop\Addition.txt
2014-04-10 12:59 - 2014-04-10 09:17 - 00032948 _____ () C:\Users\April Bowers Agency\Downloads\Addition.txt
2014-04-10 10:05 - 2014-04-09 17:39 - 00000000 ____D () C:\Windows\ERDNT
2014-04-10 09:41 - 2014-04-10 09:41 - 00987448 _____ () C:\Users\April Bowers Agency\Downloads\SecurityCheck.exe
2014-04-09 22:04 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Speech
2014-04-09 21:46 - 2014-04-09 21:46 - 00001109 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 21:46 - 2014-04-09 21:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 21:46 - 2013-08-22 09:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 21:45 - 2014-04-09 21:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\April Bowers Agency\Downloads\mbam-setup-2.0.1.1004.exe
2014-04-09 21:34 - 2012-05-02 14:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-09 21:22 - 2014-04-09 21:05 - 00012217 _____ () C:\Users\April Bowers Agency\Desktop\LABELS.odt
2014-04-09 21:13 - 2014-04-09 21:13 - 01016261 _____ (Thisisu) C:\Users\April Bowers Agency\Downloads\JRT.exe
2014-04-09 21:13 - 2014-04-09 21:13 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 21:01 - 2014-04-09 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-09 20:32 - 2014-04-09 20:32 - 12589848 _____ (Malwarebytes Corp.) C:\Users\April Bowers Agency\Downloads\mbar-1.07.0.1009.exe
2014-04-09 20:05 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-09 19:56 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default
2014-04-09 19:41 - 2010-11-19 09:52 - 00000000 ____D () C:\Users\April Bowers Agency
2014-04-09 19:11 - 2009-07-13 23:45 - 00302176 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-09 17:40 - 2014-04-09 17:40 - 04527616 _____ () C:\Users\April Bowers Agency\Downloads\RogueKillerX64.exe
2014-04-09 17:39 - 2014-04-09 17:39 - 00000931 _____ () C:\Users\April Bowers Agency\Desktop\NTREGOPT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000912 _____ () C:\Users\April Bowers Agency\Desktop\ERUNT.lnk
2014-04-09 17:39 - 2014-04-09 17:39 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-04-09 17:38 - 2014-04-09 17:38 - 00791393 _____ (Lars Hederer ) C:\Users\April Bowers Agency\Downloads\erunt-setup.exe
2014-04-09 17:31 - 2014-04-09 17:30 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\April Bowers Agency\Downloads\rkill.exe
2014-04-09 15:54 - 2010-11-19 09:53 - 00068736 _____ () C:\Users\April Bowers Agency\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-09 15:26 - 2014-04-09 15:26 - 26747104 _____ (Microsoft Corporation) C:\Users\April Bowers Agency\Downloads\Windows-KB890830-x64-V5.11.exe
2014-04-09 14:41 - 2014-04-09 14:40 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-04-09 14:41 - 2014-04-09 14:37 - 00012827 _____ () C:\Windows\IE11_main.log
2014-04-09 13:43 - 2014-04-08 20:35 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\QuickScan
2014-04-09 13:19 - 2013-08-14 18:33 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 12:51 - 2014-04-08 15:40 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-09 12:51 - 2014-01-24 10:31 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\ICAClient
2014-04-09 12:51 - 2013-04-26 08:59 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-04-09 12:51 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Network Associates
2014-04-09 12:51 - 2010-09-20 19:39 - 00000000 ____D () C:\ProgramData\CinemaNow
2014-04-09 12:51 - 2009-07-14 02:44 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-09 12:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2014-04-09 11:49 - 2014-04-09 11:36 - 00000000 ____D () C:\ProgramData\BoostSoftware
2014-04-09 11:23 - 2014-04-09 11:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Spotify
2014-04-09 09:22 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\Avg2014
2014-04-08 20:55 - 2014-04-08 15:45 - 00000000 ____D () C:\ProgramData\AVG2014
2014-04-08 20:54 - 2014-04-08 15:45 - 00000000 ____D () C:\$AVG
2014-04-08 20:41 - 2012-09-28 18:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\tiffs hours
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-04-08 19:51 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-04-08 19:51 - 2014-01-20 11:02 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\files for system
2014-04-08 18:03 - 2012-04-27 14:35 - 00000160 _____ () C:\Windows\setscan.ini
2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\ProgramData\LogMeIn
2014-04-08 17:11 - 2011-03-28 10:52 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-04-08 16:47 - 2010-11-19 14:08 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-08 15:49 - 2014-04-08 15:49 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\AVG2014
2014-04-08 15:47 - 2014-04-08 15:47 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\TuneUp Software
2014-04-08 15:40 - 2014-04-08 15:40 - 04435328 _____ (AVG Technologies) C:\Users\April Bowers Agency\Downloads\avg_avct_stb_all_2014_4158_futuretest3.exe
2014-04-08 15:40 - 2014-04-08 15:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Local\MFAData
2014-04-08 13:20 - 2014-01-27 15:44 - 00000000 _____ () C:\Users\April Bowers Agency\Documents\MetroFax_4_4_Port
2014-04-08 10:29 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 17:21 - 2014-04-04 17:21 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\LavasoftStatistics
2014-04-04 17:09 - 2014-04-04 17:09 - 00000000 ____D () C:\ProgramData\BitDefender
2014-04-04 16:58 - 2014-04-04 16:58 - 00000000 ____D () C:\Program Files\Lavasoft
2014-04-04 16:55 - 2014-04-04 16:55 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-04-04 16:12 - 2011-03-22 13:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\April Bowers Agency Info
2014-04-04 14:33 - 2012-05-17 12:05 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\marketing tiffs
2014-04-03 09:51 - 2014-04-09 21:46 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:51 - 2014-04-09 20:33 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-04-09 21:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 09:35 - 2010-11-19 10:10 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2010-11-20 10:16 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-25 14:04 - 2012-05-07 14:38 - 00000000 ____D () C:\Users\April Bowers Agency\Desktop\LETTERS, NOTICES TO USE
2014-03-20 14:40 - 2014-03-20 14:40 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\OpenOffice
2014-03-19 12:41 - 2014-03-19 12:41 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2014-03-19 12:40 - 2014-03-19 12:39 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-03-19 12:23 - 2010-11-19 22:14 - 00000000 ____D () C:\Program Files (x86)\OpenOffice.org 3
2014-03-19 12:13 - 2014-03-19 12:13 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-03-19 12:13 - 2014-03-19 12:13 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-03-19 12:12 - 2014-03-19 12:12 - 00000000 ____D () C:\Program Files\Java
2014-03-19 11:56 - 2014-03-19 11:56 - 00000000 ____D () C:\Users\April Bowers Agency\AppData\Roaming\Oracle
2014-03-19 11:56 - 2013-10-25 17:23 - 00000000 ____D () C:\ProgramData\Oracle

Some content of TEMP:
====================
C:\Users\April Bowers Agency\AppData\Local\Temp\ntdll_dump.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2011-06-27 17:50] - [2010-11-20 08:27] - 0515072 ____A (Microsoft Corporation) EB99360B85445FD5FE75E35F77C407DB

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 00:39

==================== End Of Log ============================

 

i also did what we did lat time with search rpcss.ddll its in pastebin:    http://pastebin.com/ahtQT9NJ

 

(ALSO ITS SEARCHNET.BLINKXCORE.COM IN THE SVC HOST... THAT MALWARE IS BLOCKING.. ) ANOTHER NOTICE JUST POPPED UP

Link to post
Share on other sites
TIFFTRISS

TIFFTRISS

Posted
  • Author
Posted

sorry.. i pasted the pop up text in pastebin link in last reply..... but it was not the search.text.. here is the search text for rpcss.dll

 

Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by April Bowers Agency at 2014-04-10 18:00:00
Running from C:\Users\April Bowers Agency\Downloads
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2011-06-27 17:50] - [2010-11-20 08:27] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\Windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7600.16385_none_c5bfcda3579104e3\rpcss.dll
[2009-07-13 19:00] - [2009-07-13 20:41] - 0509440 ____A (Microsoft Corporation) 7266972E86890E2B30C0C322E906B027

C:\Windows\System32\rpcss.dll
[2011-06-27 17:50] - [2010-11-20 08:27] - 0520192 ____A (Microsoft Corporation) BA54484B31B036EE87483A360EC0EA55

====== End Of Search ======

 

 

Link to post
Share on other sites
B-boy/StyLe/

B-boy/StyLe/

Posted
Posted

Hello,

 

Yes, it seems that your pc was reinfected with the newest version of Zekos (aka Pigeon or Blackbeard).

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Also can you please go to C:\FRST\Quarantine and right click on the folder, select send to compressed(zip) folder that will make a zipped copy of this folder.
Then please upload it to my channel => http://www.bleepingcomputer.com/submit-malware.php?channel=122

 

 

Regards,

Georgi

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.