Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Scorpion Saver just won't go away! [Closed]


  • This topic is locked This topic is locked

#1
MGoforth

MGoforth

    New Member

  • Member
  • Pip
  • 6 posts
Hi! My name is Meg. I recently downloaded Scorpion Saver without my knowledge, but now I get popups and annoying ads every time I click anything on the internet. I've run MalwareBytes, and that didn't help. I ran CCleaner, and that didn't help. I tried simply uninstalling it from the control panel, and that didn't work. My laptop still seems to be working fine, but the popups and ads are annoying enough for me to want to get rid of this. I downloaded and ran OTL and pasted the results below. Any help you can give will be much appreciated. Thank you!

Meg


OTL logfile created on: 3/10/2014 1:49:10 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Margaret\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.47 Gb Total Physical Memory | 2.96 Gb Available Physical Memory | 54.12% Memory free
6.34 Gb Paging File | 3.60 Gb Available in Paging File | 56.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 670.36 Gb Total Space | 617.42 Gb Free Space | 92.10% Space Free | Partition Type: NTFS
Drive D: | 27.16 Gb Total Space | 3.15 Gb Free Space | 11.61% Space Free | Partition Type: NTFS

Computer Name: MEGISAWESOME | User Name: Margaret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2014/03/10 13:48:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Margaret\Downloads\OTL.exe
PRC - [2014/03/01 19:35:27 | 000,859,464 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/08/05 01:51:14 | 001,713,416 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
PRC - [2013/08/05 00:49:42 | 000,111,576 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/07/19 10:14:44 | 000,011,112 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
PRC - [2013/07/19 10:14:42 | 000,085,864 | ---- | M] (Absolute Software) -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
PRC - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
PRC - [2013/04/20 17:37:38 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\Windows\SysWOW64\rpcnet.exe
PRC - [2013/04/04 14:50:32 | 000,887,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/05 16:14:34 | 001,343,904 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
PRC - [2012/08/10 02:36:54 | 001,641,320 | ---- | M] (HP) -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
PRC - [2012/08/10 02:36:40 | 003,698,024 | ---- | M] (AuthenTec Inc.) -- C:\Program Files (x86)\HP SimplePass\TouchControl.exe
PRC - [2012/08/10 02:36:26 | 004,073,320 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
PRC - [2012/08/10 02:36:18 | 000,255,336 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
PRC - [2012/07/31 15:17:52 | 000,580,512 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/07/31 15:17:52 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe


========== Modules (No Company Name) ==========

MOD - [2014/03/10 11:42:16 | 013,566,976 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\88c0c4bdd11ead81d84b5d28ef18065b\System.Web.ni.dll
MOD - [2014/03/01 19:35:25 | 000,394,568 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppgooglenaclpluginchrome.dll
MOD - [2014/03/01 19:35:24 | 013,632,840 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
MOD - [2014/03/01 19:35:23 | 004,061,000 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
MOD - [2014/03/01 19:35:20 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
MOD - [2014/03/01 19:35:19 | 000,100,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
MOD - [2014/03/01 19:35:17 | 001,647,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
MOD - [2014/03/01 19:35:15 | 000,051,016 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
MOD - [2014/02/13 23:09:39 | 001,840,640 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\3dfc0be2419d9701d2f96c870b2938d5\System.Web.Services.ni.dll
MOD - [2014/02/13 23:09:37 | 000,771,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\32cb131358268f010b801e10cc87a76c\System.Runtime.Remoting.ni.dll
MOD - [2014/02/13 23:09:07 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\97272e5adde36ea896d7216bf0270e15\System.Configuration.ni.dll
MOD - [2014/02/13 23:01:01 | 005,463,552 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\672138dc2f47a077f59ef14290a6973e\System.Xml.ni.dll
MOD - [2014/02/13 23:00:54 | 012,436,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\a673aacf407b499981342bb709cce917\System.Windows.Forms.ni.dll
MOD - [2014/02/13 23:00:41 | 001,593,344 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d76ae95d56d39a59f727f5518ac8e396\System.Drawing.ni.dll
MOD - [2014/02/13 22:59:42 | 007,993,856 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\20af51394609c937507288c2b1cf2c8c\System.ni.dll
MOD - [2014/02/13 22:59:33 | 011,499,520 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\3de119146ed0e59408f896aa69cdfc42\mscorlib.ni.dll
MOD - [2014/02/13 22:59:21 | 007,803,392 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\fd6afdb3a9309e9af89222b778f5901c\System.Xml.ni.dll
MOD - [2014/02/13 22:59:09 | 012,856,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ec3e85d83522363e943a978c0572e360\System.Windows.Forms.ni.dll
MOD - [2014/02/13 22:58:23 | 001,169,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\5d657eb91c57cf9b4f121a1a98874136\System.Management.ni.dll
MOD - [2014/02/13 22:58:22 | 001,635,328 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\15ead42b8d352194f0f3fbba4f7ae02b\System.Drawing.ni.dll
MOD - [2014/02/13 22:58:11 | 000,968,192 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\9ab0202718d44c5bfe5120745304808a\System.Configuration.ni.dll
MOD - [2014/02/13 22:57:31 | 006,951,424 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ab8978239d891c4afffd6a6df3996a6e\System.Core.ni.dll
MOD - [2014/02/13 22:57:22 | 010,003,456 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\8455c031f8ffe82a0109c563873260e8\System.ni.dll
MOD - [2014/02/13 22:57:12 | 000,196,096 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\7ba8bc3c49fb30c9603bf070a0e0d51e\CustomMarshalers.ni.dll
MOD - [2014/02/02 18:15:17 | 000,142,184 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\TrueAPIAdapter\1.4.0.0__976143fb9099ae78\TrueAPIAdapter.dll
MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/12/02 17:37:02 | 017,376,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\ebdd49343f711b2029293f8e621b28a2\mscorlib.ni.dll
MOD - [2013/08/05 16:48:08 | 000,016,856 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/05 01:51:27 | 000,806,664 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\UNO.dll
MOD - [2013/08/05 01:51:25 | 000,175,880 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLVistaAudioMixer.dll
MOD - [2013/08/05 00:49:47 | 000,627,672 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2013/03/05 20:04:53 | 001,321,944 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go8\Language\Enu\P2GRC.dll
MOD - [2012/08/10 02:36:26 | 004,073,320 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
MOD - [2012/08/10 02:36:20 | 000,018,792 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\DownloadManager.dll
MOD - [2012/08/10 02:36:18 | 000,255,336 | ---- | M] () -- C:\Program Files (x86)\HP SimplePass\DownloadAD.exe
MOD - [2012/05/29 23:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll


========== Services (SafeList) ==========

SRV:64bit: - [2014/02/06 03:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/02/02 18:01:59 | 003,395,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2014/02/02 18:00:24 | 001,302,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2014/02/02 17:56:22 | 000,076,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV:64bit: - [2013/12/13 11:23:32 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/11/27 02:17:40 | 000,263,168 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2013/11/22 21:50:00 | 000,282,112 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/11/14 00:29:02 | 001,584,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2013/11/14 00:29:01 | 000,533,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2013/11/14 00:25:27 | 001,555,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/11/14 00:25:27 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2013/11/14 00:25:26 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\GeofenceMonitorService.dll -- (lfsvc)
SRV:64bit: - [2013/08/22 05:32:01 | 000,346,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2013/08/22 05:32:00 | 000,023,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2013/08/22 04:32:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2013/08/22 04:31:43 | 000,040,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2013/08/22 04:22:45 | 000,066,048 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2013/08/22 04:21:15 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2013/08/22 04:16:57 | 000,118,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2013/08/22 03:25:28 | 000,164,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2013/08/22 03:19:28 | 000,517,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2013/08/22 03:04:53 | 000,716,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2013/08/22 03:02:47 | 000,013,312 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2013/08/22 02:59:26 | 000,832,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2013/08/22 02:57:25 | 000,130,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2013/08/22 02:54:59 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2013/08/22 02:50:59 | 000,245,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/08/22 02:50:00 | 000,525,312 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/08/22 02:45:59 | 000,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2013/08/22 02:40:49 | 000,248,832 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2013/08/22 02:40:14 | 000,398,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2013/08/22 02:39:33 | 000,198,656 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2013/08/22 02:31:03 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2013/08/22 02:15:54 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2012/09/06 02:47:02 | 000,028,160 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\valWBFPolicyService.exe -- (valWBFPolicyService)
SRV:64bit: - [2012/08/08 11:36:06 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2012/07/24 03:59:56 | 000,321,536 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2012/07/16 07:59:12 | 000,401,256 | ---- | M] (AuthenTec, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\AuthenTec\TrueService.exe -- (TrueService)
SRV - [2014/02/02 17:56:23 | 000,475,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2014/02/02 17:56:21 | 000,066,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc)
SRV - [2014/02/02 17:56:21 | 000,062,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2013/11/14 00:25:25 | 000,357,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GeofenceMonitorService.dll -- (lfsvc)
SRV - [2013/08/22 05:31:56 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/08/21 20:55:35 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2013/08/21 19:53:34 | 000,011,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
SRV - [2013/07/31 09:04:13 | 002,457,232 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2013/07/19 10:14:44 | 000,011,112 | ---- | M] (Absolute Software) [Auto | Running] -- C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe -- (AbsoluteNotifier)
SRV - [2013/05/20 21:44:22 | 000,144,368 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe -- (NIS)
SRV - [2013/04/20 17:37:38 | 000,069,792 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rpcnet.exe -- (rpcnet)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/08/10 02:36:54 | 001,641,320 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe -- (FPLService)
SRV - [2012/07/31 15:17:52 | 000,035,232 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/02/02 18:00:24 | 000,372,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2014/02/02 18:00:24 | 000,325,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2014/02/02 18:00:24 | 000,146,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2014/02/02 18:00:24 | 000,086,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2014/02/02 18:00:24 | 000,039,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2013/12/13 11:23:36 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/12/13 11:23:36 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/11/14 00:28:58 | 000,057,176 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2013/11/14 00:25:25 | 000,467,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/11/14 00:25:25 | 000,236,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/11/14 00:25:25 | 000,175,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2013/11/14 00:23:24 | 000,136,536 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2013/11/14 00:16:57 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2013/11/14 00:16:54 | 000,037,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2013/10/17 03:46:02 | 003,858,944 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athwbx.sys -- (athr)
DRV:64bit: - [2013/08/22 06:25:40 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2013/08/22 06:25:40 | 000,030,048 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/08/22 05:50:19 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2013/08/22 05:49:54 | 000,079,712 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2013/08/22 05:49:33 | 000,159,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/08/22 05:43:49 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2013/08/22 05:43:48 | 000,146,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2013/08/22 05:43:48 | 000,041,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2013/08/22 05:43:45 | 003,357,024 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2013/08/22 05:43:45 | 000,093,536 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2013/08/22 05:43:45 | 000,082,784 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2013/08/22 05:43:45 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2013/08/22 05:43:44 | 000,081,760 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3.sys -- (LSI_SAS3)
DRV:64bit: - [2013/08/22 05:43:41 | 000,782,176 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2013/08/22 05:43:41 | 000,531,296 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2013/08/22 05:43:41 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2013/08/22 05:43:41 | 000,108,896 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2013/08/22 05:43:41 | 000,079,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/08/22 05:43:40 | 000,114,016 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2013/08/22 05:43:40 | 000,082,784 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2013/08/22 05:43:40 | 000,025,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/08/22 05:43:34 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2013/08/22 05:43:33 | 000,189,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2013/08/22 05:43:33 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,078,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2013/08/22 05:43:32 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2013/08/22 05:43:31 | 000,107,872 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/08/22 05:43:31 | 000,072,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2013/08/22 05:43:31 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2013/08/22 05:41:08 | 000,054,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2013/08/22 05:39:44 | 000,377,696 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2013/08/22 05:39:15 | 000,924,512 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refs.sys -- (ReFS)
DRV:64bit: - [2013/08/22 05:39:15 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2013/08/22 05:37:27 | 000,069,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2013/08/22 05:36:12 | 000,026,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2013/08/22 05:34:22 | 000,265,056 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/08/22 05:34:22 | 000,124,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2013/08/22 05:31:28 | 000,034,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/08/22 04:39:58 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2013/08/22 04:39:54 | 000,076,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2013/08/22 04:39:31 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2013/08/22 04:39:28 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2013/08/22 04:39:20 | 000,022,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2013/08/22 04:39:06 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2013/08/22 04:38:58 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2013/08/22 04:38:48 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2013/08/22 04:38:39 | 000,036,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/08/22 04:38:26 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2013/08/22 04:38:23 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2013/08/22 04:38:22 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2013/08/22 04:38:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2013/08/22 04:37:49 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2013/08/22 04:37:46 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013/08/22 04:37:42 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2013/08/22 04:37:28 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/08/22 04:37:28 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2013/08/22 04:37:14 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2013/08/22 04:36:43 | 000,087,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc63.sys -- (netvsc)
DRV:64bit: - [2013/08/22 04:36:25 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2013/08/22 04:36:17 | 000,124,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2013/08/22 04:36:07 | 000,066,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2013/08/22 04:35:42 | 000,103,424 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2013/08/22 01:46:33 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2013/08/12 16:25:46 | 000,017,624 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2013/08/09 17:39:30 | 000,651,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2013/07/31 09:04:44 | 000,273,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsP2Stor.sys -- (RSP2STOR)
DRV:64bit: - [2013/07/30 11:47:35 | 000,024,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2013/07/25 12:05:39 | 000,099,320 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2013/07/07 17:06:43 | 000,495,856 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2013/07/07 17:06:36 | 000,029,424 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Smb_driver_AMDASF.sys -- (SmbDrv)
DRV:64bit: - [2013/06/20 17:42:38 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/18 07:46:17 | 000,591,360 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2013/05/22 22:25:28 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symefa64.sys -- (SymEFA)
DRV:64bit: - [2013/05/20 22:02:00 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symds64.sys -- (SymDS)
DRV:64bit: - [2013/05/15 22:02:14 | 000,796,760 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/04/24 17:43:56 | 000,433,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/04/15 19:41:14 | 000,169,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/03/05 13:01:42 | 000,091,712 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/03/04 18:40:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/03/04 18:21:35 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/02/08 11:50:00 | 000,020,800 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WirelessButtonDriver64.sys -- (WirelessButtonDriver)
DRV:64bit: - [2012/09/24 13:40:56 | 000,043,840 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2012/09/24 13:40:56 | 000,031,040 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2012/08/24 18:38:28 | 000,043,832 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/24 03:59:56 | 000,540,160 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/07/24 02:35:12 | 000,079,528 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2012/07/24 02:35:12 | 000,026,280 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/07/17 21:59:12 | 000,098,472 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW86.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/06/23 07:23:38 | 000,199,008 | ---- | M] (AppEx Networks Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\appexDrv.sys -- (APXACC)
DRV:64bit: - [2012/06/20 14:27:30 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1404000.028\symelam.sys -- (SymELAM)
DRV:64bit: - [2012/06/19 07:07:50 | 000,057,000 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV - [2014/03/05 18:09:40 | 000,524,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20140307.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/02/14 09:18:02 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140309.024\ex64.sys -- (NAVEX15)
DRV - [2014/02/14 09:18:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20140309.024\eng64.sys -- (NAVENG)
DRV - [2014/01/09 19:48:03 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20140214.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/11/22 17:54:51 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/11/22 17:54:51 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {A3E8A141-FEC1-4AD5-B8CB-E356107037C4}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKLM\..\SearchScopes\{EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT3286042
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {A3E8A141-FEC1-4AD5-B8CB-E356107037C4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...0TR&pc=HPNTDFJS
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{468626F2-D8BD-4500-BE73-3AC5C3C89067}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sear
IE - HKCU\..\SearchScopes\{A3E8A141-FEC1-4AD5-B8CB-E356107037C4}: "URL" = http://search.condui...9562527230&UM=1
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....38,19854,0,75,0
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
IE - HKCU\..\SearchScopes\{EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@authentec.com/ffwloplugin: C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\ [2014/03/10 13:00:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFF [2013/10/09 09:26:10 | 000,000,000 | ---D | M]

