Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Serious infection [Solved]


  • This topic is locked This topic is locked

#1
MarkJohnson

MarkJohnson

    Member

  • Member
  • PipPip
  • 12 posts

I have norton's Security Suite (comcast version) and malware byte's antimaware free (trial mode) and mbam finds 115 or so issues.  Norton finds nothing.

 

I have popups for Optimum PC Bost and Optimizer Pro v3.2 and other suspicious programs like WebEx Support Manger for Internet Explorer, and BCL easyConverter SDK 3 (Word Version) 64.

 

I have windows 7

Thanks for any help.

 

Here's my OTL.log generated with Quick Scan.

 

OTL logfile created on: 6/4/2014 4:22:22 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mark\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.91 Gb Total Physical Memory | 6.02 Gb Available Physical Memory | 76.12% Memory free
15.81 Gb Paging File | 13.65 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.35 Gb Total Space | 139.38 Gb Free Space | 62.41% Space Free | Partition Type: NTFS
 
Computer Name: MARK-ASUS | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/06/04 16:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2014/06/03 00:43:51 | 001,600,568 | ---- | M] () -- C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
PRC - [2014/05/13 16:40:56 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2014/04/27 23:29:05 | 003,873,784 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2014/03/14 12:38:52 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\n360.exe
PRC - [2014/02/04 18:32:24 | 007,805,936 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2014/02/04 16:56:28 | 007,142,320 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2014/01/20 19:57:40 | 002,234,144 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
PRC - [2014/01/20 19:57:07 | 001,593,632 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
PRC - [2013/10/10 12:41:26 | 001,102,192 | ---- | M] (Acronis International GmbH) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2012/09/19 00:45:40 | 000,505,872 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
PRC - [2012/09/19 00:45:35 | 000,374,560 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
PRC - [2012/09/19 00:45:35 | 000,295,440 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
PRC - [2012/09/19 00:45:30 | 000,078,352 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
PRC - [2012/09/19 00:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
PRC - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/06/03 00:43:51 | 001,600,568 | ---- | M] () -- C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
MOD - [2014/05/13 16:40:54 | 000,414,536 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll
MOD - [2014/05/13 16:40:50 | 004,217,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
MOD - [2014/05/13 16:40:45 | 000,716,616 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
MOD - [2014/05/13 16:40:44 | 000,126,280 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
MOD - [2014/05/13 16:40:43 | 001,732,424 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
MOD - [2014/03/21 22:07:38 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll
MOD - [2014/03/21 22:07:37 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll
MOD - [2014/03/21 22:07:37 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll
MOD - [2014/03/21 22:07:32 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll
MOD - [2014/03/21 22:07:31 | 007,662,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll
MOD - [2014/03/21 22:07:31 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll
MOD - [2014/03/21 22:07:27 | 010,060,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll
MOD - [2014/03/21 22:07:24 | 000,198,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\92e9bacef49552a4485fbb7523782133\CustomMarshalers.ni.dll
MOD - [2014/03/21 22:07:23 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2014/02/04 18:25:56 | 000,028,992 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
MOD - [2014/02/04 18:25:52 | 000,036,672 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
MOD - [2011/08/23 19:39:11 | 000,655,360 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
MOD - [2011/08/23 19:39:11 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ctypes.pyd
MOD - [2011/08/23 19:39:11 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/21 19:58:48 | 000,019,456 | ---- | M] (Silicondust USA Inc) [Auto | Running] -- C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe -- (HDHomeRun Service)
SRV:64bit: - [2014/01/20 19:56:53 | 016,939,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV:64bit: - [2013/07/03 15:19:06 | 000,263,168 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe -- (becldr3Service)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 02:22:38 | 000,193,288 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel®
SRV:64bit: - [2009/07/13 18:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014/05/29 10:36:52 | 000,543,424 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/05/11 16:36:51 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/27 23:29:05 | 003,873,784 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2014/03/14 12:38:52 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\N360.exe -- (N360)
SRV - [2014/02/04 16:56:28 | 007,142,320 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2014/01/20 19:57:07 | 001,593,632 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe -- (NvNetworkService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/07/18 11:52:00 | 001,142,584 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2012/09/19 00:45:35 | 000,295,440 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/09/19 00:45:30 | 000,078,352 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2012/09/19 00:45:12 | 000,090,640 | ---- | M] (CyberLink Corp.) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/05/02 21:02:16 | 000,164,864 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)
SRV - [2011/10/17 15:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe -- (HP DS Service)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/06/04 16:15:28 | 000,122,584 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/05/01 11:19:22 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/04/27 23:29:05 | 001,464,096 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2014/04/27 23:29:05 | 001,120,032 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
DRV:64bit: - [2014/04/27 23:29:05 | 000,367,200 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2014/04/27 23:29:05 | 000,269,600 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2014/04/27 23:29:05 | 000,198,432 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:64bit: - [2014/04/27 23:29:05 | 000,161,568 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vididr.sys -- (vididr)
DRV:64bit: - [2014/04/27 23:29:05 | 000,117,024 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vidsflt.sys -- (vidsflt)
DRV:64bit: - [2014/04/27 23:29:04 | 000,116,000 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:64bit: - [2014/03/03 21:18:12 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/02/17 18:32:41 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/02/12 18:59:49 | 000,875,736 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/12/27 11:42:26 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013/10/27 09:12:42 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013/10/01 19:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/26 19:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/25 19:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 19:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\symds64.sys -- (SymDS)
DRV:64bit: - [2013/09/09 18:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1502000.026\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/05/30 08:54:39 | 000,495,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1d62x64.sys -- (e1dexpress)
DRV:64bit: - [2013/03/27 10:10:35 | 000,495,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1q62x64.sys -- (e1qexpress)
DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2014/05/09 18:07:23 | 001,530,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/05/01 08:55:26 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140603.018\ex64.sys -- (NAVEX15)
DRV - [2014/05/01 08:55:26 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140603.018\eng64.sys -- (NAVENG)
DRV - [2014/05/01 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/04/30 15:39:20 | 000,525,016 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140603.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/09/19 16:12:50 | 000,147,704 | ---- | M] (CyberLink Corp.) [2014/05/29 00:21:01] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({73526619-C24F-470B-9BED-53D455FBB5C6})
DRV - [2012/06/20 02:35:49 | 000,083,704 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1124367722&ir=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = http://speedial.com/...=1124367722&ir=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Speedial"
FF - prefs.js..browser.search.selectedEngine: "Trovi search"
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.8.26
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/05/01 11:19:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/06/04 16:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2014/03/24 03:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Extensions
[2014/05/30 13:17:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default\extensions
[2014/05/30 12:55:15 | 000,533,329 | ---- | M] () (No name found) -- C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2014/05/11 16:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2014/05/11 16:36:51 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Trovi search (Enabled)
CHR - default_search_provider: search_url = http://www.trovi.com...rchTerms}&SSPV=
CHR - default_search_provider: suggest_url = ,
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.6_0\
CHR - Extension: Google Drive = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.8.3_0\
CHR - Extension: Google Search = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: DoNotTrackMe: Online Privacy Protection = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\3.2.1095_0\
CHR - Extension: Norton Identity Safe for Google Chromeâ„¢ = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.7.0.47_0\
CHR - Extension: Ghostery = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\5.3.0_0\
CHR - Extension: Google Wallet = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Gmail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\ips\ipsbho.dll (Symantec Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.2.0.38\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.2.0.38\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis International GmbH)
O4 - HKLM..\Run: [PowerDVD12Agent] C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PowerDVD12DMREngine] C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe (CyberLink)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Software Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0758978B-22B3-416C-8FD6-F60C9B8ADE78}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E455FBE6-8DB3-4264-A6FF-9A6004E0F91E}: DhcpNameServer = 192.168.1.1
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2b7e4890-d1bc-11e3-9b21-74d02b7e70ba}\Shell - "" = AutoRun
O33 - MountPoints2\{2b7e4890-d1bc-11e3-9b21-74d02b7e70ba}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{89cd9b16-b0d3-11e3-8bba-f0ec66666b11}\Shell - "" = AutoRun
O33 - MountPoints2\{89cd9b16-b0d3-11e3-8bba-f0ec66666b11}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/04 16:21:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2014/06/04 09:30:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\CrashDumps
[2014/06/03 23:17:39 | 000,000,000 | ---D | C] -- C:\MGlogs
[2014/06/03 18:32:09 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Optimizer Pro
[2014/06/03 18:32:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
[2014/06/03 18:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimizer Pro
[2014/06/03 18:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Uninstaller! 7
[2014/06/03 18:31:52 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\SearchProtect
[2014/06/03 18:31:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller! 7
[2014/06/03 18:31:48 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\URSoft
[2014/06/03 18:31:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\OptimumPcBoost
[2014/06/03 18:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimum PC Boost
[2014/06/03 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Optimum PC Boost
[2014/06/03 18:31:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2014/06/03 17:05:16 | 004,176,736 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2014/06/03 08:45:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2014/06/03 08:45:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2014/06/01 12:45:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/06/01 12:43:06 | 001,016,261 | ---- | C] (Thisisu) -- C:\Users\Mark\Desktop\JRT.exe
[2014/06/01 09:53:03 | 000,000,000 | ---D | C] -- C:\MGtools
[2014/06/01 09:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014/06/01 09:02:38 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2014/06/01 08:53:44 | 010,971,424 | ---- | C] (SurfRight B.V.) -- C:\Users\Mark\Desktop\HitmanPro_x64.exe
[2014/06/01 08:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/06/01 08:47:24 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/05/31 22:06:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
[2014/05/31 22:06:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImageWriter
[2014/05/30 14:02:38 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\( uploadMB.com ) MultipleLandmarks
[2014/05/30 13:26:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\( uploadMB.com ) ProcsKalonePackagev098p - Installer
[2014/05/30 12:51:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2014/05/30 12:51:58 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\WinZip
[2014/05/30 12:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2014/05/30 12:51:56 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2014/05/29 20:52:42 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\uTorrent
[2014/05/29 20:29:43 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2014/05/29 00:22:10 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\CyberLink
[2014/05/29 00:21:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\MediaServer
[2014/05/29 00:21:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2014/05/29 00:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\PDVD
[2014/05/29 00:20:59 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\CyberLink
[2014/05/29 00:20:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\CyberLink
[2014/05/29 00:20:56 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
[2014/05/29 00:20:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2014/05/29 00:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2014/05/29 00:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2014/05/29 00:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2014/05/28 22:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2014/05/28 22:12:16 | 000,061,216 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/05/28 22:12:16 | 000,052,056 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/05/15 07:14:20 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\IsolatedStorage
[2014/05/15 07:14:19 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Family Tree Maker
[2014/05/15 07:13:37 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Ancestry.com
[2014/05/15 07:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2014
[2014/05/15 07:13:30 | 000,000,000 | ---D | C] -- C:\Program Files\Family Tree Maker 2014
[2014/05/15 07:13:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BCL easyConverter SDK 3
[2014/05/15 07:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\BCL Technologies
[2014/05/15 07:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BCL Technologies
[2014/05/15 07:12:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
[2014/05/15 07:12:15 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\PackageAware
[2014/05/11 16:36:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014/05/08 08:47:07 | 000,122,584 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/05/08 08:46:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/05/08 08:46:55 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/08 08:46:55 | 000,063,704 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/08 08:46:55 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2014/05/08 08:46:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/05/08 08:46:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/05/08 08:46:39 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/04 16:21:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2014/06/04 16:21:26 | 000,781,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/06/04 16:21:26 | 000,661,656 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/06/04 16:21:26 | 000,121,524 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/06/04 16:15:28 | 000,122,584 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/06/04 16:15:19 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/04 16:15:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/04 16:15:13 | 2073,165,823 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/04 09:40:37 | 000,016,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 09:40:37 | 000,016,880 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/04 09:31:38 | 000,215,367 | ---- | M] () -- C:\Users\Mark\Desktop\MGlogs.zip
[2014/06/04 09:31:38 | 000,215,367 | ---- | M] () -- C:\MGlogs.zip
[2014/06/03 23:07:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/06/03 18:32:07 | 000,001,062 | ---- | M] () -- C:\Users\Mark\Desktop\Optimizer Pro.lnk
[2014/06/03 18:31:54 | 000,001,072 | ---- | M] () -- C:\Users\Mark\Desktop\Your Unin-staller!.lnk
[2014/06/03 18:31:46 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Optimum PC Boost.lnk
[2014/06/03 17:05:16 | 004,176,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mark\Desktop\TDSSKiller.exe
[2014/06/03 08:45:11 | 000,001,264 | ---- | M] () -- C:\Users\Mark\Desktop\Revo Uninstaller.lnk
[2014/06/02 12:25:30 | 005,230,080 | ---- | M] () -- C:\Users\Mark\Desktop\RogueKillerX64.exe
[2014/06/01 12:43:07 | 001,016,261 | ---- | M] (Thisisu) -- C:\Users\Mark\Desktop\JRT.exe
[2014/06/01 08:54:57 | 001,990,574 | ---- | M] () -- C:\MGtools.exe
[2014/06/01 08:54:17 | 010,971,424 | ---- | M] (SurfRight B.V.) -- C:\Users\Mark\Desktop\HitmanPro_x64.exe
[2014/06/01 08:47:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/31 22:06:14 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Win32DiskImager.lnk
[2014/05/31 20:09:09 | 005,298,672 | ---- | M] () -- C:\Users\Mark\Documents\Resolved Security Risks.mcf
[2014/05/30 12:57:54 | 000,001,102 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/05/30 12:51:59 | 000,002,277 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/29 20:53:48 | 000,000,851 | ---- | M] () -- C:\Users\Mark\Desktop\µTorrent.lnk
[2014/05/29 20:53:48 | 000,000,831 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/05/29 20:31:32 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014/05/29 20:31:32 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2014/05/29 00:20:56 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2014/05/29 00:19:51 | 125,163,904 | ---- | M] () -- C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
[2014/05/28 22:08:38 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/19 19:44:03 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2014/05/19 19:44:03 | 000,052,056 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2014/05/19 19:44:03 | 000,026,069 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2014/05/15 07:13:31 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
[2014/05/14 16:49:42 | 003,774,821 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/05/12 07:26:10 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014/05/12 07:26:00 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/05/12 07:25:56 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014/06/03 18:32:07 | 000,001,062 | ---- | C] () -- C:\Users\Mark\Desktop\Optimizer Pro.lnk
[2014/06/03 18:31:54 | 000,001,072 | ---- | C] () -- C:\Users\Mark\Desktop\Your Unin-staller!.lnk
[2014/06/03 18:31:46 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Optimum PC Boost.lnk
[2014/06/03 08:45:11 | 000,001,264 | ---- | C] () -- C:\Users\Mark\Desktop\Revo Uninstaller.lnk
[2014/06/02 12:25:27 | 005,230,080 | ---- | C] () -- C:\Users\Mark\Desktop\RogueKillerX64.exe
[2014/06/01 09:55:28 | 000,215,367 | ---- | C] () -- C:\Users\Mark\Desktop\MGlogs.zip
[2014/06/01 09:53:04 | 000,215,367 | ---- | C] () -- C:\MGlogs.zip
[2014/06/01 08:55:02 | 001,990,574 | ---- | C] () -- C:\MGtools.exe
[2014/06/01 08:47:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/05/31 22:06:14 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Win32DiskImager.lnk
[2014/05/31 20:09:08 | 005,298,672 | ---- | C] () -- C:\Users\Mark\Documents\Resolved Security Risks.mcf
[2014/05/30 12:51:59 | 000,002,277 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2014/05/29 20:53:48 | 000,000,851 | ---- | C] () -- C:\Users\Mark\Desktop\µTorrent.lnk
[2014/05/29 20:53:48 | 000,000,831 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2014/05/29 20:35:20 | 3581,853,696 | ---- | C] () -- C:\Users\Mark\Desktop\en_windows_8_x64_dvd_915440.iso
[2014/05/29 20:26:51 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014/05/29 20:26:51 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2014/05/29 00:20:56 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
[2014/05/29 00:19:33 | 125,163,904 | ---- | C] () -- C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
[2014/05/28 22:12:20 | 003,774,821 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2014/05/28 22:11:32 | 000,026,069 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2014/05/15 07:13:31 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
[2014/05/08 08:46:56 | 000,001,102 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/08 10:39:02 | 008,673,792 | ---- | C] () -- C:\ProgramData\atscie.msi
[2014/04/03 10:24:04 | 000,316,928 | ---- | C] () -- C:\Windows\SysWow64\hpcc3117.DLL
[2014/03/24 04:02:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2014/03/23 22:14:03 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014/03/21 22:01:46 | 000,773,536 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/24 19:43:12 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/24 19:09:54 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/04/27 23:29:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Acronis
[2014/06/01 08:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Azureus
[2014/06/03 18:32:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Optimizer Pro
[2014/06/03 18:32:08 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OptimumPcBoost
[2014/03/28 20:37:11 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Origin
[2014/06/03 18:31:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\URSoft
[2014/06/01 08:49:06 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\uTorrent
[2014/04/15 19:39:54 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Warner Bros. Interactive Entertainment
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:1CE11B51
 
< End of report >
 

  • 0

Advertisements


#2
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Greetings! welcome.gif
 
My name's Naathim, I'm a GeekU Minion and I'm pleased to meet you!
Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat :)
I know that it is quite frustrating to have an infected machine because I was once in your shoes. Don't worry! Maybe I'm not a super-human, I don't know everything nor I am limitless, but I promise to do my best to fix your issues!
 
Here are some notes that should make our work faster and easier, please take a look and stay familiar with them :happy:
 

icon_exclaim.gif

 
icon_arrow.gif Malware removal is a long-time process due to tough analysis and research. Stay with me until I say we're done.
icon_arrow.gif Read my instructions completely before proceeding and always run the tools in the order given!
icon_arrow.gifDon't try to fix anything on your own or run any other tools. They may interfere what may lead to prevent your System from the next boot-up.
icon_arrow.gif To make my work easier post the logs directly in your replies, unless asked to attach them.
 

icon_question.gif

 
icon_idea.gifIf any unexpected problem will appear, interrupt processing and return here with a note!
icon_idea.gifNever be afraid to ask if in doubt!
 
Now that we have formalities out of the way, let's get started! :rockon:
 
 
As you said: 

mbam finds 115 or so issues

 
Please post me here the latest log from MBAM and we will go on from there. To do so:
 

Open Malwarebytes' Anti-Malware and go to the History tab.
 
On the left panel choose Application logs:

tq7qi6z6.png

 
Select the last one Scan log and click View.
 
At the bottom please click Export and pick up text file from the menu:

p84ykoav.png

 
icon_arrow.gif Save this file to your desktop and post it into your next reply for my review.
 
 
Cheers,
Naat :)
 

 


  • 1

#3
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Here's the latest mbam I ran earlier.  It reports a trovi PUP that I didn't remove yet.

Attached Files

  • Attached File  mbam.log   1.37KB   73 downloads

  • 0

#4
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 

Thanks for the MBAM log, but there are only two little points there. I'd like you to go to the MBAM history once more and search there for a log containing the numerous threats, as mentioned earlier. Knowing them would really help in my analysis.

 

Also please search for the Extras.txt logfile which should be located on your desktop and post it here as well.

 

Please, do not attach the logs. Post them directly in your replies, it will make my work easier.

I don't mind multiple posts if necessary.

 

Cheers,

Naat :)


  • 0

#5
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Here's the new mbam log file.

Attached Files

  • Attached File  mbam.log   18.29KB   90 downloads

  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi  :)

 

 

I've spotted signs of a P2P program installed on your machine.
uTorrent
Azureus
 

icon_exclaim.gifBe warned:

P2P programs, as they are legal itself, are often used to obtain some illegal downloads. Currently it's one of the best ways to get infected: unsecured ports, downloaded cracks... There have been some extreme cases in which passwords, private or financial data was exposed to file sharing network because of bad P2P configuration.

 

 
I'm rather sure that if you'll continue using P2P, you'll be often visiting our Malware Removal Forum.
I strongly recommend full uninstallation of any P2P apps (if so, please do it from the Control Panel > Add/Remove Programs), but if you want to leave them on your OS (cause this is optional), at least please refrain from using it until we finish our work with cleaning your computer now.

My friendly advice: at least, when downloading any files from P2P network, scan them at Jotti or VirScan.

 
 

= = = = = = = = = = = = = = = = = = = =

 
 
Performing general FRST scan
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

  • Right click on 12579.gif to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). 
  • When the tool opens click Yes to disclaimer.
  • You will be presented with a window like below:

FRSTconsole-2.jpg

 

 

  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 
 
 
Please do not attach the logfiles!
This makes my work really harder. Just copy their content (Ctrl+A -> Ctrl+C) and paste it  (Ctrl+V) directly into your post.
 
I don't mind multiple posts if necessary.
 
Cheers,
Naat  :)

  • 0

#7
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Mark (administrator) on MARK-ASUS on 05-06-2014 13:24:27
Running from C:\Users\Mark\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2014-03-23] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-09-19] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-09-19] (CyberLink Corp.)
HKU\S-1-5-21-148807833-3385514544-1937127755-1000\...\MountPoints2: {2b7e4890-d1bc-11e3-9b21-74d02b7e70ba} - G:\LaunchU3.exe -a
HKU\S-1-5-21-148807833-3385514544-1937127755-1000\...\MountPoints2: {89cd9b16-b0d3-11e3-8bba-f0ec66666b11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...=1124367722&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...=1124367722&ir=
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Trovi search
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: NoScript - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-02]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-02]
CHR Extension: (Adblock Plus) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-02]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-02]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-04-02]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-01]
CHR Extension: (Ghostery) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]
 
==================== Services (Whitelisted) =================
 
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-09-19] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-09-19] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-09-19] (CyberLink)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [19456 2014-01-21] (Silicondust USA Inc)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-01] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140604.002\IDSvia64.sys [525016 2014-04-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.004\ENG64.SYS [126040 2014-05-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.004\EX64.SYS [2099288 2014-05-01] (Symantec Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-04-27] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-04-27] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-04-27] (Acronis International GmbH)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-09-19] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-05 13:24 - 2014-06-05 13:24 - 00016309 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-06-05 13:24 - 2014-06-05 13:24 - 00000000 ____D () C:\FRST
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-06-05 12:42 - 2014-06-05 12:42 - 00003608 _____ () C:\Users\Mark\Downloads\SyeWcnKq.txt
2014-06-04 19:09 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-04 19:07 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-04 17:32 - 2014-06-05 08:00 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.log
2014-06-04 16:24 - 2014-06-04 16:24 - 00098582 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-06-04 16:24 - 2014-06-04 16:24 - 00049474 _____ () C:\Users\Mark\Desktop\Extras.Txt
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Downloads\OTL.exe
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-06-04 09:30 - 2014-06-04 09:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-06-03 23:23 - 2014-06-03 23:23 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.txt
2014-06-03 23:14 - 2014-06-03 23:14 - 00330986 _____ () C:\Users\Mark\Desktop\HitmanPro_20140603_2314.log
2014-06-03 23:09 - 2014-06-03 23:09 - 04156051 _____ () C:\Users\Mark\Downloads\tdsskiller.zip
2014-06-03 23:08 - 2014-06-03 23:08 - 00003385 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06032014_230801.log
2014-06-03 18:31 - 2014-06-04 19:08 - 00000000 ____D () C:\Program Files (x86)\Optimum PC Boost
2014-06-03 18:31 - 2014-06-04 19:03 - 00003934 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2014-06-03 18:31 - 2014-06-04 19:03 - 00003504 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2014-06-03 18:31 - 2014-06-03 18:32 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\OptimumPcBoost
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\URSoft
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Local\SearchProtect
2014-06-03 18:20 - 2014-06-04 09:13 - 00029306 _____ () C:\Windows\PFRO.log
2014-06-03 17:05 - 2014-06-03 17:05 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Desktop\TDSSKiller.exe
2014-06-03 08:45 - 2014-06-03 08:45 - 00001264 _____ () C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2014-06-03 08:45 - 2014-06-03 08:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 08:44 - 2014-06-03 08:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mark\Downloads\revosetup.exe
2014-06-02 17:19 - 2014-06-02 17:20 - 00000632 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-06-02 17:13 - 2014-06-02 17:13 - 00001382 _____ () C:\Users\Mark\Desktop\HitmanPro_20140602_1713.log
2014-06-02 12:45 - 2014-06-02 12:45 - 00003350 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06022014_124243.log
2014-06-02 12:25 - 2014-06-02 12:25 - 05230080 _____ () C:\Users\Mark\Desktop\RogueKillerX64.exe
2014-06-01 13:33 - 2014-06-01 13:33 - 00004400 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_133145.log
2014-06-01 12:45 - 2014-06-01 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 12:43 - 2014-06-01 12:43 - 01016261 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-06-01 09:55 - 2014-06-04 09:31 - 00215367 _____ () C:\Users\Mark\Desktop\MGlogs.zip
2014-06-01 09:53 - 2014-06-04 09:31 - 00215367 _____ () C:\MGlogs.zip
2014-06-01 09:53 - 2014-06-04 09:31 - 00000000 ____D () C:\MGtools
2014-06-01 09:51 - 2014-06-01 09:51 - 00001718 _____ () C:\Users\Mark\Desktop\HitmanPro_20140601_0951.log
2014-06-01 09:42 - 2014-06-01 09:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-01 09:33 - 2014-06-01 09:33 - 00001607 _____ () C:\mbam.txt
2014-06-01 09:26 - 2014-06-01 09:26 - 00002880 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_092436.log
2014-06-01 09:02 - 2014-06-01 09:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-01 08:58 - 2014-06-05 12:19 - 00004704 _____ () C:\Windows\setupact.log
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 08:55 - 2014-06-01 08:54 - 01990574 _____ () C:\MGtools.exe
2014-06-01 08:54 - 2014-06-01 08:54 - 01990574 _____ () C:\Users\Mark\Downloads\MGtools.exe
2014-06-01 08:53 - 2014-06-01 08:54 - 10971424 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro_x64.exe
2014-06-01 08:47 - 2014-06-01 08:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 08:47 - 2014-06-01 08:47 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 08:46 - 2014-06-01 08:46 - 04748896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup414.exe
2014-05-31 22:21 - 2014-05-31 22:25 - 00000000 ____D () C:\Users\Mark\Downloads\Anger.Management.S02E62.720p.HDTV.X264-DIMENSION [PublicHD]
2014-05-31 22:06 - 2014-05-31 22:07 - 346027063 _____ () C:\Users\Mark\Downloads\ChromeOS-Vanilla-4028.0.2013_04_20_1810-r706c4144.zip
2014-05-31 22:06 - 2014-05-31 22:06 - 00001063 _____ () C:\Users\Public\Desktop\Win32DiskImager.lnk
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\Program Files (x86)\ImageWriter
2014-05-31 22:05 - 2014-05-31 22:05 - 12290974 _____ (ImageWriter Developers ) C:\Users\Mark\Downloads\Win32DiskImager-0.9.5-install.exe
2014-05-31 20:46 - 2014-05-31 20:46 - 00002234 _____ () C:\Users\Mark\Documents\Resolved Security Risks.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 05298672 _____ () C:\Users\Mark\Documents\Resolved Security Risks.mcf
2014-05-30 14:02 - 2014-05-30 14:02 - 00002657 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) MultipleLandmarks.rar
2014-05-30 14:02 - 2014-05-30 14:02 - 00000000 ____D () C:\Users\Mark\Documents\( uploadMB.com ) MultipleLandmarks
2014-05-30 12:51 - 2014-05-30 13:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\WinZip
2014-05-30 12:51 - 2014-05-30 13:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\Program Files\WinZip
2014-05-30 12:45 - 2014-05-30 12:45 - 03405129 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) ProcsKalonePackagev098p - Installer.rar
2014-05-29 20:56 - 2014-05-29 21:09 - 4115013632 _____ () C:\Users\Mark\Downloads\en_windows_8.1_with_update_x64_dvd_4065090.iso
2014-05-29 20:53 - 2014-05-29 20:53 - 00000851 _____ () C:\Users\Mark\Desktop\µTorrent.lnk
2014-05-29 20:53 - 2014-05-29 20:53 - 00000831 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-29 20:52 - 2014-06-01 08:49 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\uTorrent
2014-05-29 20:52 - 2014-05-29 20:52 - 01671504 _____ (BitTorrent Inc.) C:\Users\Mark\Downloads\uTorrent.exe
2014-05-29 20:35 - 2012-10-13 18:27 - 3581853696 _____ () C:\Users\Mark\Desktop\en_windows_8_x64_dvd_915440.iso
2014-05-29 20:29 - 2014-05-29 20:31 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-05-29 20:26 - 2014-05-29 20:31 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-29 20:26 - 2014-05-29 20:31 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-29 00:22 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\MediaServer
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\ProgramData\PDVD
2014-05-29 00:20 - 2014-06-03 18:45 - 00000000 ____D () C:\ProgramData\Temp
2014-05-29 00:20 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-29 00:20 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\install_clap
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-29 00:19 - 2014-05-29 00:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-29 00:19 - 2014-05-29 00:19 - 125163904 _____ () C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
2014-05-28 22:12 - 2014-05-28 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 22:12 - 2014-05-19 19:44 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-28 22:12 - 2014-05-19 19:44 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-28 22:12 - 2014-05-19 18:25 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-28 22:12 - 2014-05-14 16:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-28 22:11 - 2014-05-19 19:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-28 22:11 - 2014-05-19 19:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\Documents\Family Tree Maker
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\IsolatedStorage
2014-05-15 07:13 - 2014-05-15 07:14 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:13 - 00000946 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000940 _____ () C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Users\Mark\AppData\Local\Ancestry.com
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2014
2014-05-15 07:12 - 2014-05-15 07:13 - 00000000 ___HD () C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Users\Mark\AppData\Local\PackageAware
2014-05-15 07:11 - 2014-05-15 07:12 - 00000000 ____D () C:\Users\Mark\Downloads\Family Tree Maker 2014
2014-05-14 12:51 - 2014-05-14 12:51 - 19158336 _____ () C:\Users\Mark\Downloads\PRO2K3XP_32.exe
2014-05-14 12:45 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 12:45 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 12:45 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 12:45 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 12:45 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 12:45 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:43 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:43 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:43 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:43 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:43 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:43 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:43 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:43 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:43 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:43 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:43 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:43 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:43 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:43 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:43 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 16:36 - 2014-05-11 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 08:47 - 2014-06-05 12:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 08:46 - 2014-05-30 12:57 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 08:46 - 2014-05-30 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 08:46 - 2014-05-30 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-08 08:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 08:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 08:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 08:46 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-08 08:46 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 08:45 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-05 13:24 - 2014-06-05 13:24 - 00016309 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-06-05 13:24 - 2014-06-05 13:24 - 00000000 ____D () C:\FRST
2014-06-05 13:24 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\Mark\AppData\Local\Temp
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-06-05 13:07 - 2014-04-02 19:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 12:42 - 2014-06-05 12:42 - 00003608 _____ () C:\Users\Mark\Downloads\SyeWcnKq.txt
2014-06-05 12:33 - 2014-05-08 08:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 12:25 - 2009-07-13 22:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 12:22 - 2014-03-21 13:37 - 01704454 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 12:19 - 2014-06-01 08:58 - 00004704 _____ () C:\Windows\setupact.log
2014-06-05 12:19 - 2014-04-02 19:50 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 12:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 08:06 - 2009-07-13 21:45 - 00016880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 08:06 - 2009-07-13 21:45 - 00016880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 08:00 - 2014-06-04 17:32 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.log
2014-06-04 21:21 - 2014-03-24 16:30 - 00000000 ____D () C:\ProgramData\Origin
2014-06-04 21:21 - 2014-03-24 16:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-04 21:08 - 2014-04-05 20:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-04 19:09 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-04 19:09 - 2014-06-04 19:07 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-04 19:08 - 2014-06-03 18:31 - 00000000 ____D () C:\Program Files (x86)\Optimum PC Boost
2014-06-04 19:04 - 2014-05-01 11:19 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-06-04 19:03 - 2014-06-03 18:31 - 00003934 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2014-06-04 19:03 - 2014-06-03 18:31 - 00003504 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2014-06-04 19:03 - 2014-05-01 11:19 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-04 19:03 - 2014-05-01 11:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-06-04 16:24 - 2014-06-04 16:24 - 00098582 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-06-04 16:24 - 2014-06-04 16:24 - 00049474 _____ () C:\Users\Mark\Desktop\Extras.Txt
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Downloads\OTL.exe
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-06-04 09:31 - 2014-06-01 09:55 - 00215367 _____ () C:\Users\Mark\Desktop\MGlogs.zip
2014-06-04 09:31 - 2014-06-01 09:53 - 00215367 _____ () C:\MGlogs.zip
2014-06-04 09:31 - 2014-06-01 09:53 - 00000000 ____D () C:\MGtools
2014-06-04 09:30 - 2014-06-04 09:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-06-04 09:13 - 2014-06-03 18:20 - 00029306 _____ () C:\Windows\PFRO.log
2014-06-03 23:23 - 2014-06-03 23:23 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.txt
2014-06-03 23:14 - 2014-06-03 23:14 - 00330986 _____ () C:\Users\Mark\Desktop\HitmanPro_20140603_2314.log
2014-06-03 23:09 - 2014-06-03 23:09 - 04156051 _____ () C:\Users\Mark\Downloads\tdsskiller.zip
2014-06-03 23:08 - 2014-06-03 23:08 - 00003385 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06032014_230801.log
2014-06-03 23:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA
2014-06-03 18:45 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\Temp
2014-06-03 18:32 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\OptimumPcBoost
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\URSoft
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Local\SearchProtect
2014-06-03 17:05 - 2014-06-03 17:05 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Desktop\TDSSKiller.exe
2014-06-03 08:45 - 2014-06-03 08:45 - 00001264 _____ () C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2014-06-03 08:45 - 2014-06-03 08:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 08:44 - 2014-06-03 08:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mark\Downloads\revosetup.exe
2014-06-02 17:20 - 2014-06-02 17:19 - 00000632 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-06-02 17:13 - 2014-06-02 17:13 - 00001382 _____ () C:\Users\Mark\Desktop\HitmanPro_20140602_1713.log
2014-06-02 12:45 - 2014-06-02 12:45 - 00003350 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06022014_124243.log
2014-06-02 12:25 - 2014-06-02 12:25 - 05230080 _____ () C:\Users\Mark\Desktop\RogueKillerX64.exe
2014-06-01 13:33 - 2014-06-01 13:33 - 00004400 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_133145.log
2014-06-01 12:45 - 2014-06-01 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 12:43 - 2014-06-01 12:43 - 01016261 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-06-01 09:51 - 2014-06-01 09:51 - 00001718 _____ () C:\Users\Mark\Desktop\HitmanPro_20140601_0951.log
2014-06-01 09:51 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-01 09:33 - 2014-06-01 09:33 - 00001607 _____ () C:\mbam.txt
2014-06-01 09:26 - 2014-06-01 09:26 - 00002880 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_092436.log
2014-06-01 09:02 - 2014-06-01 09:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 08:54 - 2014-06-01 08:55 - 01990574 _____ () C:\MGtools.exe
2014-06-01 08:54 - 2014-06-01 08:54 - 01990574 _____ () C:\Users\Mark\Downloads\MGtools.exe
2014-06-01 08:54 - 2014-06-01 08:53 - 10971424 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro_x64.exe
2014-06-01 08:49 - 2014-05-29 20:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\uTorrent
2014-06-01 08:49 - 2014-03-26 22:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Azureus
2014-06-01 08:49 - 2014-03-21 02:33 - 00000000 ____D () C:\Windows\Panther
2014-06-01 08:47 - 2014-06-01 08:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 08:47 - 2014-06-01 08:47 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 08:46 - 2014-06-01 08:46 - 04748896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup414.exe
2014-05-31 23:46 - 2014-03-26 23:53 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\vlc
2014-05-31 22:25 - 2014-05-31 22:21 - 00000000 ____D () C:\Users\Mark\Downloads\Anger.Management.S02E62.720p.HDTV.X264-DIMENSION [PublicHD]
2014-05-31 22:07 - 2014-05-31 22:06 - 346027063 _____ () C:\Users\Mark\Downloads\ChromeOS-Vanilla-4028.0.2013_04_20_1810-r706c4144.zip
2014-05-31 22:06 - 2014-05-31 22:06 - 00001063 _____ () C:\Users\Public\Desktop\Win32DiskImager.lnk
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\Program Files (x86)\ImageWriter
2014-05-31 22:05 - 2014-05-31 22:05 - 12290974 _____ (ImageWriter Developers ) C:\Users\Mark\Downloads\Win32DiskImager-0.9.5-install.exe
2014-05-31 20:46 - 2014-05-31 20:46 - 00002234 _____ () C:\Users\Mark\Documents\Resolved Security Risks.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 05298672 _____ () C:\Users\Mark\Documents\Resolved Security Risks.mcf
2014-05-30 14:02 - 2014-05-30 14:02 - 00002657 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) MultipleLandmarks.rar
2014-05-30 14:02 - 2014-05-30 14:02 - 00000000 ____D () C:\Users\Mark\Documents\( uploadMB.com ) MultipleLandmarks
2014-05-30 13:21 - 2014-05-30 12:51 - 00000000 ____D () C:\Users\Mark\AppData\Local\WinZip
2014-05-30 13:21 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-30 12:57 - 2014-05-08 08:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 12:57 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 12:57 - 2014-05-08 08:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 12:51 - 2014-05-30 12:51 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\Program Files\WinZip
2014-05-30 12:51 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-30 12:45 - 2014-05-30 12:45 - 03405129 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) ProcsKalonePackagev098p - Installer.rar
2014-05-29 21:09 - 2014-05-29 20:56 - 4115013632 _____ () C:\Users\Mark\Downloads\en_windows_8.1_with_update_x64_dvd_4065090.iso
2014-05-29 20:53 - 2014-05-29 20:53 - 00000851 _____ () C:\Users\Mark\Desktop\µTorrent.lnk
2014-05-29 20:53 - 2014-05-29 20:53 - 00000831 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-29 20:52 - 2014-05-29 20:52 - 01671504 _____ (BitTorrent Inc.) C:\Users\Mark\Downloads\uTorrent.exe
2014-05-29 20:31 - 2014-05-29 20:29 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-05-29 20:31 - 2014-05-29 20:26 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-29 20:31 - 2014-05-29 20:26 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-29 00:22 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\Documents\CyberLink
2014-05-29 00:22 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-29 00:22 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\CyberLink
2014-05-29 00:22 - 2014-05-29 00:19 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\MediaServer
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\ProgramData\PDVD
2014-05-29 00:20 - 2014-05-29 00:20 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\install_clap
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-29 00:20 - 2014-03-23 22:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-29 00:19 - 2014-05-29 00:19 - 125163904 _____ () C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
2014-05-28 22:12 - 2014-05-28 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-28 22:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-05-28 22:08 - 2014-04-02 19:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-19 19:44 - 2014-05-28 22:12 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-19 19:44 - 2014-05-28 22:12 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-19 19:44 - 2014-05-28 22:11 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-19 18:25 - 2014-05-28 22:12 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-19 18:25 - 2014-05-28 22:12 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\Documents\Family Tree Maker
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\IsolatedStorage
2014-05-15 07:14 - 2014-05-15 07:13 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:13 - 00000946 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000940 _____ () C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Users\Mark\AppData\Local\Ancestry.com
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:12 - 00000000 ___HD () C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Users\Mark\AppData\Local\PackageAware
2014-05-15 07:12 - 2014-05-15 07:11 - 00000000 ____D () C:\Users\Mark\Downloads\Family Tree Maker 2014
2014-05-14 20:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 20:01 - 2014-03-24 03:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 16:49 - 2014-05-28 22:12 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 12:51 - 2014-05-14 12:51 - 19158336 _____ () C:\Users\Mark\Downloads\PRO2K3XP_32.exe
2014-05-14 12:48 - 2009-07-13 22:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-14 12:47 - 2014-03-21 13:37 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 12:47 - 2014-03-21 13:37 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 12:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 12:45 - 2014-03-21 13:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 12:44 - 2014-03-21 13:57 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-05-08 08:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-08 08:46 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-08 08:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 16:36 - 2014-05-11 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 16:02 - 2014-04-02 19:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 16:02 - 2014-04-02 19:50 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 10:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-08 08:46 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-08 08:46 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 08:46 - 2014-05-08 08:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 03:38 - 2014-04-01 17:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 20:06
 
==================== End Of Log ============================

  • 0

#8
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Mark at 2014-06-05 13:24:37
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 8.2.4 - Hewlett-Packard) Hidden
Acronis True Image 2014 (HKLM-x32\...\{6B38A7DF-F641-45D5-BBCA-3E676ABCF5C8}Visible) (Version: 17.0.6673 - Acronis)
Acronis True Image 2014 (x32 Version: 17.0.6673 - Acronis) Hidden
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Company of Heroes (New Steam Version) (HKLM-x32\...\Steam App 228200) (Version:  - Relic)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2118.57 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2118.57 - CyberLink Corp.) Hidden
Family Tree Maker 2014 (HKLM-x32\...\Family Tree Maker 2014) (Version: 22.0.207 - Ancestry.com, Inc.)
Family Tree Maker 2014 (Version: 22.0.207 - Ancestry.com, Inc.) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HDHomeRun (HKLM\...\{B550D72C-52A7-4B37-9869-2FE0633E39E3}) (Version: 1.0.14607.0 - Silicondust)
HP LaserJet 200 color M251 (HKLM-x32\...\{6682B5C4-530A-4FB8-ACAC-80DB5CCC68DD}) (Version: 5.0.12200.1036 - Hewlett-Packard)
HP Unified IO (Version: 2.0.0.404 - HP) Hidden
HP Unified IO (x32 Version: 2.0.0.404 - HP) Hidden
hpbDSService (x32 Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM251DSService (x32 Version: 001.001.05874 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 009.027.00856 - Hewlett-Packard) Hidden
hppM251LaserJetService (x32 Version: 001.019.00639 - Hewlett-Packard) Hidden
Intel® Network Connections 18.4.59.0 (HKLM\...\PROSetDX) (Version: 18.4.59.0 - Intel)
Intel® Network Connections 18.4.59.0 (Version: 18.4.59.0 - Intel) Hidden
LEGO Lord of the Rings (HKLM-x32\...\Steam App 214510) (Version:  - Traveller's Tales)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.3.0.12 - Symantec Corporation)
NVIDIA Control Panel 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.154.1168 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.6.2792 - Electronic Arts, Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 2.0.0.0 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.3.0.0 - Azureus Software, Inc.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E3}) (Version: 18.5.11111 - WinZip Computing, S.L. )
 
==================== Restore Points  =========================
 
06-05-2014 05:50:31 Windows Update
14-05-2014 19:44:24 Windows Update
29-05-2014 07:20:17 Installed PowerDVD
05-06-2014 02:07:31 Removed BCL easyConverter SDK 3 (Word Version) 64.
05-06-2014 02:08:33 Removed Optimum PC Boost
05-06-2014 02:09:09 Removed WebEx Support Manager for Internet Explorer
 
==================== Hosts content: ==========================
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {534D6D37-C088-4905-8A96-F14FC80F8CD0} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {5B02467C-69DF-4477-B13E-F007018C742C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {6A163F55-8F5F-4BA9-BF7A-5DE3167D03BC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
Task: {6C6DE309-D5F6-42F2-9B81-9834FEE06997} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {7E0A5D8D-0CFA-4F06-9868-BAAF40004228} - System32\Tasks\Optimum_LogOn => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {C5E64602-2A04-4822-816B-4D4E70DECFAD} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {D8695FC0-8B66-4D1C-98EB-561F37FFCBF8} - System32\Tasks\Optimum_Daily => C:\Program Files (x86)\Optimum PC Boost\OptimumPCBoost.exe
Task: {E2C5DF0C-202C-4220-9DA2-995E6DA223E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-02] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-05-28 22:12 - 2014-05-19 18:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-10-01 10:26 - 2013-10-01 10:26 - 02810968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00036672 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\qt_icontray_ex.dll
2014-02-04 18:25 - 2014-02-04 18:25 - 00028992 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\thread_pool.dll
2014-05-29 00:20 - 2011-08-23 19:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\PowerDVD12\Common\koan\_ctypes.pyd
2014-05-29 00:20 - 2011-08-23 19:39 - 00053248 _____ () C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_socket.pyd
2014-05-29 00:20 - 2011-08-23 19:39 - 00655360 _____ () C:\Program Files (x86)\CyberLink\PowerDVD12\Common\Koan\_ssl.pyd
2014-05-28 22:08 - 2014-05-13 16:40 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libglesv2.dll
2014-05-28 22:08 - 2014-05-13 16:40 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\libegl.dll
2014-05-28 22:08 - 2014-05-13 16:40 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll
2014-05-28 22:08 - 2014-05-13 16:40 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll
2014-05-28 22:08 - 2014-05-13 16:40 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll
2014-02-04 18:28 - 2014-02-04 18:28 - 00420160 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2013-10-01 11:00 - 2013-10-01 11:00 - 00022336 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:1CE11B51
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/05/2014 00:21:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2014 07:55:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 11:05:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 09:09:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 09:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 08:43:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 07:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 07:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 04:17:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 09:18:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: swwhoami.exe, version: 1.0.0.1, time stamp: 0x2a425e19
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000005
Fault offset: 0x00033685
Faulting process id: 0x1a1c
Faulting application start time: 0xswwhoami.exe0
Faulting application path: swwhoami.exe1
Faulting module path: swwhoami.exe2
Report Id: swwhoami.exe3
 
 
System errors:
=============
Error: (06/04/2014 08:44:30 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/04/2014 07:12:59 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/04/2014 07:06:30 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/04/2014 06:30:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (06/04/2014 04:17:59 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/04/2014 09:15:59 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/03/2014 11:07:59 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/03/2014 11:02:28 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/03/2014 10:59:28 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
Error: (06/03/2014 10:03:59 PM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{0758978B-22B3-416C-8FD6-F60C9B8ADE78}.
The backup browser is stopping.
 
 
Microsoft Office Sessions:
=========================
Error: (06/05/2014 00:21:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/05/2014 07:55:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 11:05:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 09:09:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 09:01:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 08:43:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 07:12:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 07:05:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 04:17:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/04/2014 09:18:05 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: swwhoami.exe1.0.0.12a425e19ntdll.dll6.1.7601.18247521ea8e7c0000005000336851a1c01cf80109029d773C:\MGTools\swwhoami.exeC:\Windows\SysWOW64\ntdll.dllcec409c6-ec03-11e3-9840-001b21b1cce0
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 29%
Total physical RAM: 8097.5 MB
Available physical RAM: 5695.04 MB
Total Pagefile: 16193.19 MB
Available Pagefile: 13327.11 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.35 GB) (Free:145.98 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 224 GB) (Disk ID: 0E45043E)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

  • 0

#9
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
A couple of steps to do here. Please be sure to perform them in the order mentioned.
 
 
 

= = = = = = = = = = = = = = = = = = =

 
 
 
icon_arrow.gifFIRST
We'll run a fix using Farbar Recovery Scan Tool.

  • Download attached fixlist.txt file and save it to the Desktop. 
    Attached File  fixlist.txt   1.42KB   109 downloads
  • icon_idea.gif Both files, FRST and fixlist.txt have to be in the same location or the fix will not work! 

icon_exclaim.gif WARNING icon_exclaim.gif

This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system!

  • Right click on the 12579.gif to Run as administrator (XP users click run after receipt of Windows Security Warning - Open File). 
  • Press the Fix button just once and wait. 
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. 
  • When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

= = = = = = = = = = = = = = = = = = =

 
  
icon_arrow.gifSECOND
 
Download ADWCleaner by Xplode to your desktop.

  • Close all programs and right-click on the adwcleaner.png icon - select Run as Administrator.
    (Users of Windows XP please just double-click). 
  • You will be presented with the console like the one below:

    adwcleaner-start.jpg

  • Click on Scan and follow the prompts. 
  • Let it run unhindered. 
  • When done, click on the Clean button, and follow the prompts. 
  • Allow the system to reboot.

After that, you will then be presented with the report. Copy & Paste this report on your next reply.

icon_idea.gif The report will be saved in the C:\AdwCleaner folder, as AdwCleaner[S0].txt
 

= = = = = = = = = = = = = = = = = = =

 
 
icon_arrow.gifTHIRD
GMER scanner for the lurking rootkits


Please download GMER and save it to your desktop.

  • it will come as a randomly named file (like a6ge38b4.exe) - that's absolutely normal. 
  • Disconnect from the Internet and close all running programs 
  • Temporarily disable any real-time active protection
  • It is very important you do not use your computer while GMER is running 
  • Right-click on the randomly named GMER gmericon.png icon and choose Run as Administrator
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan

If you receive a warning about rootkit activity and are asked to fully scan your system click NO!

icon_arrow.gif Please check in the Quick scan box
icon_arrow.gif Please uncheck the following:

  • IAT/EAT
  • Show All

GMER2new_zpsdd936679.jpg

  • Click Scan
  • If you see a rootkit warning window click OK
  • When the scan is finished, Save the results to your desktop as gmer.log
  • Click Copy then paste the results in your reply 
  • Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled 

icon_idea.gif

  • If you encounter any problems, try running GMER in Safe Mode
  • If GMER crashes or keeps resulting in a Blue Screen of Death, uncheck Devices on the right side before scanning 

= = = = = = = = = = = = = = = = = = =

 
 
 
icon_arrow.gifFOURTH
Performing general FRST scan

Please re-run Farbar Recovery Scan Tool

  • Right click on 12579.gif to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). 
  • When the tool opens click Yes to disclaimer. 
  • You will be presented with a window like below:

    FRSTconsole-2.jpg

  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from. 
  • Please copy and paste that log back here. 

= = = = = = = = = = = = = = = = = = =

 
 
 
Now in your next reply please include for my review:
icon_arrow.gif Fixlog from FRST
icon_arrow.gif AdwCleaner log
icon_arrow.gif GMER log
icon_arrow.gif fresh one FRST report
 
I don't mind multiple posts if necessary.
 
Cheers,
Naat :)


  • 0

#10
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Here's the first FRST.log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Mark (administrator) on MARK-ASUS on 05-06-2014 13:24:27
Running from C:\Users\Mark\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2014-03-23] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-09-19] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-09-19] (CyberLink Corp.)
HKU\S-1-5-21-148807833-3385514544-1937127755-1000\...\MountPoints2: {2b7e4890-d1bc-11e3-9b21-74d02b7e70ba} - G:\LaunchU3.exe -a
HKU\S-1-5-21-148807833-3385514544-1937127755-1000\...\MountPoints2: {89cd9b16-b0d3-11e3-8bba-f0ec66666b11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Autorun.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...=1124367722&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = http://speedial.com/...=1124367722&ir=
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default
FF DefaultSearchEngine: Speedial
FF SelectedSearchEngine: Trovi search
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: NoScript - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-02]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-02]
CHR Extension: (Adblock Plus) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-02]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-02]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-04-02]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-01]
CHR Extension: (Ghostery) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]
 
==================== Services (Whitelisted) =================
 
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-09-19] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-09-19] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-09-19] (CyberLink)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [19456 2014-01-21] (Silicondust USA Inc)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-01] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140604.002\IDSvia64.sys [525016 2014-04-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.004\ENG64.SYS [126040 2014-05-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.004\EX64.SYS [2099288 2014-05-01] (Symantec Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-04-27] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-04-27] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-04-27] (Acronis International GmbH)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-09-19] (CyberLink Corp.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-05 13:24 - 2014-06-05 13:24 - 00016309 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-06-05 13:24 - 2014-06-05 13:24 - 00000000 ____D () C:\FRST
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-06-05 12:42 - 2014-06-05 12:42 - 00003608 _____ () C:\Users\Mark\Downloads\SyeWcnKq.txt
2014-06-04 19:09 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-04 19:07 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-04 17:32 - 2014-06-05 08:00 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.log
2014-06-04 16:24 - 2014-06-04 16:24 - 00098582 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-06-04 16:24 - 2014-06-04 16:24 - 00049474 _____ () C:\Users\Mark\Desktop\Extras.Txt
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Downloads\OTL.exe
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-06-04 09:30 - 2014-06-04 09:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-06-03 23:23 - 2014-06-03 23:23 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.txt
2014-06-03 23:14 - 2014-06-03 23:14 - 00330986 _____ () C:\Users\Mark\Desktop\HitmanPro_20140603_2314.log
2014-06-03 23:09 - 2014-06-03 23:09 - 04156051 _____ () C:\Users\Mark\Downloads\tdsskiller.zip
2014-06-03 23:08 - 2014-06-03 23:08 - 00003385 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06032014_230801.log
2014-06-03 18:31 - 2014-06-04 19:08 - 00000000 ____D () C:\Program Files (x86)\Optimum PC Boost
2014-06-03 18:31 - 2014-06-04 19:03 - 00003934 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2014-06-03 18:31 - 2014-06-04 19:03 - 00003504 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2014-06-03 18:31 - 2014-06-03 18:32 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\OptimumPcBoost
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\URSoft
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Local\SearchProtect
2014-06-03 18:20 - 2014-06-04 09:13 - 00029306 _____ () C:\Windows\PFRO.log
2014-06-03 17:05 - 2014-06-03 17:05 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Desktop\TDSSKiller.exe
2014-06-03 08:45 - 2014-06-03 08:45 - 00001264 _____ () C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2014-06-03 08:45 - 2014-06-03 08:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 08:44 - 2014-06-03 08:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mark\Downloads\revosetup.exe
2014-06-02 17:19 - 2014-06-02 17:20 - 00000632 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-06-02 17:13 - 2014-06-02 17:13 - 00001382 _____ () C:\Users\Mark\Desktop\HitmanPro_20140602_1713.log
2014-06-02 12:45 - 2014-06-02 12:45 - 00003350 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06022014_124243.log
2014-06-02 12:25 - 2014-06-02 12:25 - 05230080 _____ () C:\Users\Mark\Desktop\RogueKillerX64.exe
2014-06-01 13:33 - 2014-06-01 13:33 - 00004400 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_133145.log
2014-06-01 12:45 - 2014-06-01 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 12:43 - 2014-06-01 12:43 - 01016261 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-06-01 09:55 - 2014-06-04 09:31 - 00215367 _____ () C:\Users\Mark\Desktop\MGlogs.zip
2014-06-01 09:53 - 2014-06-04 09:31 - 00215367 _____ () C:\MGlogs.zip
2014-06-01 09:53 - 2014-06-04 09:31 - 00000000 ____D () C:\MGtools
2014-06-01 09:51 - 2014-06-01 09:51 - 00001718 _____ () C:\Users\Mark\Desktop\HitmanPro_20140601_0951.log
2014-06-01 09:42 - 2014-06-01 09:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-01 09:33 - 2014-06-01 09:33 - 00001607 _____ () C:\mbam.txt
2014-06-01 09:26 - 2014-06-01 09:26 - 00002880 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_092436.log
2014-06-01 09:02 - 2014-06-01 09:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-01 08:58 - 2014-06-05 12:19 - 00004704 _____ () C:\Windows\setupact.log
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 08:55 - 2014-06-01 08:54 - 01990574 _____ () C:\MGtools.exe
2014-06-01 08:54 - 2014-06-01 08:54 - 01990574 _____ () C:\Users\Mark\Downloads\MGtools.exe
2014-06-01 08:53 - 2014-06-01 08:54 - 10971424 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro_x64.exe
2014-06-01 08:47 - 2014-06-01 08:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 08:47 - 2014-06-01 08:47 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 08:46 - 2014-06-01 08:46 - 04748896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup414.exe
2014-05-31 22:21 - 2014-05-31 22:25 - 00000000 ____D () C:\Users\Mark\Downloads\Anger.Management.S02E62.720p.HDTV.X264-DIMENSION [PublicHD]
2014-05-31 22:06 - 2014-05-31 22:07 - 346027063 _____ () C:\Users\Mark\Downloads\ChromeOS-Vanilla-4028.0.2013_04_20_1810-r706c4144.zip
2014-05-31 22:06 - 2014-05-31 22:06 - 00001063 _____ () C:\Users\Public\Desktop\Win32DiskImager.lnk
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\Program Files (x86)\ImageWriter
2014-05-31 22:05 - 2014-05-31 22:05 - 12290974 _____ (ImageWriter Developers ) C:\Users\Mark\Downloads\Win32DiskImager-0.9.5-install.exe
2014-05-31 20:46 - 2014-05-31 20:46 - 00002234 _____ () C:\Users\Mark\Documents\Resolved Security Risks.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 05298672 _____ () C:\Users\Mark\Documents\Resolved Security Risks.mcf
2014-05-30 14:02 - 2014-05-30 14:02 - 00002657 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) MultipleLandmarks.rar
2014-05-30 14:02 - 2014-05-30 14:02 - 00000000 ____D () C:\Users\Mark\Documents\( uploadMB.com ) MultipleLandmarks
2014-05-30 12:51 - 2014-05-30 13:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\WinZip
2014-05-30 12:51 - 2014-05-30 13:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\Program Files\WinZip
2014-05-30 12:45 - 2014-05-30 12:45 - 03405129 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) ProcsKalonePackagev098p - Installer.rar
2014-05-29 20:56 - 2014-05-29 21:09 - 4115013632 _____ () C:\Users\Mark\Downloads\en_windows_8.1_with_update_x64_dvd_4065090.iso
2014-05-29 20:53 - 2014-05-29 20:53 - 00000851 _____ () C:\Users\Mark\Desktop\µTorrent.lnk
2014-05-29 20:53 - 2014-05-29 20:53 - 00000831 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-29 20:52 - 2014-06-01 08:49 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\uTorrent
2014-05-29 20:52 - 2014-05-29 20:52 - 01671504 _____ (BitTorrent Inc.) C:\Users\Mark\Downloads\uTorrent.exe
2014-05-29 20:35 - 2012-10-13 18:27 - 3581853696 _____ () C:\Users\Mark\Desktop\en_windows_8_x64_dvd_915440.iso
2014-05-29 20:29 - 2014-05-29 20:31 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-05-29 20:26 - 2014-05-29 20:31 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-29 20:26 - 2014-05-29 20:31 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-29 00:22 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\MediaServer
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\ProgramData\PDVD
2014-05-29 00:20 - 2014-06-03 18:45 - 00000000 ____D () C:\ProgramData\Temp
2014-05-29 00:20 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-29 00:20 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\install_clap
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-29 00:19 - 2014-05-29 00:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-29 00:19 - 2014-05-29 00:19 - 125163904 _____ () C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
2014-05-28 22:12 - 2014-05-28 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 22:12 - 2014-05-19 19:44 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-28 22:12 - 2014-05-19 19:44 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-28 22:12 - 2014-05-19 18:25 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-28 22:12 - 2014-05-14 16:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-28 22:11 - 2014-05-19 19:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-28 22:11 - 2014-05-19 19:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\Documents\Family Tree Maker
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\IsolatedStorage
2014-05-15 07:13 - 2014-05-15 07:14 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:13 - 00000946 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000940 _____ () C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Users\Mark\AppData\Local\Ancestry.com
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2014
2014-05-15 07:12 - 2014-05-15 07:13 - 00000000 ___HD () C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Users\Mark\AppData\Local\PackageAware
2014-05-15 07:11 - 2014-05-15 07:12 - 00000000 ____D () C:\Users\Mark\Downloads\Family Tree Maker 2014
2014-05-14 12:51 - 2014-05-14 12:51 - 19158336 _____ () C:\Users\Mark\Downloads\PRO2K3XP_32.exe
2014-05-14 12:45 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 12:45 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 12:45 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 12:45 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 12:45 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 12:45 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:43 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:43 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:43 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:43 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:43 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:43 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:43 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:43 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:43 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:43 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:43 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:43 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:43 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:43 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:43 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 16:36 - 2014-05-11 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 08:47 - 2014-06-05 12:33 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 08:46 - 2014-05-30 12:57 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 08:46 - 2014-05-30 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 08:46 - 2014-05-30 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-08 08:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 08:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 08:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 08:46 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-08 08:46 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 08:45 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-05 13:24 - 2014-06-05 13:24 - 00016309 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-06-05 13:24 - 2014-06-05 13:24 - 00000000 ____D () C:\FRST
2014-06-05 13:24 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\Mark\AppData\Local\Temp
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-06-05 13:07 - 2014-04-02 19:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 12:42 - 2014-06-05 12:42 - 00003608 _____ () C:\Users\Mark\Downloads\SyeWcnKq.txt
2014-06-05 12:33 - 2014-05-08 08:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-05 12:25 - 2009-07-13 22:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-05 12:22 - 2014-03-21 13:37 - 01704454 _____ () C:\Windows\WindowsUpdate.log
2014-06-05 12:19 - 2014-06-01 08:58 - 00004704 _____ () C:\Windows\setupact.log
2014-06-05 12:19 - 2014-04-02 19:50 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-05 12:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-05 08:06 - 2009-07-13 21:45 - 00016880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-05 08:06 - 2009-07-13 21:45 - 00016880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-05 08:00 - 2014-06-04 17:32 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.log
2014-06-04 21:21 - 2014-03-24 16:30 - 00000000 ____D () C:\ProgramData\Origin
2014-06-04 21:21 - 2014-03-24 16:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-04 21:08 - 2014-04-05 20:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-04 19:09 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-04 19:09 - 2014-06-04 19:07 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-04 19:08 - 2014-06-03 18:31 - 00000000 ____D () C:\Program Files (x86)\Optimum PC Boost
2014-06-04 19:04 - 2014-05-01 11:19 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-06-04 19:03 - 2014-06-03 18:31 - 00003934 _____ () C:\Windows\System32\Tasks\Optimum_Daily
2014-06-04 19:03 - 2014-06-03 18:31 - 00003504 _____ () C:\Windows\System32\Tasks\Optimum_LogOn
2014-06-04 19:03 - 2014-05-01 11:19 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-04 19:03 - 2014-05-01 11:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-06-04 16:24 - 2014-06-04 16:24 - 00098582 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-06-04 16:24 - 2014-06-04 16:24 - 00049474 _____ () C:\Users\Mark\Desktop\Extras.Txt
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Downloads\OTL.exe
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2014-06-04 09:31 - 2014-06-01 09:55 - 00215367 _____ () C:\Users\Mark\Desktop\MGlogs.zip
2014-06-04 09:31 - 2014-06-01 09:53 - 00215367 _____ () C:\MGlogs.zip
2014-06-04 09:31 - 2014-06-01 09:53 - 00000000 ____D () C:\MGtools
2014-06-04 09:30 - 2014-06-04 09:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-06-04 09:13 - 2014-06-03 18:20 - 00029306 _____ () C:\Windows\PFRO.log
2014-06-03 23:23 - 2014-06-03 23:23 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.txt
2014-06-03 23:14 - 2014-06-03 23:14 - 00330986 _____ () C:\Users\Mark\Desktop\HitmanPro_20140603_2314.log
2014-06-03 23:09 - 2014-06-03 23:09 - 04156051 _____ () C:\Users\Mark\Downloads\tdsskiller.zip
2014-06-03 23:08 - 2014-06-03 23:08 - 00003385 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06032014_230801.log
2014-06-03 23:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA
2014-06-03 18:45 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\Temp
2014-06-03 18:32 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\OptimumPcBoost
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\URSoft
2014-06-03 18:31 - 2014-06-03 18:31 - 00000000 ____D () C:\Users\Mark\AppData\Local\SearchProtect
2014-06-03 17:05 - 2014-06-03 17:05 - 04176736 _____ (Kaspersky Lab ZAO) C:\Users\Mark\Desktop\TDSSKiller.exe
2014-06-03 08:45 - 2014-06-03 08:45 - 00001264 _____ () C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2014-06-03 08:45 - 2014-06-03 08:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 08:44 - 2014-06-03 08:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mark\Downloads\revosetup.exe
2014-06-02 17:20 - 2014-06-02 17:19 - 00000632 _____ () C:\Users\Mark\Desktop\JRT.txt
2014-06-02 17:13 - 2014-06-02 17:13 - 00001382 _____ () C:\Users\Mark\Desktop\HitmanPro_20140602_1713.log
2014-06-02 12:45 - 2014-06-02 12:45 - 00003350 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06022014_124243.log
2014-06-02 12:25 - 2014-06-02 12:25 - 05230080 _____ () C:\Users\Mark\Desktop\RogueKillerX64.exe
2014-06-01 13:33 - 2014-06-01 13:33 - 00004400 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_133145.log
2014-06-01 12:45 - 2014-06-01 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 12:43 - 2014-06-01 12:43 - 01016261 _____ (Thisisu) C:\Users\Mark\Desktop\JRT.exe
2014-06-01 09:51 - 2014-06-01 09:51 - 00001718 _____ () C:\Users\Mark\Desktop\HitmanPro_20140601_0951.log
2014-06-01 09:51 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-01 09:33 - 2014-06-01 09:33 - 00001607 _____ () C:\mbam.txt
2014-06-01 09:26 - 2014-06-01 09:26 - 00002880 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_092436.log
2014-06-01 09:02 - 2014-06-01 09:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 08:54 - 2014-06-01 08:55 - 01990574 _____ () C:\MGtools.exe
2014-06-01 08:54 - 2014-06-01 08:54 - 01990574 _____ () C:\Users\Mark\Downloads\MGtools.exe
2014-06-01 08:54 - 2014-06-01 08:53 - 10971424 _____ (SurfRight B.V.) C:\Users\Mark\Desktop\HitmanPro_x64.exe
2014-06-01 08:49 - 2014-05-29 20:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\uTorrent
2014-06-01 08:49 - 2014-03-26 22:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Azureus
2014-06-01 08:49 - 2014-03-21 02:33 - 00000000 ____D () C:\Windows\Panther
2014-06-01 08:47 - 2014-06-01 08:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 08:47 - 2014-06-01 08:47 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 08:46 - 2014-06-01 08:46 - 04748896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup414.exe
2014-05-31 23:46 - 2014-03-26 23:53 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\vlc
2014-05-31 22:25 - 2014-05-31 22:21 - 00000000 ____D () C:\Users\Mark\Downloads\Anger.Management.S02E62.720p.HDTV.X264-DIMENSION [PublicHD]
2014-05-31 22:07 - 2014-05-31 22:06 - 346027063 _____ () C:\Users\Mark\Downloads\ChromeOS-Vanilla-4028.0.2013_04_20_1810-r706c4144.zip
2014-05-31 22:06 - 2014-05-31 22:06 - 00001063 _____ () C:\Users\Public\Desktop\Win32DiskImager.lnk
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\Program Files (x86)\ImageWriter
2014-05-31 22:05 - 2014-05-31 22:05 - 12290974 _____ (ImageWriter Developers ) C:\Users\Mark\Downloads\Win32DiskImager-0.9.5-install.exe
2014-05-31 20:46 - 2014-05-31 20:46 - 00002234 _____ () C:\Users\Mark\Documents\Resolved Security Risks.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 05298672 _____ () C:\Users\Mark\Documents\Resolved Security Risks.mcf
2014-05-30 14:02 - 2014-05-30 14:02 - 00002657 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) MultipleLandmarks.rar
2014-05-30 14:02 - 2014-05-30 14:02 - 00000000 ____D () C:\Users\Mark\Documents\( uploadMB.com ) MultipleLandmarks
2014-05-30 13:21 - 2014-05-30 12:51 - 00000000 ____D () C:\Users\Mark\AppData\Local\WinZip
2014-05-30 13:21 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-30 12:57 - 2014-05-08 08:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 12:57 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 12:57 - 2014-05-08 08:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 12:51 - 2014-05-30 12:51 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\Program Files\WinZip
2014-05-30 12:51 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-30 12:45 - 2014-05-30 12:45 - 03405129 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) ProcsKalonePackagev098p - Installer.rar
2014-05-29 21:09 - 2014-05-29 20:56 - 4115013632 _____ () C:\Users\Mark\Downloads\en_windows_8.1_with_update_x64_dvd_4065090.iso
2014-05-29 20:53 - 2014-05-29 20:53 - 00000851 _____ () C:\Users\Mark\Desktop\µTorrent.lnk
2014-05-29 20:53 - 2014-05-29 20:53 - 00000831 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-29 20:52 - 2014-05-29 20:52 - 01671504 _____ (BitTorrent Inc.) C:\Users\Mark\Downloads\uTorrent.exe
2014-05-29 20:31 - 2014-05-29 20:29 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-05-29 20:31 - 2014-05-29 20:26 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-29 20:31 - 2014-05-29 20:26 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-29 00:22 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\Documents\CyberLink
2014-05-29 00:22 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-29 00:22 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\CyberLink
2014-05-29 00:22 - 2014-05-29 00:19 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\MediaServer
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\ProgramData\PDVD
2014-05-29 00:20 - 2014-05-29 00:20 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\install_clap
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-29 00:20 - 2014-03-23 22:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-29 00:19 - 2014-05-29 00:19 - 125163904 _____ () C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
2014-05-28 22:12 - 2014-05-28 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-28 22:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-05-28 22:08 - 2014-04-02 19:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-19 19:44 - 2014-05-28 22:12 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-19 19:44 - 2014-05-28 22:12 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-19 19:44 - 2014-05-28 22:11 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-19 18:25 - 2014-05-28 22:12 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-19 18:25 - 2014-05-28 22:12 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\Documents\Family Tree Maker
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\IsolatedStorage
2014-05-15 07:14 - 2014-05-15 07:13 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:13 - 00000946 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000940 _____ () C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Users\Mark\AppData\Local\Ancestry.com
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:12 - 00000000 ___HD () C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\Users\Mark\AppData\Local\PackageAware
2014-05-15 07:12 - 2014-05-15 07:11 - 00000000 ____D () C:\Users\Mark\Downloads\Family Tree Maker 2014
2014-05-14 20:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 20:01 - 2014-03-24 03:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 16:49 - 2014-05-28 22:12 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 12:51 - 2014-05-14 12:51 - 19158336 _____ () C:\Users\Mark\Downloads\PRO2K3XP_32.exe
2014-05-14 12:48 - 2009-07-13 22:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-14 12:47 - 2014-03-21 13:37 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 12:47 - 2014-03-21 13:37 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 12:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 12:45 - 2014-03-21 13:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 12:44 - 2014-03-21 13:57 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-05-08 08:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-08 08:46 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-08 08:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 16:36 - 2014-05-11 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 16:02 - 2014-04-02 19:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 16:02 - 2014-04-02 19:50 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 10:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-08 08:46 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-08 08:46 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 08:46 - 2014-05-08 08:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 03:38 - 2014-04-01 17:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 20:06
 
==================== End Of Log ============================

  • 0

Advertisements


#11
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Here's the AdwCleaner log and GMER log below.:

 

# AdwCleaner v3.212 - Report created 06/06/2014 at 08:37:09
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Mark - MARK-ASUS
# Running from : C:\Users\Mark\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Mark\AppData\Local\PackageAware
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\Software\SearchProtect
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v29.0.1 (en-US)
 
[ File : C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default\prefs.js ]
 
Line Deleted : user_pref("browser.search.selectedEngine", "Trovi search");
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_wnzp_14_22_ch&cd=2XzuyEtN2Y1L1QzuyByE0DtDtB0ByB0EyBtD0B0AtByDzytAtN0D0Tzu0SzzzztCtN1L2XzutBtFtBtDtFtCzytFyCtN1L1CzutCyEtBzytDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyC0Dzy0FtB0AtCtAtGyE0C0D0BtGzztBtD0CtGzz0BzyyBtGtC0F0CzztByBtBtCtAzzyE0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyB0DtCyByCyEyDyEtGzyyB0BtDtG0BzytDyDtGyBtAtBtAtGyD0F0EyEtB0F0DtBtA0DyC0B2Q&cr=1124367722&ir=
Deleted [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3233496&octid=EB_ORIGINAL_CTID&ISID=3ef7c3c4-b4fa-4f27-b98c-c6e5711236e4&SearchSource=58&CUI=&UM=5&UP=SP39B74246-8D2D-49B4-A7B1-1B989A0FC6A2&q={searchTerms}&SSPV=
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [1921 octets] - [06/06/2014 08:36:05]
AdwCleaner[S0].txt - [1858 octets] - [06/06/2014 08:37:09]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1918 octets] ##########
 
 
Here's the GMER log:
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-06-06 08:53:25
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 OCZ-VERTEX3 rev.2.25 223.57GB
Running: t2uo8bq3.exe; Driver: C:\Users\Mark\AppData\Local\Temp\kwtcypoc.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000075111465 2 bytes [11, 75]
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155         00000000751114bb 2 bytes [11, 75]
.text  ...                                                                                                                                                * 2
.text  C:\Windows\ehome\ehRecvr.exe[3408] \\?\C:\ProgramData\Microsoft\ehome\Cache\S-1-5-20\MCENDIndiv01_64.key!GetMCENDBridgeSecurityVersion + 844       0000000073658470 30 bytes {PUSH RBX; SUB RSP, 0x20; MOV EBX, ECX; CALL 0xfffffffffffd4410}
.text  C:\Windows\ehome\ehRecvr.exe[3408] \\?\C:\ProgramData\Microsoft\ehome\Cache\S-1-5-20\MCENDIndiv01_64.key!GetMCENDBridgeSecurityVersion + 876       0000000073658490 31 bytes {PUSH RBX; SUB RSP, 0x20; MOV RBX, RCX; CALL 0xfffffffffffd43f0}
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4208] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter  0000000075588791 5 bytes JMP 00000001730b1000
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000075111465 2 bytes [11, 75]
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe[4208] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000751114bb 2 bytes [11, 75]
.text  ...                                                                                                                                                * 2
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe[1756] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                 0000000075588791 5 bytes JMP 00000001730b1000
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075111465 2 bytes [11, 75]
.text  C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe[1756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000751114bb 2 bytes [11, 75]
.text  ...                                                                                                                                                * 2
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                          0000000076fefcb0 5 bytes JMP 00000001002a091c
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                        0000000076fefe14 5 bytes JMP 00000001002a0048
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                 0000000076fefea8 5 bytes JMP 00000001002a02ee
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                              0000000076ff0004 5 bytes JMP 00000001002a04b2
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                      0000000076ff0038 5 bytes JMP 00000001002a09fe
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                              0000000076ff0068 5 bytes JMP 00000001002a0ae0
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                           0000000076ff0084 5 bytes JMP 0000000100020050
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                              0000000076ff079c 5 bytes JMP 00000001002a012a
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                  0000000076ff088c 5 bytes JMP 00000001002a0758
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                            0000000076ff08a4 5 bytes JMP 00000001002a0676
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                0000000076ff0df4 5 bytes JMP 00000001002a03d0
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                          0000000076ff1920 5 bytes JMP 00000001002a0594
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                      0000000076ff1be4 5 bytes JMP 00000001002a083a
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                             0000000076ff1d70 5 bytes JMP 00000001002a020c
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                            0000000074b0524f 7 bytes JMP 00000001002a0f52
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                0000000074b053d0 7 bytes JMP 0000000100330210
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                               0000000074b05677 1 byte JMP 0000000100330048
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                               0000000074b05679 5 bytes {JMP 0xffffffff8b82a9d1}
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                      0000000074b0589a 7 bytes JMP 00000001002a0ca6
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                      0000000074b05a1d 7 bytes JMP 00000001003303d8
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                 0000000074b05c9b 7 bytes JMP 000000010033012c
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                   0000000074b05d87 7 bytes JMP 00000001003302f4
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                  0000000074b07240 7 bytes JMP 00000001002a0e6e
.text  C:\Users\Mark\Desktop\t2uo8bq3.exe[5556] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                 0000000075321492 7 bytes JMP 00000001003304bc
 
---- Disk sectors - GMER 2.1 ----
 
Disk   \Device\Harddisk0\DR0                                                                                                                              unknown MBR code
 
---- EOF - GMER 2.1 ----
 

 

 


  • 0

#12
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

Here's the second FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-06-2014
Ran by Mark (administrator) on MARK-ASUS on 06-06-2014 08:58:01
Running from C:\Users\Mark\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\n360.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Farbar) C:\Users\Mark\Desktop\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2014-03-23] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [518424 2013-07-18] (Acronis)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [7805936 2014-02-04] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1102192 2013-10-10] (Acronis International GmbH)
HKLM-x32\...\Run: [PowerDVD12DMREngine] => C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe [505872 2012-09-19] (CyberLink)
HKLM-x32\...\Run: [PowerDVD12Agent] => C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe [374560 2012-09-19] (CyberLink Corp.)
HKU\S-1-5-21-148807833-3385514544-1937127755-1000\...\MountPoints2: {2b7e4890-d1bc-11e3-9b21-74d02b7e70ba} - G:\LaunchU3.exe -a
HKU\S-1-5-21-148807833-3385514544-1937127755-1000\...\MountPoints2: {89cd9b16-b0d3-11e3-8bba-f0ec66666b11} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Autorun.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: NoScript - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\aespwcg3.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-24]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-02]
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-02]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-02]
CHR Extension: (Adblock Plus) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-02]
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-02]
CHR Extension: (DoNotTrackMe: Online Privacy Protection) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-04-02]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-01]
CHR Extension: (Ghostery) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2014-04-02]
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-02]
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-02]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\Exts\Chrome.crx [2014-06-04]
 
==================== Services (Whitelisted) =================
 
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-09-19] (CyberLink Corp.)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [78352 2012-09-19] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [295440 2012-09-19] (CyberLink)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [19456 2014-06-04] (Silicondust USA Inc)
S3 HP DS Service; C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.3.0.12\N360.exe [265040 2014-05-23] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1503000.00C\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-05-01] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140605.002\IDSvia64.sys [525016 2014-04-30] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-06] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.017\ENG64.SYS [126040 2014-05-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140605.017\EX64.SYS [2099288 2014-05-01] (Symantec Corporation)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1503000.00C\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-01] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1503000.00C\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-04-27] (Acronis International GmbH)
R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [198432 2014-04-27] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-04-27] (Acronis International GmbH)
R2 {73526619-C24F-470B-9BED-53D455FBB5C6}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-09-19] (CyberLink Corp.)
U3 kwtcypoc; \??\C:\Users\Mark\AppData\Local\Temp\kwtcypoc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-06 08:58 - 2014-06-06 08:58 - 00014206 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-06-06 08:53 - 2014-06-06 08:53 - 00007890 _____ () C:\Users\Mark\Desktop\gmer.log
2014-06-06 08:48 - 2014-06-06 08:40 - 00380416 _____ () C:\Users\Mark\Desktop\t2uo8bq3.exe
2014-06-06 08:40 - 2014-06-06 08:40 - 00380416 _____ () C:\Users\Mark\Downloads\t2uo8bq3.exe
2014-06-06 08:36 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-06 08:35 - 2014-06-06 08:37 - 00000000 ____D () C:\AdwCleaner
2014-06-06 08:34 - 2014-06-06 08:33 - 01333465 _____ () C:\Users\Mark\Desktop\AdwCleaner.exe
2014-06-06 08:33 - 2014-06-06 08:33 - 01333465 _____ () C:\Users\Mark\Downloads\AdwCleaner.exe
2014-06-06 08:29 - 2014-06-06 08:58 - 00000000 ____D () C:\FRST
2014-06-06 08:29 - 2014-06-06 08:29 - 02072576 _____ (Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe
2014-06-06 08:29 - 2014-06-06 08:29 - 02072576 _____ (Farbar) C:\Users\Mark\Desktop\FRST64 (1).exe
2014-06-06 08:27 - 2014-06-06 08:27 - 00001459 _____ () C:\Users\Mark\Downloads\fixlist.txt
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDHomeRun
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files\Silicondust
2014-06-05 13:24 - 2014-06-05 13:25 - 00059109 _____ () C:\Users\Mark\Desktop\FRST_1.txt
2014-06-05 13:24 - 2014-06-05 13:24 - 00020283 _____ () C:\Users\Mark\Desktop\Addition.txt
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-06-05 12:42 - 2014-06-05 12:42 - 00003608 _____ () C:\Users\Mark\Downloads\SyeWcnKq.txt
2014-06-04 19:09 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-04 19:07 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-04 17:32 - 2014-06-05 08:00 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.log
2014-06-04 16:24 - 2014-06-04 16:24 - 00098582 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-06-04 16:24 - 2014-06-04 16:24 - 00049474 _____ () C:\Users\Mark\Desktop\Extras.Txt
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Downloads\OTL.exe
2014-06-04 09:30 - 2014-06-04 09:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-06-03 23:23 - 2014-06-03 23:23 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.txt
2014-06-03 23:09 - 2014-06-03 23:09 - 04156051 _____ () C:\Users\Mark\Downloads\tdsskiller.zip
2014-06-03 23:08 - 2014-06-03 23:08 - 00003385 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06032014_230801.log
2014-06-03 18:20 - 2014-06-06 08:37 - 00029612 _____ () C:\Windows\PFRO.log
2014-06-03 08:45 - 2014-06-03 08:45 - 00001264 _____ () C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2014-06-03 08:45 - 2014-06-03 08:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 08:44 - 2014-06-03 08:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mark\Downloads\revosetup.exe
2014-06-02 12:45 - 2014-06-02 12:45 - 00003350 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06022014_124243.log
2014-06-01 13:33 - 2014-06-01 13:33 - 00004400 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_133145.log
2014-06-01 12:45 - 2014-06-01 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 09:42 - 2014-06-01 09:51 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-01 09:33 - 2014-06-01 09:33 - 00001607 _____ () C:\mbam.txt
2014-06-01 09:26 - 2014-06-01 09:26 - 00002880 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_092436.log
2014-06-01 09:02 - 2014-06-01 09:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-01 08:58 - 2014-06-06 08:38 - 00005544 _____ () C:\Windows\setupact.log
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 08:54 - 2014-06-01 08:54 - 01990574 _____ () C:\Users\Mark\Downloads\MGtools.exe
2014-06-01 08:47 - 2014-06-01 08:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 08:47 - 2014-06-01 08:47 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 08:46 - 2014-06-01 08:46 - 04748896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup414.exe
2014-05-31 22:21 - 2014-05-31 22:25 - 00000000 ____D () C:\Users\Mark\Downloads\Anger.Management.S02E62.720p.HDTV.X264-DIMENSION [PublicHD]
2014-05-31 22:06 - 2014-05-31 22:07 - 346027063 _____ () C:\Users\Mark\Downloads\ChromeOS-Vanilla-4028.0.2013_04_20_1810-r706c4144.zip
2014-05-31 22:06 - 2014-05-31 22:06 - 00001063 _____ () C:\Users\Public\Desktop\Win32DiskImager.lnk
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\Program Files (x86)\ImageWriter
2014-05-31 22:05 - 2014-05-31 22:05 - 12290974 _____ (ImageWriter Developers ) C:\Users\Mark\Downloads\Win32DiskImager-0.9.5-install.exe
2014-05-31 20:46 - 2014-05-31 20:46 - 00002234 _____ () C:\Users\Mark\Documents\Resolved Security Risks.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 05298672 _____ () C:\Users\Mark\Documents\Resolved Security Risks.mcf
2014-05-30 14:02 - 2014-05-30 14:02 - 00002657 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) MultipleLandmarks.rar
2014-05-30 14:02 - 2014-05-30 14:02 - 00000000 ____D () C:\Users\Mark\Documents\( uploadMB.com ) MultipleLandmarks
2014-05-30 12:51 - 2014-05-30 13:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\WinZip
2014-05-30 12:51 - 2014-05-30 13:21 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\Program Files\WinZip
2014-05-30 12:45 - 2014-05-30 12:45 - 03405129 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) ProcsKalonePackagev098p - Installer.rar
2014-05-29 20:56 - 2014-05-29 21:09 - 4115013632 _____ () C:\Users\Mark\Downloads\en_windows_8.1_with_update_x64_dvd_4065090.iso
2014-05-29 20:53 - 2014-05-29 20:53 - 00000851 _____ () C:\Users\Mark\Desktop\µTorrent.lnk
2014-05-29 20:53 - 2014-05-29 20:53 - 00000831 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-29 20:52 - 2014-06-01 08:49 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\uTorrent
2014-05-29 20:52 - 2014-05-29 20:52 - 01671504 _____ (BitTorrent Inc.) C:\Users\Mark\Downloads\uTorrent.exe
2014-05-29 20:35 - 2012-10-13 18:27 - 3581853696 _____ () C:\Users\Mark\Desktop\en_windows_8_x64_dvd_915440.iso
2014-05-29 20:29 - 2014-05-29 20:31 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-05-29 20:26 - 2014-05-29 20:31 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-29 20:26 - 2014-05-29 20:31 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-29 00:22 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\MediaServer
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\ProgramData\PDVD
2014-05-29 00:20 - 2014-06-03 18:45 - 00000000 ____D () C:\ProgramData\Temp
2014-05-29 00:20 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-29 00:20 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\install_clap
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-29 00:19 - 2014-05-29 00:22 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-29 00:19 - 2014-05-29 00:19 - 125163904 _____ () C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
2014-05-28 22:12 - 2014-05-28 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 22:12 - 2014-05-19 19:44 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-28 22:12 - 2014-05-19 19:44 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-28 22:12 - 2014-05-19 18:25 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-28 22:12 - 2014-05-19 18:25 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-28 22:12 - 2014-05-14 16:49 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-28 22:11 - 2014-05-19 19:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-28 22:11 - 2014-05-19 19:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-28 22:11 - 2014-05-19 19:44 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\Documents\Family Tree Maker
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\IsolatedStorage
2014-05-15 07:13 - 2014-05-15 07:14 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:13 - 00000946 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000940 _____ () C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Users\Mark\AppData\Local\Ancestry.com
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2014
2014-05-15 07:12 - 2014-05-15 07:13 - 00000000 ___HD () C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
2014-05-15 07:11 - 2014-05-15 07:12 - 00000000 ____D () C:\Users\Mark\Downloads\Family Tree Maker 2014
2014-05-14 12:51 - 2014-05-14 12:51 - 19158336 _____ () C:\Users\Mark\Downloads\PRO2K3XP_32.exe
2014-05-14 12:45 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 12:45 - 2014-05-05 21:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 12:45 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 12:45 - 2014-05-05 20:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 12:45 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 12:45 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 12:43 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 12:43 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 12:43 - 2014-04-11 19:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 12:43 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 12:43 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 12:43 - 2014-04-11 19:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 12:43 - 2014-04-11 19:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 12:43 - 2014-03-24 19:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 12:43 - 2014-03-24 19:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 12:43 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 12:43 - 2014-03-04 02:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 12:43 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 12:43 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 12:43 - 2014-03-04 02:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 12:43 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 12:43 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 12:43 - 2014-03-04 02:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 12:43 - 2014-03-04 02:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 12:43 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-11 16:36 - 2014-05-11 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-08 08:47 - 2014-06-06 08:54 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 08:46 - 2014-05-30 12:57 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 08:46 - 2014-05-30 12:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 08:46 - 2014-05-30 12:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-08 08:46 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 08:46 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 08:46 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 08:46 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-08 08:46 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 08:45 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004.exe
 
==================== One Month Modified Files and Folders =======
 
2014-06-06 08:58 - 2014-06-06 08:58 - 00014206 _____ () C:\Users\Mark\Desktop\FRST.txt
2014-06-06 08:58 - 2014-06-06 08:29 - 00000000 ____D () C:\FRST
2014-06-06 08:58 - 2014-03-21 13:37 - 00000000 ____D () C:\Users\Mark\AppData\Local\Temp
2014-06-06 08:54 - 2014-05-08 08:47 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 08:53 - 2014-06-06 08:53 - 00007890 _____ () C:\Users\Mark\Desktop\gmer.log
2014-06-06 08:43 - 2009-07-13 22:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-06 08:40 - 2014-06-06 08:48 - 00380416 _____ () C:\Users\Mark\Desktop\t2uo8bq3.exe
2014-06-06 08:40 - 2014-06-06 08:40 - 00380416 _____ () C:\Users\Mark\Downloads\t2uo8bq3.exe
2014-06-06 08:38 - 2014-06-01 08:58 - 00005544 _____ () C:\Windows\setupact.log
2014-06-06 08:38 - 2014-04-02 19:50 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 08:37 - 2014-06-06 08:35 - 00000000 ____D () C:\AdwCleaner
2014-06-06 08:37 - 2014-06-03 18:20 - 00029612 _____ () C:\Windows\PFRO.log
2014-06-06 08:37 - 2014-03-21 13:37 - 01744373 _____ () C:\Windows\WindowsUpdate.log
2014-06-06 08:37 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-06 08:37 - 2009-07-13 21:45 - 00016880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-06 08:37 - 2009-07-13 21:45 - 00016880 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-06 08:33 - 2014-06-06 08:34 - 01333465 _____ () C:\Users\Mark\Desktop\AdwCleaner.exe
2014-06-06 08:33 - 2014-06-06 08:33 - 01333465 _____ () C:\Users\Mark\Downloads\AdwCleaner.exe
2014-06-06 08:29 - 2014-06-06 08:29 - 02072576 _____ (Farbar) C:\Users\Mark\Downloads\FRST64 (1).exe
2014-06-06 08:29 - 2014-06-06 08:29 - 02072576 _____ (Farbar) C:\Users\Mark\Desktop\FRST64 (1).exe
2014-06-06 08:27 - 2014-06-06 08:27 - 00001459 _____ () C:\Users\Mark\Downloads\fixlist.txt
2014-06-06 00:07 - 2014-04-02 19:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDHomeRun
2014-06-05 20:00 - 2014-06-05 20:00 - 00000000 ____D () C:\Program Files\Silicondust
2014-06-05 13:25 - 2014-06-05 13:24 - 00059109 _____ () C:\Users\Mark\Desktop\FRST_1.txt
2014-06-05 13:24 - 2014-06-05 13:24 - 00020283 _____ () C:\Users\Mark\Desktop\Addition.txt
2014-06-05 13:23 - 2014-06-05 13:23 - 02068992 _____ (Farbar) C:\Users\Mark\Downloads\FRST64.exe
2014-06-05 12:42 - 2014-06-05 12:42 - 00003608 _____ () C:\Users\Mark\Downloads\SyeWcnKq.txt
2014-06-05 08:00 - 2014-06-04 17:32 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.log
2014-06-04 21:21 - 2014-03-24 16:30 - 00000000 ____D () C:\ProgramData\Origin
2014-06-04 21:21 - 2014-03-24 16:30 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-06-04 21:08 - 2014-04-05 20:05 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-04 19:09 - 2014-06-04 19:09 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-06-04 19:09 - 2014-06-04 19:07 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-04 19:04 - 2014-05-01 11:19 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-06-04 19:03 - 2014-05-01 11:19 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-06-04 19:03 - 2014-05-01 11:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-06-04 16:24 - 2014-06-04 16:24 - 00098582 _____ () C:\Users\Mark\Desktop\OTL.Txt
2014-06-04 16:24 - 2014-06-04 16:24 - 00049474 _____ () C:\Users\Mark\Desktop\Extras.Txt
2014-06-04 16:21 - 2014-06-04 16:21 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Downloads\OTL.exe
2014-06-04 09:30 - 2014-06-04 09:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\CrashDumps
2014-06-03 23:23 - 2014-06-03 23:23 - 00018733 _____ () C:\Users\Mark\Desktop\mbam.txt
2014-06-03 23:09 - 2014-06-03 23:09 - 04156051 _____ () C:\Users\Mark\Downloads\tdsskiller.zip
2014-06-03 23:08 - 2014-06-03 23:08 - 00003385 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06032014_230801.log
2014-06-03 23:05 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PLA
2014-06-03 18:45 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\Temp
2014-06-03 08:45 - 2014-06-03 08:45 - 00001264 _____ () C:\Users\Mark\Desktop\Revo Uninstaller.lnk
2014-06-03 08:45 - 2014-06-03 08:45 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 08:44 - 2014-06-03 08:44 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Mark\Downloads\revosetup.exe
2014-06-02 12:45 - 2014-06-02 12:45 - 00003350 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06022014_124243.log
2014-06-01 13:33 - 2014-06-01 13:33 - 00004400 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_133145.log
2014-06-01 12:45 - 2014-06-01 12:45 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 09:51 - 2014-06-01 09:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-06-01 09:33 - 2014-06-01 09:33 - 00001607 _____ () C:\mbam.txt
2014-06-01 09:26 - 2014-06-01 09:26 - 00002880 _____ () C:\Users\Mark\Desktop\RKreport_SCN_06012014_092436.log
2014-06-01 09:02 - 2014-06-01 09:02 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-06-01 08:58 - 2014-06-01 08:58 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-01 08:54 - 2014-06-01 08:54 - 01990574 _____ () C:\Users\Mark\Downloads\MGtools.exe
2014-06-01 08:49 - 2014-05-29 20:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\uTorrent
2014-06-01 08:49 - 2014-03-26 22:52 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Azureus
2014-06-01 08:49 - 2014-03-21 02:33 - 00000000 ____D () C:\Windows\Panther
2014-06-01 08:47 - 2014-06-01 08:47 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-06-01 08:47 - 2014-06-01 08:47 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-01 08:47 - 2014-06-01 08:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-01 08:46 - 2014-06-01 08:46 - 04748896 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup414.exe
2014-05-31 23:46 - 2014-03-26 23:53 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\vlc
2014-05-31 22:25 - 2014-05-31 22:21 - 00000000 ____D () C:\Users\Mark\Downloads\Anger.Management.S02E62.720p.HDTV.X264-DIMENSION [PublicHD]
2014-05-31 22:07 - 2014-05-31 22:06 - 346027063 _____ () C:\Users\Mark\Downloads\ChromeOS-Vanilla-4028.0.2013_04_20_1810-r706c4144.zip
2014-05-31 22:06 - 2014-05-31 22:06 - 00001063 _____ () C:\Users\Public\Desktop\Win32DiskImager.lnk
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer
2014-05-31 22:06 - 2014-05-31 22:06 - 00000000 ____D () C:\Program Files (x86)\ImageWriter
2014-05-31 22:05 - 2014-05-31 22:05 - 12290974 _____ (ImageWriter Developers ) C:\Users\Mark\Downloads\Win32DiskImager-0.9.5-install.exe
2014-05-31 20:46 - 2014-05-31 20:46 - 00002234 _____ () C:\Users\Mark\Documents\Resolved Security Risks.txt
2014-05-31 20:09 - 2014-05-31 20:09 - 05298672 _____ () C:\Users\Mark\Documents\Resolved Security Risks.mcf
2014-05-30 14:02 - 2014-05-30 14:02 - 00002657 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) MultipleLandmarks.rar
2014-05-30 14:02 - 2014-05-30 14:02 - 00000000 ____D () C:\Users\Mark\Documents\( uploadMB.com ) MultipleLandmarks
2014-05-30 13:21 - 2014-05-30 12:51 - 00000000 ____D () C:\Users\Mark\AppData\Local\WinZip
2014-05-30 13:21 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\WinZip
2014-05-30 12:57 - 2014-05-08 08:46 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 12:57 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-30 12:57 - 2014-05-08 08:46 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-30 12:51 - 2014-05-30 12:51 - 00002283 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00002277 _____ () C:\Users\Public\Desktop\WinZip.lnk
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2014-05-30 12:51 - 2014-05-30 12:51 - 00000000 ____D () C:\Program Files\WinZip
2014-05-30 12:51 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-30 12:45 - 2014-05-30 12:45 - 03405129 _____ () C:\Users\Mark\Downloads\( uploadMB.com ) ProcsKalonePackagev098p - Installer.rar
2014-05-29 21:09 - 2014-05-29 20:56 - 4115013632 _____ () C:\Users\Mark\Downloads\en_windows_8.1_with_update_x64_dvd_4065090.iso
2014-05-29 20:53 - 2014-05-29 20:53 - 00000851 _____ () C:\Users\Mark\Desktop\µTorrent.lnk
2014-05-29 20:53 - 2014-05-29 20:53 - 00000831 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-05-29 20:52 - 2014-05-29 20:52 - 01671504 _____ (BitTorrent Inc.) C:\Users\Mark\Downloads\uTorrent.exe
2014-05-29 20:31 - 2014-05-29 20:29 - 00000000 ___HD () C:\$WINDOWS.~BT
2014-05-29 20:31 - 2014-05-29 20:26 - 00001908 _____ () C:\Windows\diagwrn.xml
2014-05-29 20:31 - 2014-05-29 20:26 - 00001908 _____ () C:\Windows\diagerr.xml
2014-05-29 00:22 - 2014-05-29 00:22 - 00000000 ____D () C:\Users\Mark\Documents\CyberLink
2014-05-29 00:22 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Public\CyberLink
2014-05-29 00:22 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\CyberLink
2014-05-29 00:22 - 2014-05-29 00:19 - 00000000 ____D () C:\ProgramData\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\Users\Mark\AppData\Local\MediaServer
2014-05-29 00:21 - 2014-05-29 00:21 - 00000000 ____D () C:\ProgramData\PDVD
2014-05-29 00:20 - 2014-05-29 00:20 - 00002188 _____ () C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Users\Mark\AppData\Local\CyberLink
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\ProgramData\install_clap
2014-05-29 00:20 - 2014-05-29 00:20 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-05-29 00:20 - 2014-03-23 22:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-29 00:19 - 2014-05-29 00:19 - 125163904 _____ () C:\Users\Mark\Documents\TSST.12.0.12148.2118_DVD121001-03.exe
2014-05-28 22:12 - 2014-05-28 22:12 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-28 22:12 - 2014-03-21 13:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-28 22:12 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
2014-05-28 22:08 - 2014-04-02 19:50 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-19 19:44 - 2014-05-28 22:12 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-05-19 19:44 - 2014-05-28 22:12 - 00052056 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 18531568 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 14434704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-19 19:44 - 2014-05-28 22:11 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 03109248 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02730208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00952952 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-19 19:44 - 2014-05-28 22:11 - 00026069 _____ () C:\Windows\system32\nvinfo.pb
2014-05-19 18:25 - 2014-05-28 22:12 - 06769096 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 03514144 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 00927520 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-05-19 18:25 - 2014-05-28 22:12 - 00387528 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-05-19 18:25 - 2014-05-28 22:12 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\Documents\Family Tree Maker
2014-05-15 07:14 - 2014-05-15 07:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\IsolatedStorage
2014-05-15 07:14 - 2014-05-15 07:13 - 00000000 ____D () C:\Program Files\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:13 - 00000946 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000940 _____ () C:\Users\Public\Desktop\Family Tree Maker 2014.lnk
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\Users\Mark\AppData\Local\Ancestry.com
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Tree Maker 2014
2014-05-15 07:13 - 2014-05-15 07:12 - 00000000 ___HD () C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}
2014-05-15 07:12 - 2014-05-15 07:11 - 00000000 ____D () C:\Users\Mark\Downloads\Family Tree Maker 2014
2014-05-14 20:26 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-05-14 20:01 - 2014-03-24 03:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-14 16:49 - 2014-05-28 22:12 - 03774821 _____ () C:\Windows\system32\nvcoproc.bin
2014-05-14 12:51 - 2014-05-14 12:51 - 19158336 _____ () C:\Users\Mark\Downloads\PRO2K3XP_32.exe
2014-05-14 12:48 - 2009-07-13 22:08 - 00032622 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-14 12:47 - 2014-03-21 13:37 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-14 12:47 - 2014-03-21 13:37 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-14 12:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-14 12:45 - 2014-03-21 13:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 12:44 - 2014-03-21 13:57 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-12 07:26 - 2014-05-08 08:46 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-05-08 08:46 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-08 08:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 16:36 - 2014-05-11 16:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-11 16:02 - 2014-04-02 19:50 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-11 16:02 - 2014-04-02 19:50 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-08 10:51 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Cursors
2014-05-08 08:46 - 2014-05-08 08:46 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004 (1).exe
2014-05-08 08:46 - 2014-05-08 08:46 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 08:46 - 2014-05-08 08:45 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Mark\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 03:38 - 2014-04-01 17:03 - 00000000 ____D () C:\Windows\System32\Tasks\Games
 
Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-05-29 20:06
 
==================== End Of Log ============================

  • 0

#13
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts

I forgot to mention when running GMER I was getting an error:

C:/windows/system32/config/system: The process cannot access the file because it is being used by another process.

 

It came up 3 or 4 times.  I did disable av/firewall/mbam beforehand.

 

also, I notice during the first error GMER already reported something about an MBR error, but I use an SSD and I set the BIOS to boot from my UEFI bios and I formatted my SSD in GPT mode if that matters at all.


  • 0

#14
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi :)
 
 

I forgot to mention when running GMER I was getting an error:
C:/windows/system32/config/system: The process cannot access the file because it is being used by another process.

It came up 3 or 4 times. I did disable av/firewall/mbam beforehand.

also, I notice during the first error GMER already reported something about an MBR error, but I use an SSD and I set the BIOS to boot from my UEFI bios and I formatted my SSD in GPT mode if that matters at all.


That's nothing to be concerned about. Anti-Rootkit scanners sometimes 'misbehave' on certain systems. Your Gmer report came up looking pretty good, so don't worry.
 


Download TFC by OldTimer to your desktop.

  • Double-click TFC.exe to run it. (Note: If you are running Vista or higher, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
And after that couple of last scans just to be sure if there isn't anything more to remove.
 
 
Please re-run Malwarebytes' Anti-Malware
  • select update
    • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

      MBAMsettings.JPG

    • Go back to the Dashboard and select Scan Now

      MBAMScan.JPG

    • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

      MBAMReboot.JPG

    • On completion of the scan (or after the reboot) select View Detailed Log

      Select Export > Select text file and save it to the desktop.

      MBAMLog.JPG

  • Please post that log for my review.

     

    = = = = = = = = = = = = = = = = = = = =



    ESET Online Scanner
    icon_idea.gif This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox


    icon_arrow.gif Please visit ESET site.
    • Click fxn8GTf.jpg
    • When using:
      • Internet Explorer:
        • Accept the Terms of Use and click Start
        • Allow the running of add-on
      • Other browsers:
        • Download esetsmartinstaller_enu.exe that you'll be given link to 
        • Double click esetsmartinstaller_enu.exe
        • Allow the Terms of Use and click Start
      icon_exclaim.gif Make sure that:
      • Remove found threats is unchecked
      • Scan archives is checked, in Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked

      lUnQ7NW.png

  • Click Start

  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan

  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

= = = = = = = = = = = = = = = = = = = =



Now in your next reply please include these ones for my review:
icon_arrow.gif MBAM report
icon_arrow.gif ESET Online report

I don't mind multiple posts if necessary.

Cheers,
Naat :)
  • 0

#15
MarkJohnson

MarkJohnson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Here's the mbam ad eset logs yu requested.  MBAM reports nothing found and EST found 4 more issues.
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/6/2014
Scan Time: 3:46:58 PM
Logfile: mbam.log
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.06.06.10
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mark
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280894
Time Elapsed: 2 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
Here's the ESET log.txt file.
 
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=923ead917ac51e4db7365c1779f13304
# engine=18603
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-06 11:35:41
# local_time=2014-06-06 04:35:41 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 87 100 0 152673837 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3042875 153641191 0 0
# scanned=106998
# found=4
# cleaned=0
# scan_time=1222
sh=31F709955DE64FF4193FC9389848F654AA457288 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\ProgramData\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res"
sh=31F709955DE64FF4193FC9389848F654AA457288 ft=0 fh=0000000000000000 vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\All Users\{3F06E471-FD45-4DB4-83A5-E68D149EA29F}\setup.res"
sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Mark\Downloads\ccsetup414.exe"
sh=CC81BC72DB7565920D75B3A71D4A21D3FE57CBB4 ft=1 fh=8f7c652491d8752d vn="a variant of Win32/HiddenStart.A potentially unsafe application" ac=I fn="C:\Users\Mark\Downloads\Family Tree Maker 2014\setup.exe"
 

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP