Trojaner-Board - WIN / 32 bit BKA .BK .BPD Virus Befall

here we go

#

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.02.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
pe130296 :: PE1302961 [administrator]

09.02.2014 15:07:11
mbam-log-2014-02-09 (15-07-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 562750
Time elapsed: 2 hour(s), 33 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\FRST\Quarantine\2jr9o2jz.cpp07-02-2014_15-25-06 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\pe130296\AppData\Local\Temp\old_~4874249892318953491.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\pe130296\Downloads\SoftonicDownloader_for_hp-12c-platinum.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\pe130296\Downloads\sweetimsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

(end)AdwCleaner Logfile:

Code:

# AdwCleaner v3.018 - Report created 09/02/2014 at 18:10:40

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : pe130296 - PE1302961

# Running from : C:\Users\pe130296\Desktop\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

Folder Deleted : C:\Program Files (x86)\myfree codec
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKCU\Software\Myfree Codec

Key Deleted : HKLM\Software\Myfree Codec

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v10.0.9200.16736
 
 

*************************
 

AdwCleaner[R0].txt - [2151 octets] - [09/02/2014 17:50:03]

AdwCleaner[S0].txt - [1982 octets] - [09/02/2014 18:10:40]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2042 octets] ##########

--- --- ---

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Enterprise x64
Ran by pe130296 on 09.02.2014 at 18:24:33,42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1957994488-842925246-40105171-193186\Software\sweetim

~~~ Files

~~~ Folders

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.02.2014 at 18:31:14,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 02

Ran by pe130296 (administrator) on PE1302961 on 09-02-2014 18:56:49

Running from C:\Users\pe130296\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
 

==================== Processes (Whitelisted) =================
 

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\AgentService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radalert.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

() C:\Program Files (x86)\Products\Time Service\svctimehpc.exe

(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe

(Microsoft Corporation) C:\Windows\vVX3000.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE

(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

() C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\Agent.exe

() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)

HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)

HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [31080 2010-08-19] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-15] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927928 2012-05-18] (Synaptics Incorporated)

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)

HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2012-12-18] (Hewlett-Packard Company)

HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)

HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.)

HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [176128 2011-04-02] (Hewlett-Packard Company)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)

HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPConnectionManager] - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-04-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2011-08-31] (McAfee, Inc.)

HKLM-x32\...\Run: [SafeBootTrayManager] - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe [69632 2009-08-19] ()

HKLM-x32\...\Run: [SafeBootTokenWatcher] - C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe [172092 2011-09-15] (McAfee, Inc.)

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)

HKLM-x32\...\Run: [PlantronicsURE.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [299856 2012-11-28] (Autonomy Corporation plc)

HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoWebServices] 1

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\...\Policies\Explorer: [NoPublishingWizard] 1

HKLM\...\Policies\Explorer: [NoAutorun] 1

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)

Lsa: [Notification Packages] sbnp scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\old_zj2o9rj2.lnk

ShortcutTarget: old_zj2o9rj2.lnk -> C:\PROGRA~3\2jr9o2jz.cpp (No File)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = hxxp://search.portal.hp.com/search/simple.asp?query={searchTerms}

SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: DIALux Browser Helper Object - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll (DIAL GmbH)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g5t0073.atlanta.hp.com/hp/HPPKI.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://forrester.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 195.202.138.3 195.202.128.3 62.40.128.2
 

==================== Services (Whitelisted) =================
 

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-26] (Adobe Systems)

R2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6777680 2012-11-28] (Autonomy Corporation plc)

S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1931536 2013-03-29] (DIAL GmbH)

R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)

R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2010-08-19] (Microsoft Corporation)

R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-12-16] (McAfee, Inc.)

R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2011-08-31] (McAfee, Inc.)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)

R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2011-08-31] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2011-08-31] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-08-31] (McAfee, Inc.)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

R2 radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [300776 2010-04-21] (Hewlett-Packard)

R2 radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [190184 2010-04-21] (Hewlett-Packard)

R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [333544 2010-04-21] (Hewlett-Packard)

R2 SafeBootClientManager; C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [385084 2011-09-15] (McAfee, Inc.)

R2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 

==================== Drivers (Whitelisted) ====================
 

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)

R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)

S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)

R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)

R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)

R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.)

R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.)

R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)

R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)

S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()

R3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2013-05-08] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158584 2011-08-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-08-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642824 2011-08-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-08-31] (McAfee, Inc.)

S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-08-31] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-08-31] (McAfee, Inc.)

R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [43032 2010-01-13] (Hewlett Packard)

R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [62792 2011-09-15] ()

R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [62792 2011-09-15] (McAfee, Inc.)

R0 SBAlg; C:\Windows\System32\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R0 SBAlg; C:\Windows\SysWow64\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R1 SbFlop; C:\Windows\System32\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R1 SbFlop; C:\Windows\SysWow64\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\System32\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\SysWow64\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25912 2012-05-18] (Synaptics Incorporated)

S3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [26936 2012-05-18] (Synaptics Incorporated)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]

S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-09 18:56 - 2014-02-09 18:56 - 02170880 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-09 18:56 - 2014-02-09 18:56 - 00025223 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-09 18:46 - 2014-02-09 18:46 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003122 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003098 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-09 18:45 - 2010-01-26 18:56 - 00040328 _____ (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll

2014-02-09 18:45 - 2010-01-26 18:44 - 00047080 _____ (McAfee, Inc.) C:\Windows\system32\HIPIS0e011b5.dll

2014-02-09 18:31 - 2014-02-09 18:44 - 00000815 _____ () C:\Users\pe130296\Desktop\JRT.txt

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:17 - 2014-02-09 18:22 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 18:13 - 2014-02-09 18:13 - 00002130 _____ () C:\Users\pe130296\Desktop\AdwCleaner[S0].txt

2014-02-09 17:49 - 2014-02-09 18:10 - 00000000 ____D () C:\AdwCleaner

2014-02-09 17:32 - 2014-02-09 17:32 - 01166132 _____ () C:\Users\pe130296\Desktop\adwcleaner.exe

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-01-26 18:00 - 2014-01-26 18:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:40 - 2014-01-26 17:46 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg
 

==================== One Month Modified Files and Folders =======
 

2014-02-09 18:57 - 2014-02-09 18:56 - 00025223 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-09 18:56 - 2014-02-09 18:56 - 02170880 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-09 18:56 - 2013-07-06 15:13 - 00000000 ____D () C:\FRST

2014-02-09 18:53 - 2013-07-06 14:28 - 00006352 _____ () C:\Windows\system32\PerfStringBackup.TMP

2014-02-09 18:52 - 2013-04-26 09:32 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-09 18:52 - 2013-04-26 09:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-09 18:48 - 2013-04-24 11:32 - 00003322 _____ () C:\Windows\System32\Tasks\Smart Client

2014-02-09 18:46 - 2014-02-09 18:46 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003122 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003098 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-09 18:46 - 2013-05-28 07:54 - 00003244 _____ () C:\Windows\System32\Tasks\pcpm-collector

2014-02-09 18:46 - 2013-05-28 07:54 - 00002906 _____ () C:\Windows\System32\Tasks\pcpm-consolidator

2014-02-09 18:46 - 2013-05-28 07:54 - 00000314 _____ () C:\Windows\Tasks\pcpm-consolidator.job

2014-02-09 18:46 - 2013-05-28 07:54 - 00000308 _____ () C:\Windows\Tasks\pcpm-collector.job

2014-02-09 18:46 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\tracing

2014-02-09 18:45 - 2013-04-29 08:46 - 00000000 ____D () C:\Program Files (x86)\PC Backup

2014-02-09 18:45 - 2013-04-24 11:23 - 00002882 _____ () C:\Windows\System32\Tasks\Maint

2014-02-09 18:45 - 2013-04-24 11:23 - 00000290 _____ () C:\Windows\Tasks\Maint.job

2014-02-09 18:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-09 18:45 - 2009-07-14 05:51 - 00084959 _____ () C:\Windows\setupact.log

2014-02-09 18:44 - 2014-02-09 18:31 - 00000815 _____ () C:\Users\pe130296\Desktop\JRT.txt

2014-02-09 18:44 - 2013-04-24 10:58 - 01327363 _____ () C:\Windows\WindowsUpdate.log

2014-02-09 18:44 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-09 18:44 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:22 - 2014-02-09 18:17 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 18:15 - 2013-10-12 13:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-09 18:13 - 2014-02-09 18:13 - 00002130 _____ () C:\Users\pe130296\Desktop\AdwCleaner[S0].txt

2014-02-09 18:10 - 2014-02-09 17:49 - 00000000 ____D () C:\AdwCleaner

2014-02-09 18:10 - 2013-07-09 07:22 - 00000000 ____D () C:\data

2014-02-09 18:10 - 2013-04-24 20:54 - 00000000 ____D () C:\mail

2014-02-09 17:50 - 2013-04-24 11:32 - 00000000 ____D () C:\Program Files (x86)\SmartClient

2014-02-09 17:46 - 2013-04-24 20:56 - 00000000 ____D () C:\Quarantine

2014-02-09 17:45 - 2010-11-21 04:47 - 00022538 _____ () C:\Windows\PFRO.log

2014-02-09 17:32 - 2014-02-09 17:32 - 01166132 _____ () C:\Users\pe130296\Desktop\adwcleaner.exe

2014-02-09 14:46 - 2013-07-09 05:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-09 07:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-02-09 07:37 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Local\Adobe

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-02-07 15:25 - 2013-04-24 10:56 - 00000000 ____D () C:\Users\Administrator

2014-02-07 15:25 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-02-07 14:58 - 2013-04-24 11:23 - 00000000 ___RD () C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-07 13:49 - 2013-04-24 11:32 - 00000000 ____D () C:\Windows\SmartClient

2014-02-07 13:44 - 2013-05-08 13:31 - 00000000 ____D () C:\ProgramData\Time Service

2014-02-06 16:49 - 2013-07-06 12:04 - 00004552 _____ () C:\Windows\system32\config\netlogon.ftl

2014-02-06 16:49 - 2013-04-24 11:23 - 00028152 __RSH () C:\Users\pe130296\ntuser.pol

2014-02-06 16:49 - 2013-04-24 11:22 - 00000000 ____D () C:\Users\pe130296

2014-02-06 16:16 - 2012-05-15 14:05 - 00122111 __RSH () C:\ProgramData\ntuser.pol

2014-02-06 11:55 - 2013-04-24 20:59 - 00000000 ____D () C:\Users\pe130296\AppData\Local\CrashDumps

2014-02-05 15:15 - 2013-10-12 13:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-05 15:15 - 2013-07-11 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-05 15:15 - 2013-07-11 08:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-05 10:42 - 2012-05-15 14:27 - 00000000 ____D () C:\Program Files\RA2HP

2014-02-04 16:06 - 2013-04-24 20:56 - 00000000 ____D () C:\Users\pe130296\Documents\!!!Privat

2014-01-27 08:53 - 2013-04-24 20:54 - 00000000 ___RD () C:\Users\pe130296\Desktop\CEE HP

2014-01-26 18:03 - 2014-01-26 18:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:56 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Adobe

2014-01-26 17:52 - 2013-09-26 10:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-01-26 17:52 - 2012-05-15 13:07 - 00000000 ____D () C:\ProgramData\Adobe

2014-01-26 17:50 - 2013-09-26 10:13 - 00000000 ____D () C:\Program Files\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:46 - 2014-01-26 17:40 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:36 - 2013-05-02 18:13 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Steinberg

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-20 15:08 - 2012-05-15 12:54 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg

2014-01-16 08:27 - 2013-04-24 20:56 - 00000000 ___RD () C:\Users\pe130296\Desktop\OrderFunnel

2014-01-15 17:06 - 2013-04-24 22:14 - 00000000 ___RD () C:\Users\pe130296\Documents\TS Ops CEE

2014-01-15 10:40 - 2013-04-24 21:47 - 00000000 ____D () C:\Users\pe130296\Documents\!LBS
 

Files to move or delete:

====================

C:\ProgramData\PKP_DLet.DAT

C:\ProgramData\PKP_DLev.DAT
 
 

Some content of TEMP:

====================

C:\Users\pe130296\AppData\Local\Temp\2SKKKKKKK.exe

C:\Users\pe130296\AppData\Local\Temp\AutoUpdate.exe

C:\Users\pe130296\AppData\Local\Temp\CpqMC.dll

C:\Users\pe130296\AppData\Local\Temp\i4jdel0.exe

C:\Users\pe130296\AppData\Local\Temp\psWinControl.dll

C:\Users\pe130296\AppData\Local\Temp\Quarantine.exe

C:\Users\pe130296\AppData\Local\Temp\RA_LOG.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-08 00:11
 

==================== End Of Log ============================

--- --- ---

--- --- ---

here we go

#

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware

Database version: v2014.02.09.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
pe130296 :: PE1302961 [administrator]

09.02.2014 15:07:11
mbam-log-2014-02-09 (15-07-11).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 562750
Time elapsed: 2 hour(s), 33 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\FRST\Quarantine\2jr9o2jz.cpp07-02-2014_15-25-06 (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\pe130296\AppData\Local\Temp\old_~4874249892318953491.dll (Trojan.FakeMS) -> Quarantined and deleted successfully.
C:\Users\pe130296\Downloads\SoftonicDownloader_for_hp-12c-platinum.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\pe130296\Downloads\sweetimsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.

(end)AdwCleaner Logfile:

Code:

# AdwCleaner v3.018 - Report created 09/02/2014 at 18:10:40

# Updated 28/01/2014 by Xplode

# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)

# Username : pe130296 - PE1302961

# Running from : C:\Users\pe130296\Desktop\adwcleaner.exe

# Option : Clean
 

***** [ Services ] *****
 
 

***** [ Files / Folders ] *****
 

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

Folder Deleted : C:\Program Files (x86)\myfree codec
 

***** [ Shortcuts ] *****
 
 

***** [ Registry ] *****
 

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

Key Deleted : HKCU\Software\Myfree Codec

Key Deleted : HKLM\Software\Myfree Codec

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
 

***** [ Browsers ] *****
 

-\\ Internet Explorer v10.0.9200.16736
 
 

*************************
 

AdwCleaner[R0].txt - [2151 octets] - [09/02/2014 17:50:03]

AdwCleaner[S0].txt - [1982 octets] - [09/02/2014 18:10:40]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2042 octets] ##########

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-02-2014 02

Ran by pe130296 (administrator) on PE1302961 on 09-02-2014 18:56:49

Running from C:\Users\pe130296\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
 

==================== Processes (Whitelisted) =================
 

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\AgentService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radalert.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

() C:\Program Files (x86)\Products\Time Service\svctimehpc.exe

(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe

(Microsoft Corporation) C:\Windows\vVX3000.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE

(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

() C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\Agent.exe

() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)

HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)

HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [31080 2010-08-19] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-15] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927928 2012-05-18] (Synaptics Incorporated)

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)

HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2012-12-18] (Hewlett-Packard Company)

HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)

HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.)

HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [176128 2011-04-02] (Hewlett-Packard Company)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)

HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPConnectionManager] - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-04-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2011-08-31] (McAfee, Inc.)

HKLM-x32\...\Run: [SafeBootTrayManager] - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe [69632 2009-08-19] ()

HKLM-x32\...\Run: [SafeBootTokenWatcher] - C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe [172092 2011-09-15] (McAfee, Inc.)

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)

HKLM-x32\...\Run: [PlantronicsURE.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [299856 2012-11-28] (Autonomy Corporation plc)

HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoWebServices] 1

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\...\Policies\Explorer: [NoPublishingWizard] 1

HKLM\...\Policies\Explorer: [NoAutorun] 1

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)

Lsa: [Notification Packages] sbnp scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\old_zj2o9rj2.lnk

ShortcutTarget: old_zj2o9rj2.lnk -> C:\PROGRA~3\2jr9o2jz.cpp (No File)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = hxxp://search.portal.hp.com/search/simple.asp?query={searchTerms}

SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: DIALux Browser Helper Object - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll (DIAL GmbH)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g5t0073.atlanta.hp.com/hp/HPPKI.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://forrester.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 195.202.138.3 195.202.128.3 62.40.128.2
 

==================== Services (Whitelisted) =================
 

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-26] (Adobe Systems)

R2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6777680 2012-11-28] (Autonomy Corporation plc)

S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1931536 2013-03-29] (DIAL GmbH)

R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)

R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2010-08-19] (Microsoft Corporation)

R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-12-16] (McAfee, Inc.)

R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2011-08-31] (McAfee, Inc.)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)

R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2011-08-31] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2011-08-31] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-08-31] (McAfee, Inc.)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

R2 radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [300776 2010-04-21] (Hewlett-Packard)

R2 radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [190184 2010-04-21] (Hewlett-Packard)

R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [333544 2010-04-21] (Hewlett-Packard)

R2 SafeBootClientManager; C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [385084 2011-09-15] (McAfee, Inc.)

R2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 

==================== Drivers (Whitelisted) ====================
 

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)

R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)

S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)

R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)

R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)

R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.)

R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.)

R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)

R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)

S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()

R3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2013-05-08] ()

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158584 2011-08-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-08-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642824 2011-08-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-08-31] (McAfee, Inc.)

S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-08-31] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-08-31] (McAfee, Inc.)

R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [43032 2010-01-13] (Hewlett Packard)

R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [62792 2011-09-15] ()

R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [62792 2011-09-15] (McAfee, Inc.)

R0 SBAlg; C:\Windows\System32\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R0 SBAlg; C:\Windows\SysWow64\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R1 SbFlop; C:\Windows\System32\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R1 SbFlop; C:\Windows\SysWow64\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\System32\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\SysWow64\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25912 2012-05-18] (Synaptics Incorporated)

S3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [26936 2012-05-18] (Synaptics Incorporated)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]

S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-09 18:56 - 2014-02-09 18:56 - 02170880 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-09 18:56 - 2014-02-09 18:56 - 00025223 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-09 18:46 - 2014-02-09 18:46 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003122 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003098 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-09 18:45 - 2010-01-26 18:56 - 00040328 _____ (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll

2014-02-09 18:45 - 2010-01-26 18:44 - 00047080 _____ (McAfee, Inc.) C:\Windows\system32\HIPIS0e011b5.dll

2014-02-09 18:31 - 2014-02-09 18:44 - 00000815 _____ () C:\Users\pe130296\Desktop\JRT.txt

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:17 - 2014-02-09 18:22 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 18:13 - 2014-02-09 18:13 - 00002130 _____ () C:\Users\pe130296\Desktop\AdwCleaner[S0].txt

2014-02-09 17:49 - 2014-02-09 18:10 - 00000000 ____D () C:\AdwCleaner

2014-02-09 17:32 - 2014-02-09 17:32 - 01166132 _____ () C:\Users\pe130296\Desktop\adwcleaner.exe

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-01-26 18:00 - 2014-01-26 18:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:40 - 2014-01-26 17:46 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg
 

==================== One Month Modified Files and Folders =======
 

2014-02-09 18:57 - 2014-02-09 18:56 - 00025223 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-09 18:56 - 2014-02-09 18:56 - 02170880 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-09 18:56 - 2013-07-06 15:13 - 00000000 ____D () C:\FRST

2014-02-09 18:53 - 2013-07-06 14:28 - 00006352 _____ () C:\Windows\system32\PerfStringBackup.TMP

2014-02-09 18:52 - 2013-04-26 09:32 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-09 18:52 - 2013-04-26 09:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-09 18:48 - 2013-04-24 11:32 - 00003322 _____ () C:\Windows\System32\Tasks\Smart Client

2014-02-09 18:46 - 2014-02-09 18:46 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003122 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003098 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-09 18:46 - 2014-02-09 18:46 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-09 18:46 - 2014-02-09 18:46 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-09 18:46 - 2014-02-09 18:46 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-09 18:46 - 2014-02-09 18:46 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-09 18:46 - 2013-05-28 07:54 - 00003244 _____ () C:\Windows\System32\Tasks\pcpm-collector

2014-02-09 18:46 - 2013-05-28 07:54 - 00002906 _____ () C:\Windows\System32\Tasks\pcpm-consolidator

2014-02-09 18:46 - 2013-05-28 07:54 - 00000314 _____ () C:\Windows\Tasks\pcpm-consolidator.job

2014-02-09 18:46 - 2013-05-28 07:54 - 00000308 _____ () C:\Windows\Tasks\pcpm-collector.job

2014-02-09 18:46 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\tracing

2014-02-09 18:45 - 2013-04-29 08:46 - 00000000 ____D () C:\Program Files (x86)\PC Backup

2014-02-09 18:45 - 2013-04-24 11:23 - 00002882 _____ () C:\Windows\System32\Tasks\Maint

2014-02-09 18:45 - 2013-04-24 11:23 - 00000290 _____ () C:\Windows\Tasks\Maint.job

2014-02-09 18:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-09 18:45 - 2009-07-14 05:51 - 00084959 _____ () C:\Windows\setupact.log

2014-02-09 18:44 - 2014-02-09 18:31 - 00000815 _____ () C:\Users\pe130296\Desktop\JRT.txt

2014-02-09 18:44 - 2013-04-24 10:58 - 01327363 _____ () C:\Windows\WindowsUpdate.log

2014-02-09 18:44 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-09 18:44 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:22 - 2014-02-09 18:17 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 18:15 - 2013-10-12 13:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-09 18:13 - 2014-02-09 18:13 - 00002130 _____ () C:\Users\pe130296\Desktop\AdwCleaner[S0].txt

2014-02-09 18:10 - 2014-02-09 17:49 - 00000000 ____D () C:\AdwCleaner

2014-02-09 18:10 - 2013-07-09 07:22 - 00000000 ____D () C:\data

2014-02-09 18:10 - 2013-04-24 20:54 - 00000000 ____D () C:\mail

2014-02-09 17:50 - 2013-04-24 11:32 - 00000000 ____D () C:\Program Files (x86)\SmartClient

2014-02-09 17:46 - 2013-04-24 20:56 - 00000000 ____D () C:\Quarantine

2014-02-09 17:45 - 2010-11-21 04:47 - 00022538 _____ () C:\Windows\PFRO.log

2014-02-09 17:32 - 2014-02-09 17:32 - 01166132 _____ () C:\Users\pe130296\Desktop\adwcleaner.exe

2014-02-09 14:46 - 2013-07-09 05:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-09 07:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-02-09 07:37 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Local\Adobe

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-02-07 15:25 - 2013-04-24 10:56 - 00000000 ____D () C:\Users\Administrator

2014-02-07 15:25 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-02-07 14:58 - 2013-04-24 11:23 - 00000000 ___RD () C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-07 13:49 - 2013-04-24 11:32 - 00000000 ____D () C:\Windows\SmartClient

2014-02-07 13:44 - 2013-05-08 13:31 - 00000000 ____D () C:\ProgramData\Time Service

2014-02-06 16:49 - 2013-07-06 12:04 - 00004552 _____ () C:\Windows\system32\config\netlogon.ftl

2014-02-06 16:49 - 2013-04-24 11:23 - 00028152 __RSH () C:\Users\pe130296\ntuser.pol

2014-02-06 16:49 - 2013-04-24 11:22 - 00000000 ____D () C:\Users\pe130296

2014-02-06 16:16 - 2012-05-15 14:05 - 00122111 __RSH () C:\ProgramData\ntuser.pol

2014-02-06 11:55 - 2013-04-24 20:59 - 00000000 ____D () C:\Users\pe130296\AppData\Local\CrashDumps

2014-02-05 15:15 - 2013-10-12 13:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-05 15:15 - 2013-07-11 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-05 15:15 - 2013-07-11 08:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-05 10:42 - 2012-05-15 14:27 - 00000000 ____D () C:\Program Files\RA2HP

2014-02-04 16:06 - 2013-04-24 20:56 - 00000000 ____D () C:\Users\pe130296\Documents\!!!Privat

2014-01-27 08:53 - 2013-04-24 20:54 - 00000000 ___RD () C:\Users\pe130296\Desktop\CEE HP

2014-01-26 18:03 - 2014-01-26 18:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:56 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Adobe

2014-01-26 17:52 - 2013-09-26 10:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-01-26 17:52 - 2012-05-15 13:07 - 00000000 ____D () C:\ProgramData\Adobe

2014-01-26 17:50 - 2013-09-26 10:13 - 00000000 ____D () C:\Program Files\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:46 - 2014-01-26 17:40 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:36 - 2013-05-02 18:13 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Steinberg

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-20 15:08 - 2012-05-15 12:54 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg

2014-01-16 08:27 - 2013-04-24 20:56 - 00000000 ___RD () C:\Users\pe130296\Desktop\OrderFunnel

2014-01-15 17:06 - 2013-04-24 22:14 - 00000000 ___RD () C:\Users\pe130296\Documents\TS Ops CEE

2014-01-15 10:40 - 2013-04-24 21:47 - 00000000 ____D () C:\Users\pe130296\Documents\!LBS
 

Files to move or delete:

====================

C:\ProgramData\PKP_DLet.DAT

C:\ProgramData\PKP_DLev.DAT
 
 

Some content of TEMP:

====================

C:\Users\pe130296\AppData\Local\Temp\2SKKKKKKK.exe

C:\Users\pe130296\AppData\Local\Temp\AutoUpdate.exe

C:\Users\pe130296\AppData\Local\Temp\CpqMC.dll

C:\Users\pe130296\AppData\Local\Temp\i4jdel0.exe

C:\Users\pe130296\AppData\Local\Temp\psWinControl.dll

C:\Users\pe130296\AppData\Local\Temp\Quarantine.exe

C:\Users\pe130296\AppData\Local\Temp\RA_LOG.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-08 00:11
 

==================== End Of Log ============================

--- --- ---

--- --- ---

here we go

ESET results :

C:\Users\pe130296\AppData\Local\Temp\jar_cache7431791627321462271.tmp multiple threats

and here security check :

Results of screen317's Security Check version 0.99.79
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Firewall Disabled!
McAfee VirusScan Enterprise
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
McAfee SiteAdvisor Enterprise Plus
Malwarebytes Anti-Malware Version 1.75.0.1300
````````Process Check: objlist.exe by Laurent````````
McAfee VirusScan Enterprise x64 EngineServer.exe
McAfee VirusScan Enterprise VsTskMgr.exe
McAfee VirusScan Enterprise x64 McShield.exe
McAfee VirusScan Enterprise x64 mfeann.exe
Microsoft Forefront Identity Manager 2010 Password Reset Client Service PwdMgmtProxy.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

and finally FRST :
FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014

Ran by pe130296 (administrator) on PE1302961 on 12-02-2014 22:42:41

Running from C:\Users\pe130296\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
 

==================== Processes (Whitelisted) =================
 

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\AgentService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radalert.exe

() C:\Program Files (x86)\Products\Time Service\svctimehpc.exe

(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\vVX3000.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE

(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

() C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe

(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\Agent.exe

() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(McAfee, Inc.) c:\program files (x86)\mcafee\endpoint encryption for pc\SbClientHelper.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) c:\program files (x86)\mcafee\endpoint encryption for pc\SbClientHelper.exe

(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

() C:\Users\pe130296\Downloads\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)

HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)

HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [31080 2010-08-19] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-15] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927928 2012-05-18] (Synaptics Incorporated)

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)

HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2012-12-18] (Hewlett-Packard Company)

HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)

HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.)

HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [176128 2011-04-02] (Hewlett-Packard Company)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)

HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPConnectionManager] - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-04-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2011-08-31] (McAfee, Inc.)

HKLM-x32\...\Run: [SafeBootTrayManager] - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe [69632 2009-08-19] ()

HKLM-x32\...\Run: [SafeBootTokenWatcher] - C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe [172092 2011-09-15] (McAfee, Inc.)

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)

HKLM-x32\...\Run: [PlantronicsURE.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [299856 2012-11-28] (Autonomy Corporation plc)

HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoWebServices] 1

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\...\Policies\Explorer: [NoPublishingWizard] 1

HKLM\...\Policies\Explorer: [NoAutorun] 1

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)

Lsa: [Notification Packages] sbnp scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\old_zj2o9rj2.lnk

ShortcutTarget: old_zj2o9rj2.lnk -> C:\PROGRA~3\2jr9o2jz.cpp (No File)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = hxxp://search.portal.hp.com/search/simple.asp?query={searchTerms}

SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: DIALux Browser Helper Object - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll (DIAL GmbH)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g5t0073.atlanta.hp.com/hp/HPPKI.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://forrester.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 195.202.138.3 195.202.128.3 62.40.128.2
 

==================== Services (Whitelisted) =================
 

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-26] (Adobe Systems)

R2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6777680 2012-11-28] (Autonomy Corporation plc)

S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1931536 2013-03-29] (DIAL GmbH)

R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)

R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2010-08-19] (Microsoft Corporation)

R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)

R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-12-16] (McAfee, Inc.)

R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2011-08-31] (McAfee, Inc.)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)

R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2011-08-31] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2011-08-31] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-08-31] (McAfee, Inc.)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

R2 radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [300776 2010-04-21] (Hewlett-Packard)

R2 radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [190184 2010-04-21] (Hewlett-Packard)

R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [333544 2010-04-21] (Hewlett-Packard)

R2 SafeBootClientManager; C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [385084 2011-09-15] (McAfee, Inc.)

R2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 

==================== Drivers (Whitelisted) ====================
 

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)

R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)

S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)

R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)

R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)

R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.)

R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.)

R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)

R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)

S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()

R3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2013-05-08] ()

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158584 2011-08-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-08-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642824 2011-08-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-08-31] (McAfee, Inc.)

S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-08-31] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-08-31] (McAfee, Inc.)

R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [43032 2010-01-13] (Hewlett Packard)

R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [62792 2011-09-15] ()

R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [62792 2011-09-15] (McAfee, Inc.)

R0 SBAlg; C:\Windows\System32\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R0 SBAlg; C:\Windows\SysWow64\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R1 SbFlop; C:\Windows\System32\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R1 SbFlop; C:\Windows\SysWow64\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\System32\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\SysWow64\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25912 2012-05-18] (Synaptics Incorporated)

S3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [26936 2012-05-18] (Synaptics Incorporated)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]

S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-12 22:40 - 2014-02-12 22:42 - 02152448 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-12 22:38 - 2014-02-12 22:38 - 00987425 _____ () C:\Users\pe130296\Downloads\SecurityCheck.exe

2014-02-12 22:33 - 2014-02-12 22:33 - 00000088 _____ () C:\Users\pe130296\Desktop\eset.txt

2014-02-12 16:51 - 2014-02-12 16:51 - 18677352 _____ (Tetherscript Technology Corp. ) C:\Users\pe130296\Downloads\ControlMyNikonv43Installer.exe

2014-02-12 10:48 - 2014-02-12 10:48 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-12 10:48 - 2014-02-12 10:48 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-12 09:55 - 2014-02-12 09:55 - 02347384 _____ (ESET) C:\Users\pe130296\Downloads\esetsmartinstaller_enu.exe

2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-09 20:51 - 2014-02-12 22:38 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-09 20:51 - 2014-02-12 21:08 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-09 20:51 - 2014-02-12 21:08 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-09 20:51 - 2014-02-12 21:08 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00003124 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00003100 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-09 20:51 - 2014-02-12 09:53 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-09 20:45 - 2010-01-26 18:56 - 00040328 _____ (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll

2014-02-09 20:45 - 2010-01-26 18:44 - 00047080 _____ (McAfee, Inc.) C:\Windows\system32\HIPIS0e011b5.dll

2014-02-09 18:56 - 2014-02-12 22:42 - 00025451 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:17 - 2014-02-09 18:22 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 17:49 - 2014-02-09 18:10 - 00000000 ____D () C:\AdwCleaner

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-01-26 18:00 - 2014-01-26 18:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:40 - 2014-01-26 17:46 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg
 

==================== One Month Modified Files and Folders =======
 

2014-02-12 22:43 - 2014-02-09 18:56 - 00025451 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-12 22:42 - 2014-02-12 22:40 - 02152448 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-12 22:42 - 2013-07-06 15:13 - 00000000 ____D () C:\FRST

2014-02-12 22:40 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\tracing

2014-02-12 22:38 - 2014-02-12 22:38 - 00987425 _____ () C:\Users\pe130296\Downloads\SecurityCheck.exe

2014-02-12 22:38 - 2014-02-09 20:51 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-12 22:33 - 2014-02-12 22:33 - 00000088 _____ () C:\Users\pe130296\Desktop\eset.txt

2014-02-12 22:31 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-12 22:31 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-12 22:15 - 2013-10-12 13:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-12 22:00 - 2013-05-28 07:54 - 00000308 _____ () C:\Windows\Tasks\pcpm-collector.job

2014-02-12 21:52 - 2013-04-26 09:32 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-12 21:08 - 2014-02-09 20:51 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-12 21:08 - 2014-02-09 20:51 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-12 21:08 - 2014-02-09 20:51 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-12 20:36 - 2009-07-14 05:51 - 00086771 _____ () C:\Windows\setupact.log

2014-02-12 18:52 - 2013-04-26 09:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-12 17:20 - 2013-04-24 20:54 - 00000000 ____D () C:\mail

2014-02-12 16:51 - 2014-02-12 16:51 - 18677352 _____ (Tetherscript Technology Corp. ) C:\Users\pe130296\Downloads\ControlMyNikonv43Installer.exe

2014-02-12 16:34 - 2013-07-09 07:22 - 00000000 ____D () C:\data

2014-02-12 14:30 - 2013-05-28 07:54 - 00000314 _____ () C:\Windows\Tasks\pcpm-consolidator.job

2014-02-12 10:48 - 2014-02-12 10:48 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-12 10:48 - 2014-02-12 10:48 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-12 09:55 - 2014-02-12 09:55 - 02347384 _____ (ESET) C:\Users\pe130296\Downloads\esetsmartinstaller_enu.exe

2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-12 09:53 - 2014-02-09 20:51 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00003124 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00003100 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-12 09:53 - 2014-02-09 20:51 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-12 09:13 - 2013-07-06 12:04 - 00004552 _____ () C:\Windows\system32\config\netlogon.ftl

2014-02-12 09:13 - 2013-04-24 11:23 - 00028152 __RSH () C:\Users\pe130296\ntuser.pol

2014-02-12 09:13 - 2013-04-24 11:22 - 00000000 ____D () C:\Users\pe130296

2014-02-12 09:13 - 2012-05-15 14:05 - 00122111 __RSH () C:\ProgramData\ntuser.pol

2014-02-12 09:12 - 2012-05-15 14:27 - 00000000 ____D () C:\Program Files\RA2HP

2014-02-12 08:31 - 2013-04-24 11:23 - 00000290 _____ () C:\Windows\Tasks\Maint.job

2014-02-11 10:13 - 2013-04-24 10:58 - 01373046 _____ () C:\Windows\WindowsUpdate.log

2014-02-10 14:24 - 2013-04-29 08:46 - 00000000 ____D () C:\Program Files (x86)\PC Backup

2014-02-10 08:56 - 2013-07-06 14:28 - 00006352 _____ () C:\Windows\system32\PerfStringBackup.TMP

2014-02-10 07:36 - 2013-04-24 11:32 - 00000000 ____D () C:\Program Files (x86)\SmartClient

2014-02-10 07:36 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Local\Adobe

2014-02-09 20:54 - 2013-04-24 11:32 - 00003322 _____ () C:\Windows\System32\Tasks\Smart Client

2014-02-09 20:51 - 2013-05-28 07:54 - 00003244 _____ () C:\Windows\System32\Tasks\pcpm-collector

2014-02-09 20:51 - 2013-05-28 07:54 - 00002906 _____ () C:\Windows\System32\Tasks\pcpm-consolidator

2014-02-09 20:51 - 2013-04-24 11:23 - 00002882 _____ () C:\Windows\System32\Tasks\Maint

2014-02-09 20:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-09 20:43 - 2013-04-24 20:56 - 00000000 ____D () C:\Users\pe130296\Documents\!!!Privat

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:22 - 2014-02-09 18:17 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 18:10 - 2014-02-09 17:49 - 00000000 ____D () C:\AdwCleaner

2014-02-09 17:46 - 2013-04-24 20:56 - 00000000 ____D () C:\Quarantine

2014-02-09 17:45 - 2010-11-21 04:47 - 00022538 _____ () C:\Windows\PFRO.log

2014-02-09 14:46 - 2013-07-09 05:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-09 07:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-02-07 15:25 - 2013-04-24 10:56 - 00000000 ____D () C:\Users\Administrator

2014-02-07 15:25 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-02-07 14:58 - 2013-04-24 11:23 - 00000000 ___RD () C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-07 13:49 - 2013-04-24 11:32 - 00000000 ____D () C:\Windows\SmartClient

2014-02-07 13:44 - 2013-05-08 13:31 - 00000000 ____D () C:\ProgramData\Time Service

2014-02-06 11:55 - 2013-04-24 20:59 - 00000000 ____D () C:\Users\pe130296\AppData\Local\CrashDumps

2014-02-05 23:39 - 2012-05-15 15:01 - 00141472 _____ (McAfee, Inc.) C:\Windows\SysWOW64\KevlarSigs.dll

2014-02-05 15:15 - 2013-10-12 13:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-05 15:15 - 2013-07-11 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-05 15:15 - 2013-07-11 08:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-27 08:53 - 2013-04-24 20:54 - 00000000 ___RD () C:\Users\pe130296\Desktop\CEE HP

2014-01-26 18:03 - 2014-01-26 18:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:56 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Adobe

2014-01-26 17:52 - 2013-09-26 10:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-01-26 17:52 - 2012-05-15 13:07 - 00000000 ____D () C:\ProgramData\Adobe

2014-01-26 17:50 - 2013-09-26 10:13 - 00000000 ____D () C:\Program Files\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:46 - 2014-01-26 17:40 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:36 - 2013-05-02 18:13 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Steinberg

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-20 15:08 - 2012-05-15 12:54 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg

2014-01-16 08:27 - 2013-04-24 20:56 - 00000000 ___RD () C:\Users\pe130296\Desktop\OrderFunnel

2014-01-15 17:06 - 2013-04-24 22:14 - 00000000 ___RD () C:\Users\pe130296\Documents\TS Ops CEE

2014-01-15 10:40 - 2013-04-24 21:47 - 00000000 ____D () C:\Users\pe130296\Documents\!LBS
 

Files to move or delete:

====================

C:\ProgramData\PKP_DLet.DAT

C:\ProgramData\PKP_DLev.DAT
 
 

Some content of TEMP:

====================

C:\Users\pe130296\AppData\Local\Temp\2SKKKKKKK.exe

C:\Users\pe130296\AppData\Local\Temp\AutoUpdate.exe

C:\Users\pe130296\AppData\Local\Temp\CpqMC.dll

C:\Users\pe130296\AppData\Local\Temp\i4jdel0.exe

C:\Users\pe130296\AppData\Local\Temp\psWinControl.dll

C:\Users\pe130296\AppData\Local\Temp\Quarantine.exe

C:\Users\pe130296\AppData\Local\Temp\RA_LOG.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-08 00:11
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

--- --- ---

and finally FRST :
FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014

Ran by pe130296 (administrator) on PE1302961 on 12-02-2014 22:42:41

Running from C:\Users\pe130296\Downloads

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool 

Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forums
 

==================== Processes (Whitelisted) =================
 

(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe

(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe

(Validity Sensors, Inc.) C:\Windows\system32\vcsFPService.exe

(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\AgentService.exe

(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Windows\system32\mfevtps.exe

(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe

(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(arvato digital services llc) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radalert.exe

() C:\Program Files (x86)\Products\Time Service\svctimehpc.exe

(Wacom Technology, Corp.) C:\Windows\system32\Pen_Tablet.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\mfeann.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\vVX3000.exe

(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe

(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe

(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe

(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acsagent.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK32.EXE

(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\PC COE\Ida.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe

() C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe

(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe

(Hewlett-Packard Development Company, L.P.) c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe

(Plantronics, Inc.) C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\McTray.exe

(Autonomy Corporation plc) C:\Program Files (x86)\PC Backup\Agent.exe

() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe

(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe

(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSdkHelperx64.exe

(Intel Corporation) C:\Windows\system32\igfxext.exe

(Intel Corporation) C:\Windows\system32\igfxsrvc.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(McAfee, Inc.) c:\program files (x86)\mcafee\endpoint encryption for pc\SbClientHelper.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe

(McAfee, Inc.) C:\Program Files (x86)\McAfee\Common Framework\naPrdMgr.exe

(McAfee, Inc.) c:\program files (x86)\mcafee\endpoint encryption for pc\SbClientHelper.exe

(Hewlett-Packard Company) C:\Program Files\RA2HP\HPRAService.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

() C:\Users\pe130296\Downloads\SecurityCheck.exe

(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)

HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)

HKLM\...\Run: [PasswordRegistration] - C:\Windows\system32\MsPwdRegistration.exe [31080 2010-08-19] (Microsoft Corporation)

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-15] (IDT, Inc.)

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2927928 2012-05-18] (Synaptics Incorporated)

HKLM\...\Run: [HPPowerAssistant] - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [3488640 2012-03-14] (Hewlett-Packard Company)

HKLM\...\Run: [HPRAService] - C:\Program Files\RA2HP\HPRAService.exe [139776 2012-12-18] (Hewlett-Packard Company)

HKLM\...\Run: [VX3000] - C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [COEMsgDisplay] - c:\Program Files (x86)\Hewlett-Packard\PC COE\COEMsgDisplay.exe [26624 2007-04-11] (Hewlett Packard)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-09-07] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-30] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [GetITIcon] - C:\Program Files (x86)\Hewlett-Packard\GetITIcon\GetITShell.exe [861696 2011-08-30] (Hewlett-Packard Company)

HKLM-x32\...\Run: [McAfee Host Intrusion Prevention Tray] - C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireTray.exe [979104 2010-06-15] (McAfee, Inc.)

HKLM-x32\...\Run: [IDA] - C:\Program Files (x86)\Hewlett-Packard\PC COE\IDA.EXE [176128 2011-04-02] (Hewlett-Packard Company)

HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-03-01] (Intel Corporation)

HKLM-x32\...\Run: [QLBController] - c:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [322432 2012-04-04] (Hewlett-Packard Company)

HKLM-x32\...\Run: [HPConnectionManager] - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [184704 2012-04-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [eepc_SmartClient] - C:\Program Files (x86)\SmartClient\Smart.exe [135168 2013-09-24] (Hewlett-Packard Company)

HKLM-x32\...\Run: [ShStatEXE] - C:\Program Files (x86)\McAfee\VirusScan Enterprise\SHSTAT.EXE [124224 2011-08-31] (McAfee, Inc.)

HKLM-x32\...\Run: [SafeBootTrayManager] - C:\Program Files (x86)\SafeBoot Tray Manager\SbTrayManager.exe [69632 2009-08-19] ()

HKLM-x32\...\Run: [SafeBootTokenWatcher] - C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbTokWatch.exe [172092 2011-09-15] (McAfee, Inc.)

HKLM-x32\...\Run: [McAfeeUpdaterUI] - C:\Program Files (x86)\McAfee\Common Framework\udaterui.exe [333416 2012-11-27] (McAfee, Inc.)

HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)

HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)

HKLM-x32\...\Run: [PlantronicsURE.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsURE.exe [625040 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [PlantronicsBatteryStatus.exe] - C:\Program Files (x86)\Plantronics\PlantronicsURE\PlantronicsBatteryStatus.exe [356752 2013-02-28] (Plantronics, Inc.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [Communicator] - C:\Program Files (x86)\Microsoft Lync\communicator.exe [12107944 2013-05-30] (Microsoft Corporation)

HKLM-x32\...\Run: [AgentUiRunKey] - C:\Program Files (x86)\PC Backup\Agent.exe [299856 2012-11-28] (Autonomy Corporation plc)

HKLM-x32\...\Run: [BambooCore] - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()

HKLM-x32\...\Run: [LifeCam] - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)

HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)

HKLM-x32\...\Run: [Adobe Creative Cloud] - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)

HKLM\...\Policies\Explorer: [HideSCAHealth] 1

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKLM\...\Policies\Explorer: [NoWebServices] 1

HKLM\...\Policies\Explorer: [NoInternetOpenWith] 1

HKLM\...\Policies\Explorer: [NoPublishingWizard] 1

HKLM\...\Policies\Explorer: [NoAutorun] 1

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

HKU\S-1-5-21-1957994488-842925246-40105171-193186\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)

Lsa: [Notification Packages] sbnp scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk

ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

Startup: C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\old_zj2o9rj2.lnk

ShortcutTarget: old_zj2o9rj2.lnk -> C:\PROGRA~3\2jr9o2jz.cpp (No File)
 

==================== Internet (Whitelisted) ====================
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://intranet.hp.com/Country/Austria/Pages/index.aspx

SearchScopes: HKLM - DefaultScope value is missing.

SearchScopes: HKCU - {3A4BD30C-6ADE-4536-A668-BFFA1D20DE74} URL = hxxp://search.portal.hp.com/search/simple.asp?query={searchTerms}

SearchScopes: HKCU - {6C336C69-4D05-4234-956F-525EC5BB10C6} URL = hxxp://peoplefinder.portal.hp.com/peoplefinder/peoplefinder.asp?pf_SearchType=0&pf_SearchVal={searchTerms}&pf_SearchOption=0

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll (Microsoft Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

BHO-x32: DIALux Browser Helper Object - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll (DIAL GmbH)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

DPF: HKLM-x32 {00000035-9593-4264-8B29-930B3E4EDCCD} https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab

DPF: HKLM-x32 {AB01FF2E-A848-410C-B47B-CB467C476AD9} https://g5t0073.atlanta.hp.com/hp/HPPKI.cab

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://forrester.webex.com/client/WBXclient-T28L10NSP10EP1-16277/webex/ieatgpc1.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll (McAfee, Inc.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 195.202.138.3 195.202.128.3 62.40.128.2
 

==================== Services (Whitelisted) =================
 

R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-26] (Adobe Systems)

R2 AgentService; C:\Program Files (x86)\PC Backup\AgentService.exe [6777680 2012-11-28] (Autonomy Corporation plc)

S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1931536 2013-03-29] (DIAL GmbH)

R2 enterceptAgent; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\FireSvc.exe [1498224 2010-06-15] (McAfee, Inc.)

R2 FIMPasswordReset; C:\Program Files\Microsoft Forefront Identity Manager\2010\Password Reset Client Service\PwdMgmtProxy.exe [75608 2010-08-19] (Microsoft Corporation)

R2 hips; C:\Program Files (x86)\McAfee\Host Intrusion Prevention\HIPSCore\x64\HIPSvc.exe [39840 2010-01-26] (McAfee, Inc.)

R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [368512 2012-04-04] (Hewlett-Packard Company)

R2 McAfee SiteAdvisor Enterprise Service; C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [222528 2009-12-16] (McAfee, Inc.)

R2 McAfeeEngineService; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\EngineServer.exe [20792 2011-08-31] (McAfee, Inc.)

R2 McAfeeFramework; C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe [132712 2012-11-27] (McAfee, Inc.)

R2 McShield; C:\Program Files (x86)\McAfee\VirusScan Enterprise\x64\McShield.exe [181480 2011-08-31] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files (x86)\McAfee\VirusScan Enterprise\VsTskMgr.exe [66880 2011-08-31] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [158832 2011-08-31] (McAfee, Inc.)

R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [336824 2010-11-30] (arvato digital services llc)

R2 radexecd; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [300776 2010-04-21] (Hewlett-Packard)

R2 radsched; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [190184 2010-04-21] (Hewlett-Packard)

R2 Radstgms; C:\Program Files (x86)\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [333544 2010-04-21] (Hewlett-Packard)

R2 SafeBootClientManager; C:\Program Files (x86)\McAfee\Endpoint Encryption for PC\SbClientManager.exe [385084 2011-09-15] (McAfee, Inc.)

R2 svctimehpc; C:\Program Files (x86)\Products\Time Service\svctimehpc.exe [13387128 2012-09-11] ()

R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)
 

==================== Drivers (Whitelisted) ====================
 

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.)

R3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.)

S3 Firehk; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 FirehkMP; C:\Windows\System32\DRIVERS\firehk.sys [56648 2008-10-17] (McAfee, Inc.)

R3 firelm01; C:\Windows\system32\drivers\firelm01.sys [38968 2010-06-15] (McAfee, Inc.)

R0 FirePM; C:\Windows\System32\Drivers\FirePM.sys [186784 2010-06-15] (McAfee, Inc.)

R1 FireTDI; C:\Windows\system32\Drivers\FireTDI.sys [254520 2010-06-15] (McAfee, Inc.)

R3 HIPK; C:\Windows\System32\drivers\HIPK.sys [138904 2010-01-26] (McAfee, Inc.)

R3 HIPPSK; C:\Windows\System32\drivers\HIPPSK.sys [45424 2010-01-26] (McAfee, Inc.)

R3 HIPQK; C:\Windows\System32\drivers\HIPQK.sys [40152 2010-01-26] (McAfee, Inc.)

S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)

R3 johci; C:\Windows\System32\DRIVERS\johci.sys [26200 2012-02-27] (JMicron Technology Corp.)

S3 LV_Tracker; C:\Windows\System32\DRIVERS\LV_Tracker64.sys [54824 2012-11-28] ()

R3 Mandiant_Tools; C:\ProgramData\Application Data\Time Service\mktools.sys [25168 2013-05-08] ()

R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [158584 2011-08-31] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [228752 2011-08-31] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [642824 2011-08-31] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [100904 2011-08-31] (McAfee, Inc.)

S4 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [86368 2011-08-31] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [283744 2011-08-31] (McAfee, Inc.)

R3 RadiaMsi; C:\Windows\System32\DRIVERS\radiamsi.sys [43032 2010-01-13] (Hewlett Packard)

R1 RsvLock; C:\Windows\System32\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R1 RsvLock; C:\Windows\SysWow64\Drivers\RsvLock.sys [58184 2011-09-15] (McAfee, Inc.)

R0 SafeBoot; C:\Windows\System32\Drivers\SafeBoot.sys [62792 2011-09-15] ()

R0 SafeBoot; C:\Windows\SysWow64\Drivers\SafeBoot.sys [62792 2011-09-15] (McAfee, Inc.)

R0 SBAlg; C:\Windows\System32\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R0 SBAlg; C:\Windows\SysWow64\Drivers\SBAlg.sys [60128 2008-08-13] (SafeBoot N.V.)

R1 SbFlop; C:\Windows\System32\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R1 SbFlop; C:\Windows\SysWow64\Drivers\SbFlop.sys [23368 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\System32\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R0 SbFsLock; C:\Windows\SysWow64\Drivers\SbFsLock.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\System32\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

R1 SbRegFlt; C:\Windows\SysWow64\Drivers\SbRegFlt.sys [15688 2011-09-15] (McAfee, Inc.)

S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [25912 2012-05-18] (Synaptics Incorporated)

S3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [26936 2012-05-18] (Synaptics Incorporated)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]

S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2014-02-12 22:40 - 2014-02-12 22:42 - 02152448 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-12 22:38 - 2014-02-12 22:38 - 00987425 _____ () C:\Users\pe130296\Downloads\SecurityCheck.exe

2014-02-12 22:33 - 2014-02-12 22:33 - 00000088 _____ () C:\Users\pe130296\Desktop\eset.txt

2014-02-12 16:51 - 2014-02-12 16:51 - 18677352 _____ (Tetherscript Technology Corp. ) C:\Users\pe130296\Downloads\ControlMyNikonv43Installer.exe

2014-02-12 10:48 - 2014-02-12 10:48 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-12 10:48 - 2014-02-12 10:48 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-12 09:55 - 2014-02-12 09:55 - 02347384 _____ (ESET) C:\Users\pe130296\Downloads\esetsmartinstaller_enu.exe

2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-09 20:51 - 2014-02-12 22:38 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-09 20:51 - 2014-02-12 21:08 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-09 20:51 - 2014-02-12 21:08 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-09 20:51 - 2014-02-12 21:08 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00003124 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00003100 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-09 20:51 - 2014-02-12 09:53 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-09 20:51 - 2014-02-12 09:53 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-09 20:51 - 2014-02-12 09:53 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-09 20:45 - 2010-01-26 18:56 - 00040328 _____ (McAfee, Inc.) C:\Windows\SysWOW64\HIPIS0e011b5.dll

2014-02-09 20:45 - 2010-01-26 18:44 - 00047080 _____ (McAfee, Inc.) C:\Windows\system32\HIPIS0e011b5.dll

2014-02-09 18:56 - 2014-02-12 22:42 - 00025451 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:17 - 2014-02-09 18:22 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 17:49 - 2014-02-09 18:10 - 00000000 ____D () C:\AdwCleaner

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-01-26 18:00 - 2014-01-26 18:03 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:40 - 2014-01-26 17:46 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg
 

==================== One Month Modified Files and Folders =======
 

2014-02-12 22:43 - 2014-02-09 18:56 - 00025451 _____ () C:\Users\pe130296\Downloads\FRST.txt

2014-02-12 22:42 - 2014-02-12 22:40 - 02152448 _____ (Farbar) C:\Users\pe130296\Downloads\FRST64.exe

2014-02-12 22:42 - 2013-07-06 15:13 - 00000000 ____D () C:\FRST

2014-02-12 22:40 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\tracing

2014-02-12 22:38 - 2014-02-12 22:38 - 00987425 _____ () C:\Users\pe130296\Downloads\SecurityCheck.exe

2014-02-12 22:38 - 2014-02-09 20:51 - 00000278 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job

2014-02-12 22:33 - 2014-02-12 22:33 - 00000088 _____ () C:\Users\pe130296\Desktop\eset.txt

2014-02-12 22:31 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-02-12 22:31 - 2009-07-14 05:45 - 00019104 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-02-12 22:15 - 2013-10-12 13:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-12 22:00 - 2013-05-28 07:54 - 00000308 _____ () C:\Windows\Tasks\pcpm-collector.job

2014-02-12 21:52 - 2013-04-26 09:32 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-12 21:08 - 2014-02-09 20:51 - 00003104 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001

2014-02-12 21:08 - 2014-02-09 20:51 - 00002884 _____ () C:\Windows\System32\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000

2014-02-12 21:08 - 2014-02-09 20:51 - 00000338 ____H () C:\Windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}000.job

2014-02-12 20:36 - 2009-07-14 05:51 - 00086771 _____ () C:\Windows\setupact.log

2014-02-12 18:52 - 2013-04-26 09:32 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-12 17:20 - 2013-04-24 20:54 - 00000000 ____D () C:\mail

2014-02-12 16:51 - 2014-02-12 16:51 - 18677352 _____ (Tetherscript Technology Corp. ) C:\Users\pe130296\Downloads\ControlMyNikonv43Installer.exe

2014-02-12 16:34 - 2013-07-09 07:22 - 00000000 ____D () C:\data

2014-02-12 14:30 - 2013-05-28 07:54 - 00000314 _____ () C:\Windows\Tasks\pcpm-consolidator.job

2014-02-12 10:48 - 2014-02-12 10:48 - 00133028 _____ () C:\Windows\SysWOW64\api_hook_list.dat

2014-02-12 10:48 - 2014-02-12 10:48 - 00002033 _____ () C:\Windows\system32\api_hook_list.dat

2014-02-12 09:55 - 2014-02-12 09:55 - 02347384 _____ (ESET) C:\Users\pe130296\Downloads\esetsmartinstaller_enu.exe

2014-02-12 09:55 - 2014-02-12 09:55 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-02-12 09:53 - 2014-02-09 20:51 - 00003346 _____ () C:\Windows\System32\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00003124 _____ () C:\Windows\System32\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00003100 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001

2014-02-12 09:53 - 2014-02-09 20:51 - 00003022 _____ () C:\Windows\System32\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00002980 _____ () C:\Windows\System32\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000

2014-02-12 09:53 - 2014-02-09 20:51 - 00000412 ____H () C:\Windows\Tasks\IDA{24AB88C9-D233-48EF-9EC5-79D902043D09}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000392 ____H () C:\Windows\Tasks\IDA{E1B2A4DD-AE06-4B97-9B55-8E8F1348E7FB}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000370 ____H () C:\Windows\Tasks\IDA{96A23EF4-3F38-4839-B12A-860409AC2861}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000370 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}000.job

2014-02-12 09:53 - 2014-02-09 20:51 - 00000346 ____H () C:\Windows\Tasks\IDA{07A2D605-F561-11D1-BEE5-AC785AC8CD4E}001.job

2014-02-12 09:13 - 2013-07-06 12:04 - 00004552 _____ () C:\Windows\system32\config\netlogon.ftl

2014-02-12 09:13 - 2013-04-24 11:23 - 00028152 __RSH () C:\Users\pe130296\ntuser.pol

2014-02-12 09:13 - 2013-04-24 11:22 - 00000000 ____D () C:\Users\pe130296

2014-02-12 09:13 - 2012-05-15 14:05 - 00122111 __RSH () C:\ProgramData\ntuser.pol

2014-02-12 09:12 - 2012-05-15 14:27 - 00000000 ____D () C:\Program Files\RA2HP

2014-02-12 08:31 - 2013-04-24 11:23 - 00000290 _____ () C:\Windows\Tasks\Maint.job

2014-02-11 10:13 - 2013-04-24 10:58 - 01373046 _____ () C:\Windows\WindowsUpdate.log

2014-02-10 14:24 - 2013-04-29 08:46 - 00000000 ____D () C:\Program Files (x86)\PC Backup

2014-02-10 08:56 - 2013-07-06 14:28 - 00006352 _____ () C:\Windows\system32\PerfStringBackup.TMP

2014-02-10 07:36 - 2013-04-24 11:32 - 00000000 ____D () C:\Program Files (x86)\SmartClient

2014-02-10 07:36 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Local\Adobe

2014-02-09 20:54 - 2013-04-24 11:32 - 00003322 _____ () C:\Windows\System32\Tasks\Smart Client

2014-02-09 20:51 - 2013-05-28 07:54 - 00003244 _____ () C:\Windows\System32\Tasks\pcpm-collector

2014-02-09 20:51 - 2013-05-28 07:54 - 00002906 _____ () C:\Windows\System32\Tasks\pcpm-consolidator

2014-02-09 20:51 - 2013-04-24 11:23 - 00002882 _____ () C:\Windows\System32\Tasks\Maint

2014-02-09 20:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-09 20:43 - 2013-04-24 20:56 - 00000000 ____D () C:\Users\pe130296\Documents\!!!Privat

2014-02-09 18:24 - 2014-02-09 18:24 - 00000000 ____D () C:\Windows\ERUNT

2014-02-09 18:22 - 2014-02-09 18:17 - 01037530 _____ (Thisisu) C:\Users\pe130296\Downloads\JRT.exe

2014-02-09 18:10 - 2014-02-09 17:49 - 00000000 ____D () C:\AdwCleaner

2014-02-09 17:46 - 2013-04-24 20:56 - 00000000 ____D () C:\Quarantine

2014-02-09 17:45 - 2010-11-21 04:47 - 00022538 _____ () C:\Windows\PFRO.log

2014-02-09 14:46 - 2013-07-09 05:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-02-09 14:45 - 2014-02-09 14:45 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\pe130296\Downloads\mbam-setup-1.75.0.1300.exe

2014-02-09 07:41 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF

2014-02-07 17:08 - 2014-02-07 17:08 - 00000000 _____ () C:\ProgramData\PKP_DLev.DAT

2014-02-07 17:07 - 2014-02-07 17:07 - 00000000 _____ () C:\ProgramData\PKP_DLet.DAT

2014-02-07 15:25 - 2013-04-24 10:56 - 00000000 ____D () C:\Users\Administrator

2014-02-07 15:25 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default

2014-02-07 14:58 - 2013-04-24 11:23 - 00000000 ___RD () C:\Users\pe130296\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-02-07 13:49 - 2013-04-24 11:32 - 00000000 ____D () C:\Windows\SmartClient

2014-02-07 13:44 - 2013-05-08 13:31 - 00000000 ____D () C:\ProgramData\Time Service

2014-02-06 11:55 - 2013-04-24 20:59 - 00000000 ____D () C:\Users\pe130296\AppData\Local\CrashDumps

2014-02-05 23:39 - 2012-05-15 15:01 - 00141472 _____ (McAfee, Inc.) C:\Windows\SysWOW64\KevlarSigs.dll

2014-02-05 15:15 - 2013-10-12 13:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-05 15:15 - 2013-07-11 08:14 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-05 15:15 - 2013-07-11 08:14 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-27 08:53 - 2013-04-24 20:54 - 00000000 ___RD () C:\Users\pe130296\Desktop\CEE HP

2014-01-26 18:03 - 2014-01-26 18:00 - 00000000 ____D () C:\Program Files (x86)\QuickTime

2014-01-26 17:57 - 2014-01-26 17:57 - 41404760 _____ (Apple Inc.) C:\Users\pe130296\Downloads\QuickTimeInstaller.exe

2014-01-26 17:56 - 2014-01-26 17:56 - 00000000 ____D () C:\Users\pe130296\Documents\Adobe

2014-01-26 17:56 - 2013-04-24 11:23 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Adobe

2014-01-26 17:52 - 2013-09-26 10:09 - 00000000 ____D () C:\Program Files\Common Files\Adobe

2014-01-26 17:52 - 2012-05-15 13:07 - 00000000 ____D () C:\ProgramData\Adobe

2014-01-26 17:50 - 2013-09-26 10:13 - 00000000 ____D () C:\Program Files\Adobe

2014-01-26 17:46 - 2014-01-26 17:46 - 00000000 ____D () C:\Users\pe130296\Downloads\Adobe

2014-01-26 17:46 - 2014-01-26 17:40 - 914255640 _____ (Adobe Systems Incorporated) C:\Users\pe130296\Downloads\Lightroom_5_LS11.exe

2014-01-23 14:25 - 2014-01-23 14:25 - 00024049 _____ () C:\Users\pe130296\Desktop\Copy of people moving to FSC (2).xlsx

2014-01-22 20:31 - 2014-01-22 20:31 - 00000275 _____ () C:\Users\pe130296\AppData\Local\HamsterAudioConverterSettings.cfg

2014-01-22 20:30 - 2014-01-22 20:30 - 00000000 ____D () C:\Program Files (x86)\Hamster Soft

2014-01-22 20:29 - 2014-01-22 20:29 - 05350072 _____ (Hamster Soft ) C:\Users\pe130296\Downloads\hamsterfreeaudioconverter_1.0.0.18.exe

2014-01-22 17:40 - 2014-01-22 17:40 - 00000000 ____D () C:\Users\pe130296\Documents\VST3 Presets

2014-01-22 14:36 - 2013-05-02 18:13 - 00000000 ____D () C:\Users\pe130296\AppData\Roaming\Steinberg

2014-01-22 14:26 - 2014-01-22 14:26 - 39841403 _____ () C:\Users\pe130296\Downloads\WaveLab_LE_7.2.1_Win8_Patch64.exe

2014-01-20 15:08 - 2012-05-15 12:54 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-01-19 12:36 - 2014-01-19 12:36 - 00007606 _____ () C:\Users\pe130296\AppData\Local\Resmon.ResmonCfg

2014-01-16 08:27 - 2013-04-24 20:56 - 00000000 ___RD () C:\Users\pe130296\Desktop\OrderFunnel

2014-01-15 17:06 - 2013-04-24 22:14 - 00000000 ___RD () C:\Users\pe130296\Documents\TS Ops CEE

2014-01-15 10:40 - 2013-04-24 21:47 - 00000000 ____D () C:\Users\pe130296\Documents\!LBS
 

Files to move or delete:

====================

C:\ProgramData\PKP_DLet.DAT

C:\ProgramData\PKP_DLev.DAT
 
 

Some content of TEMP:

====================

C:\Users\pe130296\AppData\Local\Temp\2SKKKKKKK.exe

C:\Users\pe130296\AppData\Local\Temp\AutoUpdate.exe

C:\Users\pe130296\AppData\Local\Temp\CpqMC.dll

C:\Users\pe130296\AppData\Local\Temp\i4jdel0.exe

C:\Users\pe130296\AppData\Local\Temp\psWinControl.dll

C:\Users\pe130296\AppData\Local\Temp\Quarantine.exe

C:\Users\pe130296\AppData\Local\Temp\RA_LOG.dll
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 

LastRegBack: 2014-02-08 00:11
 

==================== End Of Log ============================

--- --- ---

--- --- ---

--- --- ---

diese fehlermedlung erschint immer noch beim booten :

run DLL :
there was a problem starting c:\progra~\2jr9o2jz.cpp
the specified module could not be found

beste Grüße