[2013/09/19 17:21:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Margaret\AppData\Roaming\mozilla\Extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://gmail.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll
CHR - plugin: Simple Pass (Enabled) = C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll
CHR - plugin: Windows Live™ Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - Extension: Google Docs = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Website Logon = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo\6.0.100_0\
CHR - Extension: avast! Online Security = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2013.75_0\
CHR - Extension: Norton Identity Protection = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.7.3_0\
CHR - Extension: Google Wallet = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013/08/22 06:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (ScorpionSaver) - {10AD2C61-0898-4348-8600-14A342F22AC3} - C:\Program Files (x86)\ScorpionSaver\IECore.dll ()
O2 - BHO: (Fast Search) - {5AB7104A-B71F-49AD-9154-F7F8806AE848} - C:\Program Files (x86)\Surf Canyon\surfcanyon.dll (Surf Canyon Incorporated)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Absolute Notifier] C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe (Absolute Software)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [OtShot] C:\Program Files (x86)\OtShot\otshot.exe -minimize File not found
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Power2GoExpress8] C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe (CyberLink Corp.)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{356E7048-F00D-4160-9329-72AF06E27622}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41AB50BF-0FE2-4254-9904-16BB32F0341F}: DhcpNameServer = 172.168.0.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/03/10 13:10:28 | 000,000,000 | ---D | C] -- C:\Users\Margaret\AppData\Roaming\Malwarebytes
[2014/03/10 13:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2014/03/10 13:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/03/10 13:10:19 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\SysNative\drivers\mbam.sys
[2014/03/10 13:10:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2014/03/10 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/03/10 13:09:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/03/06 17:30:22 | 000,000,000 | ---D | C] -- C:\Users\Margaret\Documents\Payment Receipt — Unpaid Tolls_files
[2014/02/13 22:06:06 | 000,091,712 | ---- | C] (CyberLink) -- C:\WINDOWS\SysNative\drivers\CLVirtualDrive.sys
[2014/02/13 22:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2014/02/09 17:45:21 | 003,858,944 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\WINDOWS\SysNative\drivers\athwbx.sys

========== Files - Modified Within 30 Days ==========

[2014/03/10 13:36:04 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/10 13:10:22 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/10 13:09:54 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/03/10 13:02:12 | 000,956,476 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014/03/10 13:02:12 | 000,796,126 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014/03/10 13:02:12 | 000,161,346 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014/03/10 12:59:58 | 000,002,203 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/10 12:59:55 | 000,000,924 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/10 12:58:35 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014/03/10 12:57:15 | 000,017,408 | ---- | M] () -- C:\WINDOWS\SysNative\rpcnetp.exe
[2014/03/10 12:56:16 | 000,017,408 | ---- | M] () -- C:\WINDOWS\SysWow64\rpcnetp.dll
[2014/03/10 12:56:15 | 000,069,792 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\SysWow64\rpcnet.dll
[2014/03/10 12:56:03 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\HPCeeScheduleForMargaret.job
[2014/03/10 12:55:49 | 399,507,455 | -HS- | M] () -- C:\hiberfil.sys
[2014/03/10 12:55:49 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/03/10 12:55:40 | 000,017,408 | ---- | M] () -- C:\WINDOWS\SysWow64\rpcnetp.exe
[2014/03/10 12:55:36 | 000,029,336 | ---- | M] () -- C:\WINDOWS\SysNative\wpbbin.exe
[2014/02/26 00:37:27 | 000,093,635 | ---- | M] () -- C:\Users\Margaret\Documents\conference_event_schedule_3969.pdf
[2014/02/17 20:24:16 | 000,378,792 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014/02/12 15:14:06 | 000,171,684 | ---- | M] () -- C:\Users\Margaret\Documents\TurboTaxReturn2013.pdf

========== Files Created - No Company Name ==========

[2014/03/10 13:10:21 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/03/10 13:09:54 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/02/26 00:37:27 | 000,093,635 | ---- | C] () -- C:\Users\Margaret\Documents\conference_event_schedule_3969.pdf
[2014/02/15 19:32:19 | 000,385,614 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014/02/12 15:14:06 | 000,171,684 | ---- | C] () -- C:\Users\Margaret\Documents\TurboTaxReturn2013.pdf
[2014/02/11 20:39:24 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014/02/11 20:39:24 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014/02/02 18:10:07 | 000,930,400 | ---- | C] () -- C:\WINDOWS\SysWow64\PerfStringBackup.INI
[2014/02/02 18:07:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2014/02/02 18:06:22 | 000,017,408 | ---- | C] () -- C:\WINDOWS\SysWow64\rpcnetp.dll
[2014/02/02 18:05:10 | 000,017,408 | ---- | C] () -- C:\WINDOWS\SysWow64\rpcnetp.exe
[2014/02/02 18:01:59 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2013/12/13 11:23:56 | 000,204,952 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsvl.dat
[2013/12/13 11:23:54 | 000,157,144 | ---- | C] () -- C:\WINDOWS\SysWow64\ativvsva.dat
[2013/12/13 11:23:46 | 000,003,917 | ---- | C] () -- C:\WINDOWS\SysWow64\atipblag.dat
[2013/12/13 11:23:24 | 000,995,342 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_as32.exe
[2013/12/13 11:23:24 | 000,798,734 | ---- | C] () -- C:\WINDOWS\SysWow64\amdocl_ld32.exe
[2013/12/13 11:23:14 | 000,123,392 | ---- | C] () -- C:\WINDOWS\SysWow64\amdhdl32.dll
[2013/11/06 16:42:12 | 000,005,360 | ---- | C] () -- C:\WINDOWS\SysWow64\AdpeakProxy.ini
[2013/11/06 16:32:48 | 000,002,312 | ---- | C] () -- C:\WINDOWS\SysWow64\AdpeakProxyOff.ini
[2013/08/22 08:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013/08/22 08:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013/08/22 07:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013/08/22 00:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013/08/21 20:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013/08/21 16:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013/08/21 16:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012/07/25 13:22:54 | 000,982,240 | ---- | C] () -- C:\WINDOWS\SysWow64\igkrng500.bin
[2012/07/25 13:22:54 | 000,439,308 | ---- | C] () -- C:\WINDOWS\SysWow64\igcompkrng500.bin
[2012/07/25 13:22:54 | 000,092,356 | ---- | C] () -- C:\WINDOWS\SysWow64\igfcg500m.bin
[2012/05/10 17:35:16 | 000,029,184 | ---- | C] () -- C:\WINDOWS\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2014/02/02 19:03:02 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/11/23 04:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/11/23 01:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013/08/22 02:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013/08/21 19:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013/08/22 02:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/20 17:42:16 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Absolute Software
[2013/04/20 16:49:20 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\Synaptics
[2013/08/07 15:07:23 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\WebApp
[2013/11/26 11:41:45 | 000,000,000 | ---D | M] -- C:\Users\Margaret\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 220 bytes -> C:\Users\Margaret\SkyDrive:ms-properties

< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MGoforth

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
MGoforth

MGoforth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks, Gringo! I've pasted the results of both scans below. My laptop is working fine, but the Scorpion Saver is still on it.

# AdwCleaner v3.021 - Report created 10/03/2014 at 18:54:05
# Updated 10/03/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Margaret - MEGISAWESOME
# Running from : C:\Users\Margaret\Downloads\AdwCleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Conduit
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\otshot
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\otshot
Folder Deleted : C:\Program Files (x86)\ScorpionSaver
Folder Deleted : C:\Program Files (x86)\Surf Canyon
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Program Files\ScorpionSaver Services
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
File Deleted : C:\WINDOWS\SysWOW64\AdpeakProxy.ini
File Deleted : C:\WINDOWS\SysWOW64\AdpeakProxyOff.ini
File Deleted : C:\WINDOWS\System32\AdpeakProxy.ini
File Deleted : C:\WINDOWS\System32\AdpeakProxyOff.ini
File Deleted : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Deleted : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Deleted : C:\WINDOWS\System32\Tasks\LaunchApp

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bcjagnifjocnddgeknajocbkkhlgibem
Key Deleted : HKLM\SOFTWARE\Classes\AppID\surfcanyon.DLL
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite
Key Deleted : HKLM\SOFTWARE\Classes\surfcanyon.BhoSite.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3286042
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A3514F71-E63F-440B-8076-14226E21B2BF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BA3105E9-5DE6-4A1E-A819-6F5046AB67F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5AB7104A-B71F-49AD-9154-F7F8806AE848}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{68AD96A1-2A28-4841-ABD0-F5AA45F008C9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : HKCU\Software\Adpeak, Inc.
Key Deleted : HKCU\Software\ScorpionSaver
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ScorpionSaver
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Adpeak, Inc.
Key Deleted : HKLM\Software\caphyon
Key Deleted : HKLM\Software\CompeteInc
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Uniblue
Key Deleted : [x64] HKLM\SOFTWARE\Adpeak, Inc.
Key Deleted : [x64] HKLM\SOFTWARE\Scorpion Saver
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6E810AB6-F34E-49A3-A93F-9E503660F718}
Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v33.0.1750.146

[ File : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8604 octets] - [10/03/2014 18:43:03]
AdwCleaner[S0].txt - [7402 octets] - [10/03/2014 18:54:05]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7462 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Margaret on Mon 03/10/2014 at 19:01:05.16
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot
Failed to delete: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\otshot



~~~ Registry Keys

Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/10/2014 at 19:12:44.14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#4
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MGoforth

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#5
MGoforth

MGoforth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Gringo! Thanks for the quick reply. I just downloaded Combofix and tried to run it, but it says it can't run in compatibility mode. I don't have a clue how to fix that. I have Windows 8...
  • 0

#6
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MGoforth



Please download Farbar Recovery Scan Tool and save it to your desktop.


Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Gringo
  • 0

#7
MGoforth

MGoforth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Here is the log you requested. Thanks!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Margaret (administrator) on MEGISAWESOME on 15-03-2014 15:39:34
Running from C:\Users\Margaret\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\WINDOWS\system32\Hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
() C:\ProgramData\Rpcnet\Bin\rpcld.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
() C:\Windows\system32\valWBFPolicyService.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Absolute Software) C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
() C:\Program Files (x86)\Google\Update\Install\{490F8A48-8BC1-4085-AB04-6601C68BB4E7}\33.0.1750.154_33.0.1750.146_chrome_updater.exe
(Google Inc.) C:\WINDOWS\TEMP\CR_F7F31.tmp\setup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-07-07] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Absolute Notifier] - C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe [85864 2013-07-19] (Absolute Software)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [OtShot] - C:\Program Files (x86)\OtShot\otshot.exe -minimize
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-03-11] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-02-25] (Hewlett-Packard)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-4199577047-1279939757-2017272218-1002\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM - {EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPNTDFJS
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25

Chrome:
=======
CHR HomePage: hxxp://gmail.com/
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Simple Pass) - C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll ( HP)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Extension: (Google Docs) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-06]
CHR Extension: (Google Drive) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-06]
CHR Extension: (YouTube) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-06]
CHR Extension: (Google Search) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-06]
CHR Extension: (Website Logon) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2013-07-06]
CHR Extension: (avast! Online Security) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-07-06]
CHR Extension: (Google Wallet) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-06]
CHR HKCU\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\Margaret\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx [2013-07-06]
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-11]
CHR HKLM-x32\...\Chrome\Extension: [gpaiibklhaneknloaoccoidbaffjjlnb] - C:\Users\Margaret\AppData\Local\CRE\gpaiibklhaneknloaoccoidbaffjjlnb.crx [2014-03-11]

==================== Services (Whitelisted) =================

R2 AbsoluteNotifier; C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [11112 2013-07-19] (Absolute Software)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-03-11] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-03-11] (AVAST Software)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-02-02] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 rpcld; C:\ProgramData\Rpcnet\Bin\rpcld.exe [X]

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
U5 AppMgmt; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [28184 2014-03-11] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [78648 2014-03-11] (AVAST Software)
R1 aswNdisFlt; C:\Windows\system32\DRIVERS\aswNdisFlt.sys [440672 2014-03-11] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [92544 2014-03-11] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-11] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1038072 2014-03-11] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [421704 2014-03-11] (AVAST Software)
R3 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [80184 2014-03-11] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-03-11] ()
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-02] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [273040 2013-07-31] (Realtek Semiconductor Corp.)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-02] (Microsoft Corporation)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [29424 2013-07-07] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-02-08] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-15 15:39 - 2014-03-15 15:40 - 00016715 _____ () C:\Users\Margaret\Downloads\FRST.txt
2014-03-15 15:39 - 2014-03-15 15:39 - 02157056 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64.exe
2014-03-15 15:39 - 2014-03-15 15:39 - 00000000 ____D () C:\FRST
2014-03-15 15:38 - 2014-03-15 15:38 - 01145856 _____ (Farbar) C:\Users\Margaret\Downloads\FRST.exe
2014-03-15 15:27 - 2014-03-15 15:27 - 00003630 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8600
2014-03-15 15:26 - 2014-03-15 15:26 - 00002220 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2014-03-15 15:26 - 2014-03-15 15:26 - 00001172 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2014-03-15 15:26 - 2014-03-15 15:26 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-03-15 15:26 - 2014-03-15 15:26 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\HpUpdate
2014-03-15 15:26 - 2014-03-15 15:26 - 00000000 ____D () C:\Program Files\HP
2014-03-15 15:26 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\WINDOWS\system32\HPDiscoPM5912.dll
2014-03-15 15:10 - 2014-03-15 15:26 - 00000000 ____D () C:\ProgramData\HP
2014-03-15 15:10 - 2014-03-15 15:26 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-15 15:10 - 2014-03-15 15:11 - 06598344 _____ () C:\Users\Margaret\Downloads\HPPSdr.exe
2014-03-15 15:10 - 2014-03-15 15:11 - 00002028 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-03-15 15:05 - 2014-02-22 05:16 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-03-15 15:05 - 2014-02-22 04:24 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-03-12 16:49 - 2014-03-14 09:42 - 00000000 ____D () C:\Users\Margaret\Documents\PU
2014-03-12 09:35 - 2013-10-30 17:29 - 00236888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-03-12 09:35 - 2013-10-30 17:29 - 00124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-03-12 09:35 - 2013-10-30 17:28 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-03-12 09:30 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-03-12 09:30 - 2013-12-20 03:18 - 01643584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-03-12 09:30 - 2013-12-20 03:18 - 01507704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-03-12 09:29 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-03-12 09:29 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-03-12 09:29 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-03-12 09:29 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-03-12 09:29 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-03-12 09:29 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-03-12 09:29 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-03-12 09:29 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-03-12 09:29 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-03-12 09:29 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-03-12 09:29 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-03-12 09:29 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-03-12 09:29 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-03-12 09:29 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-03-12 09:29 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-03-12 09:29 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-03-12 09:29 - 2014-01-31 09:15 - 00311640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-03-12 09:29 - 2014-01-31 09:07 - 00233920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-03-12 09:29 - 2014-01-31 09:06 - 02133208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-03-12 09:29 - 2014-01-31 06:47 - 02143960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-03-12 09:29 - 2014-01-31 02:06 - 00716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-03-12 09:29 - 2014-01-29 02:55 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 09:29 - 2014-01-29 01:53 - 00458616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2014-03-12 09:29 - 2014-01-29 01:53 - 00407024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2014-03-12 09:29 - 2014-01-29 01:49 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-03-12 09:29 - 2014-01-29 01:47 - 02543960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-03-12 09:29 - 2014-01-29 00:44 - 01371824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-03-12 09:29 - 2014-01-29 00:44 - 00408480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2014-03-12 09:29 - 2014-01-29 00:44 - 00369280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2014-03-12 09:29 - 2014-01-28 23:41 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-03-12 09:29 - 2014-01-28 17:36 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-03-12 09:29 - 2014-01-27 12:07 - 04175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2014-03-12 09:29 - 2014-01-27 12:06 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-03-12 09:29 - 2014-01-27 12:04 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2014-03-12 09:29 - 2014-01-27 11:52 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-03-12 09:29 - 2014-01-27 11:23 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2014-03-12 09:29 - 2014-01-27 11:21 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-03-12 09:29 - 2014-01-27 11:20 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2014-03-12 09:29 - 2014-01-27 11:15 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-03-12 09:29 - 2014-01-27 10:43 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-03-12 09:29 - 2014-01-27 10:18 - 01486848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2014-03-12 09:29 - 2014-01-27 10:00 - 01238016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2014-03-12 09:29 - 2014-01-27 08:58 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-03-12 09:29 - 2014-01-27 08:50 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-03-12 09:29 - 2014-01-27 04:45 - 00386722 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-03-12 09:29 - 2014-01-17 16:04 - 00764864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-03-12 09:29 - 2014-01-17 14:54 - 00669352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-03-12 09:29 - 2013-12-21 07:51 - 06353960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2014-03-12 09:29 - 2013-12-21 01:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2014-03-12 09:24 - 2014-02-10 20:04 - 04189184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-03-12 09:24 - 2014-02-10 19:43 - 00488448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-03-12 09:24 - 2014-02-10 19:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-03-11 10:24 - 2014-03-11 10:24 - 01610576 _____ () C:\WINDOWS\PFRO.log
2014-03-11 10:11 - 2014-03-11 10:11 - 00440672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndisflt.sys
2014-03-11 10:11 - 2014-03-11 10:11 - 00002028 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-11 10:11 - 2014-03-11 10:11 - 00001968 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-11 10:11 - 2014-03-11 10:11 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\AVAST Software
2014-03-11 10:10 - 2014-03-11 10:11 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-03-11 10:10 - 2014-03-11 10:10 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-03-11 10:10 - 2014-03-11 10:10 - 00207904 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-11 10:10 - 2014-03-11 10:10 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-03-11 10:09 - 2014-03-11 10:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-11 10:07 - 2014-03-11 10:07 - 00001737 _____ () C:\Users\Margaret\Downloads\License.avastlic
2014-03-11 10:07 - 2014-03-11 10:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-11 10:04 - 2014-03-11 10:06 - 123721288 _____ (AVAST Software) C:\Users\Margaret\Downloads\avast_premier_antivirus_setup.exe
2014-03-11 09:59 - 2014-03-11 09:59 - 05188693 _____ (Swearware) C:\Users\Margaret\Downloads\ComboFix (1).exe
2014-03-11 09:57 - 2014-03-11 09:58 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-11 09:57 - 2014-03-11 09:57 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-11 09:56 - 2014-03-11 09:56 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-11 09:55 - 2014-03-11 09:56 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-11 09:55 - 2014-03-11 09:56 - 00000000 ____D () C:\Program Files\iTunes
2014-03-11 09:55 - 2014-03-11 09:56 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-11 09:55 - 2014-03-11 09:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-11 09:51 - 2014-03-11 09:51 - 05188693 ____R (Swearware) C:\Users\Margaret\Downloads\ComboFix.exe
2014-03-10 19:00 - 2014-03-10 19:00 - 01037734 _____ (Thisisu) C:\Users\Margaret\Downloads\JRT (1).exe
2014-03-10 18:42 - 2014-03-10 18:54 - 00000000 ____D () C:\AdwCleaner
2014-03-10 18:42 - 2014-03-10 18:42 - 01949184 _____ () C:\Users\Margaret\Downloads\AdwCleaner (1).exe
2014-03-10 18:42 - 2014-03-10 18:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-10 18:41 - 2014-03-10 18:41 - 01037734 _____ (Thisisu) C:\Users\Margaret\Downloads\JRT.exe
2014-03-10 18:40 - 2014-03-10 18:41 - 01949184 _____ () C:\Users\Margaret\Downloads\AdwCleaner.exe
2014-03-10 14:04 - 2014-03-10 14:04 - 00069300 _____ () C:\Users\Margaret\Downloads\Extras.Txt
2014-03-10 14:03 - 2014-03-10 14:03 - 00135840 _____ () C:\Users\Margaret\Downloads\OTL.Txt
2014-03-10 13:48 - 2014-03-10 13:48 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret\Downloads\OTL.exe
2014-03-10 13:10 - 2014-03-10 13:10 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\Malwarebytes
2014-03-10 13:10 - 2014-03-10 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 13:09 - 2014-03-10 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Margaret\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 13:09 - 2014-03-10 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Margaret\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-10 13:09 - 2014-03-10 13:09 - 04765152 _____ (Piriform Ltd) C:\Users\Margaret\Downloads\ccsetup411.exe
2014-02-15 19:32 - 2013-12-08 17:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-15 19:32 - 2013-12-08 17:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-15 19:32 - 2013-11-27 08:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-15 19:32 - 2013-11-27 08:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-15 19:32 - 2013-11-27 07:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-15 19:32 - 2013-11-27 06:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-15 19:32 - 2013-11-27 05:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-15 19:32 - 2013-11-27 03:54 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-15 19:32 - 2013-11-27 03:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-15 19:32 - 2013-11-27 03:08 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-15 19:32 - 2013-11-27 02:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-15 19:32 - 2013-11-27 02:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-15 19:32 - 2013-11-27 02:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-15 19:32 - 2013-11-27 02:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-15 19:32 - 2013-11-27 01:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-15 19:32 - 2013-11-27 01:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-15 19:32 - 2013-11-26 06:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-15 19:32 - 2013-11-26 06:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-15 19:32 - 2013-11-26 04:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-15 19:32 - 2013-11-26 02:21 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-15 19:32 - 2013-11-26 01:28 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-15 19:32 - 2013-11-24 18:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-15 19:32 - 2013-11-24 18:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-15 19:32 - 2013-11-24 16:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-15 19:32 - 2013-11-24 16:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-15 19:32 - 2013-11-23 05:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-15 19:32 - 2013-11-23 04:49 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-15 19:32 - 2013-11-23 01:19 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-15 19:32 - 2013-11-23 00:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-15 19:32 - 2013-11-23 00:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-15 19:32 - 2013-11-23 00:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-15 19:32 - 2013-11-22 21:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-15 19:32 - 2013-11-22 20:57 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-15 19:32 - 2013-11-22 20:48 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-15 19:32 - 2013-11-22 20:25 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-15 19:32 - 2013-11-22 20:25 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-15 19:32 - 2013-11-22 20:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-15 19:32 - 2013-11-22 20:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-15 19:32 - 2013-11-20 23:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-15 19:32 - 2013-11-20 23:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-15 19:32 - 2013-11-15 07:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-15 19:32 - 2013-11-15 07:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-15 19:32 - 2013-11-15 07:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-15 19:32 - 2013-11-15 06:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-15 19:32 - 2013-10-30 17:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-15 19:32 - 2013-10-30 16:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

==================== One Month Modified Files and Folders =======

2014-03-15 15:40 - 2014-03-15 15:39 - 00016715 _____ () C:\Users\Margaret\Downloads\FRST.txt
2014-03-15 15:40 - 2014-02-02 18:38 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E4BA31E0-5FE1-411E-B199-A7CF1A7ED8DB}
2014-03-15 15:40 - 2013-07-06 12:12 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 15:40 - 2013-07-06 12:11 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-15 15:39 - 2014-03-15 15:39 - 02157056 _____ (Farbar) C:\Users\Margaret\Downloads\FRST64.exe
2014-03-15 15:39 - 2014-03-15 15:39 - 00000000 ____D () C:\FRST
2014-03-15 15:38 - 2014-03-15 15:38 - 01145856 _____ (Farbar) C:\Users\Margaret\Downloads\FRST.exe
2014-03-15 15:38 - 2014-02-02 18:30 - 01389023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-15 15:33 - 2013-04-20 17:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4199577047-1279939757-2017272218-1002
2014-03-15 15:29 - 2013-07-01 17:39 - 00000000 ____D () C:\Users\Margaret\AppData\Local\HP
2014-03-15 15:27 - 2014-03-15 15:27 - 00003630 _____ () C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8600
2014-03-15 15:27 - 2012-08-17 12:53 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-03-15 15:26 - 2014-03-15 15:26 - 00002220 _____ () C:\Users\Public\Desktop\HP Officejet Pro 8600.lnk
2014-03-15 15:26 - 2014-03-15 15:26 - 00001172 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
2014-03-15 15:26 - 2014-03-15 15:26 - 00000057 _____ () C:\ProgramData\Ament.ini
2014-03-15 15:26 - 2014-03-15 15:26 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\HpUpdate
2014-03-15 15:26 - 2014-03-15 15:26 - 00000000 ____D () C:\Program Files\HP
2014-03-15 15:26 - 2014-03-15 15:10 - 00000000 ____D () C:\ProgramData\HP
2014-03-15 15:26 - 2014-03-15 15:10 - 00000000 ____D () C:\Program Files (x86)\HP
2014-03-15 15:25 - 2013-11-14 00:28 - 00956476 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-15 15:19 - 2014-02-02 18:42 - 00000000 __RDO () C:\Users\Margaret\SkyDrive
2014-03-15 15:19 - 2014-02-02 18:06 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.dll
2014-03-15 15:19 - 2014-02-02 18:05 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2014-03-15 15:19 - 2013-07-06 12:11 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-15 15:18 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-15 15:18 - 2013-08-22 07:44 - 00378792 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-15 15:18 - 2013-04-20 17:39 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\SysWOW64\rpcnet.dll
2014-03-15 15:17 - 2014-02-02 18:05 - 00017408 _____ () C:\WINDOWS\SysWOW64\rpcnetp.exe
2014-03-15 15:17 - 2014-02-02 18:04 - 00029336 _____ () C:\WINDOWS\system32\wpbbin.exe
2014-03-15 15:17 - 2013-10-30 17:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-15 15:17 - 2013-10-30 17:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-15 15:17 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-15 15:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 15:16 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-15 15:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-15 15:16 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-15 15:11 - 2014-03-15 15:10 - 06598344 _____ () C:\Users\Margaret\Downloads\HPPSdr.exe
2014-03-15 15:11 - 2014-03-15 15:10 - 00002028 _____ () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2014-03-15 15:02 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-15 14:57 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-14 09:42 - 2014-03-12 16:49 - 00000000 ____D () C:\Users\Margaret\Documents\PU
2014-03-12 16:29 - 2013-11-26 09:32 - 00000000 ____D () C:\Users\Margaret\Documents\PU Spring 2014
2014-03-12 09:36 - 2013-04-29 17:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-11 11:02 - 2012-08-17 12:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-11 10:52 - 2012-08-17 12:58 - 00000000 ____D () C:\ProgramData\CyberLink
2014-03-11 10:34 - 2013-07-15 12:13 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\CyberLink
2014-03-11 10:24 - 2014-03-11 10:24 - 01610576 _____ () C:\WINDOWS\PFRO.log
2014-03-11 10:24 - 2013-02-15 16:13 - 00000000 ____D () C:\ProgramData\Norton
2014-03-11 10:17 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-11 10:11 - 2014-03-11 10:11 - 00440672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswndisflt.sys
2014-03-11 10:11 - 2014-03-11 10:11 - 00002028 _____ () C:\Users\Public\Desktop\avast! SafeZone.lnk
2014-03-11 10:11 - 2014-03-11 10:11 - 00001968 _____ () C:\Users\Public\Desktop\avast! Premier.lnk
2014-03-11 10:11 - 2014-03-11 10:11 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\AVAST Software
2014-03-11 10:11 - 2014-03-11 10:10 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-03-11 10:10 - 2014-03-11 10:10 - 01038072 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00421704 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-03-11 10:10 - 2014-03-11 10:10 - 00207904 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00092544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00080184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00078648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-03-11 10:10 - 2014-03-11 10:10 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-03-11 10:10 - 2014-03-11 10:10 - 00028184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2014-03-11 10:09 - 2014-03-11 10:09 - 00000000 ____D () C:\Program Files\AVAST Software
2014-03-11 10:07 - 2014-03-11 10:07 - 00001737 _____ () C:\Users\Margaret\Downloads\License.avastlic
2014-03-11 10:07 - 2014-03-11 10:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-11 10:06 - 2014-03-11 10:04 - 123721288 _____ (AVAST Software) C:\Users\Margaret\Downloads\avast_premier_antivirus_setup.exe
2014-03-11 09:59 - 2014-03-11 09:59 - 05188693 _____ (Swearware) C:\Users\Margaret\Downloads\ComboFix (1).exe
2014-03-11 09:58 - 2014-03-11 09:57 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-11 09:57 - 2014-03-11 09:57 - 00000000 ____D () C:\WINDOWS\erdnt
2014-03-11 09:56 - 2014-03-11 09:56 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-03-11 09:56 - 2014-03-11 09:55 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-03-11 09:56 - 2014-03-11 09:55 - 00000000 ____D () C:\Program Files\iTunes
2014-03-11 09:56 - 2014-03-11 09:55 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-03-11 09:55 - 2014-03-11 09:55 - 00000000 ____D () C:\Program Files\iPod
2014-03-11 09:51 - 2014-03-11 09:51 - 05188693 ____R (Swearware) C:\Users\Margaret\Downloads\ComboFix.exe
2014-03-10 19:00 - 2014-03-10 19:00 - 01037734 _____ (Thisisu) C:\Users\Margaret\Downloads\JRT (1).exe
2014-03-10 18:54 - 2014-03-10 18:42 - 00000000 ____D () C:\AdwCleaner
2014-03-10 18:42 - 2014-03-10 18:42 - 01949184 _____ () C:\Users\Margaret\Downloads\AdwCleaner (1).exe
2014-03-10 18:42 - 2014-03-10 18:42 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-10 18:41 - 2014-03-10 18:41 - 01037734 _____ (Thisisu) C:\Users\Margaret\Downloads\JRT.exe
2014-03-10 18:41 - 2014-03-10 18:40 - 01949184 _____ () C:\Users\Margaret\Downloads\AdwCleaner.exe
2014-03-10 14:04 - 2014-03-10 14:04 - 00069300 _____ () C:\Users\Margaret\Downloads\Extras.Txt
2014-03-10 14:03 - 2014-03-10 14:03 - 00135840 _____ () C:\Users\Margaret\Downloads\OTL.Txt
2014-03-10 13:48 - 2014-03-10 13:48 - 00602112 _____ (OldTimer Tools) C:\Users\Margaret\Downloads\OTL.exe
2014-03-10 13:13 - 2014-02-02 18:04 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-10 13:10 - 2014-03-10 13:10 - 00000000 ____D () C:\Users\Margaret\AppData\Roaming\Malwarebytes
2014-03-10 13:10 - 2014-03-10 13:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-10 13:09 - 2014-03-10 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Margaret\Downloads\mbam-setup-1.75.0.1300.exe
2014-03-10 13:09 - 2014-03-10 13:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Margaret\Downloads\mbam-setup-1.75.0.1300 (1).exe
2014-03-10 13:09 - 2014-03-10 13:09 - 04765152 _____ (Piriform Ltd) C:\Users\Margaret\Downloads\ccsetup411.exe
2014-03-10 12:56 - 2013-05-06 19:04 - 00000370 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForMargaret.job
2014-03-10 12:55 - 2014-02-02 18:13 - 00000000 ____D () C:\Users\Margaret
2014-03-10 12:06 - 2013-12-16 20:42 - 00000000 ____D () C:\Users\Margaret\Documents\Job Stuff
2014-03-09 17:11 - 2013-05-06 19:04 - 00003190 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForMargaret
2014-03-09 17:11 - 2013-04-23 17:35 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-03-09 17:11 - 2013-04-23 17:35 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-04 15:53 - 2013-08-22 08:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-03-04 15:53 - 2013-08-22 08:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-28 23:05 - 2014-03-12 09:30 - 23133696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-28 21:58 - 2014-03-12 09:29 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-28 21:30 - 2014-03-12 09:29 - 17074688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-28 21:17 - 2014-03-12 09:29 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-28 20:54 - 2014-03-12 09:29 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-28 20:47 - 2014-03-12 09:29 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-28 20:42 - 2014-03-12 09:29 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-28 20:18 - 2014-03-12 09:29 - 13051904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-28 20:14 - 2014-03-12 09:29 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-12 09:29 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-28 20:03 - 2014-03-12 09:29 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-28 19:57 - 2014-03-12 09:29 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-28 19:38 - 2014-03-12 09:29 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-12 09:29 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-12 09:29 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-12 09:29 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-12 09:29 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-22 05:16 - 2014-03-15 15:05 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-02-22 04:24 - 2014-03-15 15:05 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-02-18 00:19 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-17 21:39 - 2013-04-20 16:51 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-17 21:39 - 2013-04-20 16:51 - 00000000 ___RD () C:\Users\Margaret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-17 20:22 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-17 20:21 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-17 20:21 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-16 10:49 - 2013-07-13 21:30 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 10:46 - 2013-04-23 18:48 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 22:06 - 2012-08-17 12:56 - 00000000 ____D () C:\ProgramData\install_clap
2014-02-13 22:03 - 2012-08-03 17:02 - 00000000 ____D () C:\SWSetup
2014-02-13 21:45 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 21:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 21:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera

Some content of TEMP:
====================
C:\Users\Margaret\AppData\Local\Temp\HPInstaller.exe
C:\Users\Margaret\AppData\Local\Temp\HPPSdr.exe
C:\Users\Margaret\AppData\Local\Temp\Quarantine.exe
C:\Users\Margaret\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_10613.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-03-12 09:29] - [2014-01-31 09:15] - 0311640 ____A (Microsoft Corporation) C85C075DE5B6D0FE116043054DE8EE02



LastRegBack: 2014-03-11 10:48

==================== End Of Log ============================

Attached Files


  • 0

#8
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MGoforth



I need you to download this script I have made for you --> Attached File  fixlist.txt   420bytes   125 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
  • 0

#9
MGoforth

MGoforth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Gringo! I ran the fix. Below is the result. Please let me know if I did it correctly or not. Thanks!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Margaret at 2014-03-17 15:22:45 Run:1
Running from C:\Users\Margaret\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Google Inc.) C:\WINDOWS\TEMP\CR_F7F31.tmp\setup.exe
C:\Users\Margaret\AppData\Local\Temp\HPInstaller.exe
C:\Users\Margaret\AppData\Local\Temp\HPPSdr.exe
C:\Users\Margaret\AppData\Local\Temp\Quarantine.exe
C:\Users\Margaret\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_10613.exe
ScorpionSaver (HKLM-x32\...\{9B65F9A3-9D24-452A-B6EF-1457D65E4259}) (Version: 1.0.0.0 - Adpeak, Inc.) <==== ATTENTION

*****************

C:\WINDOWS\TEMP\CR_F7F31.tmp\setup.exe => No running process found
C:\Users\Margaret\AppData\Local\Temp\HPInstaller.exe => Moved successfully.
C:\Users\Margaret\AppData\Local\Temp\HPPSdr.exe => Moved successfully.
C:\Users\Margaret\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Margaret\AppData\Local\Temp\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}_NIS_10613.exe => Moved successfully.

==== End of Fixlog ====
  • 0

#10
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MGoforth

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.





-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#11
MGoforth

MGoforth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks Gringo! I ran both programs and pasted the logs below. The computer is working fine. The pop ups and ads are gone, but Scorpion Saver is still in the programs list in control panel.



# AdwCleaner v3.022 - Report created 20/03/2014 at 13:17:48
# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Margaret - MEGISAWESOME
# Running from : C:\Users\Margaret\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Google Chrome v33.0.1750.154

[ File : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8604 octets] - [10/03/2014 18:43:03]
AdwCleaner[R1].txt - [871 octets] - [20/03/2014 13:15:19]
AdwCleaner[S0].txt - [7566 octets] - [10/03/2014 18:54:05]
AdwCleaner[S1].txt - [793 octets] - [20/03/2014 13:17:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [852 octets] ##########





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 x64
Ran by Margaret on Thu 03/20/2014 at 13:27:25.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\otshot



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EFBFB100-7480-4BB5-8D9D-70D2FDDEDEA5}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 03/20/2014 at 13:43:51.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello MGoforth

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#13
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts


Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
  • 0

#15
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP