Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Ransomware Issue, not resolved using Kaspersky Rescue Disk [Solve


  • This topic is locked This topic is locked

#16
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
I will try that if I can't get the usb drive to be successful this afternoon. Thanks for the suggestion.
  • 0

Advertisements


#17
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

If you'll encounter any issues - let me know :)


  • 0

#18
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Naat, I got it working with a bootable cd. See Frst logfile below. Feeling optimistic that we are making some progress towards seeing where this sucker is hiding.  :smashcomp:

 

FRST Logfile

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01
Ran by SYSTEM on MININT-BIQ1RK4 on 20-08-2014 23:06:31
Running from K:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN)
HKU\mary58\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-02] (Google Inc.)
HKU\mary58\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe [3207912 2013-07-23] (Microsoft Corporation)
HKU\mary58\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\mary58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk -> C:\Program Files\hp\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563024 2009-09-11] (Affinegy, Inc.)
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-14] (APN LLC.)
S4 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-25] (CyberLink)
S2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-08] (Symantec Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
S3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1799552 2009-12-15] (Hauppauge Computer Works, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-26] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA))
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS [117808 2010-08-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS [1791536 2010-08-13] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-20 23:06 - 2014-08-20 23:06 - 00000000 ____D () C:\FRST
2014-08-20 04:42 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2014-08-20 04:42 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-20 04:42 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-20 04:42 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2014-08-20 04:42 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2014-08-20 04:42 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2014-08-20 04:42 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-20 04:42 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 17:45 - 2014-08-18 17:45 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-08-17 16:11 - 2014-07-31 15:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-08-17 16:11 - 2014-07-31 15:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 16:11 - 2014-07-25 06:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-08-17 16:11 - 2014-07-25 06:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-08-17 16:11 - 2014-07-25 06:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-08-17 16:11 - 2014-07-25 05:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 16:11 - 2014-07-25 05:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-08-17 16:11 - 2014-07-25 05:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-08-17 16:11 - 2014-07-25 05:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-08-17 16:11 - 2014-07-25 05:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-08-17 16:11 - 2014-07-25 05:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-08-17 16:11 - 2014-07-25 05:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-08-17 16:11 - 2014-07-25 05:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-08-17 16:11 - 2014-07-25 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 16:11 - 2014-07-25 05:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-08-17 16:11 - 2014-07-25 05:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-08-17 16:11 - 2014-07-25 05:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-08-17 16:11 - 2014-07-25 04:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-08-17 16:11 - 2014-07-25 04:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-08-17 16:11 - 2014-07-25 04:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-08-17 16:11 - 2014-07-25 04:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 16:11 - 2014-07-25 04:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 16:11 - 2014-07-25 04:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 16:11 - 2014-07-25 04:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 16:11 - 2014-07-25 04:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-08-17 16:11 - 2014-07-25 04:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-08-17 16:11 - 2014-07-25 04:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 16:11 - 2014-07-25 04:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-08-17 16:11 - 2014-07-25 04:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 16:11 - 2014-07-25 04:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-08-17 16:11 - 2014-07-25 04:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 16:11 - 2014-07-25 04:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 16:11 - 2014-07-25 04:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-08-17 16:11 - 2014-07-25 04:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 16:11 - 2014-07-25 04:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 16:11 - 2014-07-25 04:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 16:11 - 2014-07-25 03:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 16:11 - 2014-07-25 03:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-08-17 16:11 - 2014-07-25 03:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 16:11 - 2014-07-25 03:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-08-17 16:11 - 2014-07-25 03:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-08-17 16:11 - 2014-07-25 03:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-08-17 16:11 - 2014-07-25 03:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 16:11 - 2014-07-25 03:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 16:11 - 2014-07-25 03:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 16:11 - 2014-07-25 03:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-08-17 16:11 - 2014-07-25 03:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 16:11 - 2014-07-25 03:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 16:11 - 2014-07-25 03:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 16:11 - 2014-07-25 03:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 16:11 - 2014-07-25 02:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-08-17 16:11 - 2014-07-25 02:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-08-17 16:11 - 2014-07-25 02:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-08-17 16:11 - 2014-07-25 02:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 16:11 - 2014-07-25 02:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 16:11 - 2014-07-25 02:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 16:11 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2014-08-17 16:11 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 16:11 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2014-08-17 16:00 - 2014-08-06 18:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-17 16:00 - 2014-08-06 18:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-17 04:55 - 2014-08-19 10:24 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-08-10 16:03 - 2014-08-20 04:03 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-08-09 22:53 - 2014-08-10 16:45 - 00000000 ____D () C:\Users\mary58\Desktop\oldschool blues
2014-08-05 18:16 - 2014-08-05 18:16 - 00000000 ____D () C:\Users\mary58\Desktop\acapella
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\mary58\AppData\Local\AskPartnerNetwork
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-20 23:06 - 2014-08-20 23:06 - 00000000 ____D () C:\FRST
2014-08-20 15:21 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-20 15:21 - 2009-07-13 20:51 - 00068976 _____ () C:\Windows\setupact.log
2014-08-20 15:20 - 2011-09-11 07:57 - 01976399 _____ () C:\Windows\WindowsUpdate.log
2014-08-20 15:20 - 2009-07-13 21:13 - 00783400 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-20 15:20 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-20 15:20 - 2009-07-13 20:45 - 00018736 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-20 15:13 - 2009-07-13 21:08 - 00028406 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-20 15:10 - 2012-12-05 10:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 14:26 - 2011-10-02 11:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-20 11:38 - 2014-01-26 06:41 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleFormary58.job
2014-08-20 06:04 - 2011-05-24 14:27 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-20 05:53 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 05:28 - 2012-12-16 09:18 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-20 05:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-20 04:40 - 2014-05-06 00:00 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-20 04:07 - 2011-10-02 11:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-20 04:03 - 2014-08-10 16:03 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-08-19 10:24 - 2014-08-17 04:55 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-08-18 17:45 - 2014-08-18 17:45 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-08-18 17:45 - 2011-09-12 08:46 - 00000000 ____D () C:\Users\mary58\AppData\Roaming\SoftGrid Client
2014-08-18 03:44 - 2011-11-08 12:20 - 00000000 ____D () C:\Users\mary58\AppData\Local\CrashDumps
2014-08-10 16:49 - 2013-03-14 00:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-10 16:49 - 2013-03-14 00:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-10 16:47 - 2014-06-02 04:14 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2047981503-1941223184-1078615342-1000
2014-08-10 16:47 - 2014-01-21 17:44 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2047981503-1941223184-1078615342-1000
2014-08-10 16:45 - 2014-08-09 22:53 - 00000000 ____D () C:\Users\mary58\Desktop\oldschool blues
2014-08-10 11:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-08-10 05:38 - 2014-01-26 06:41 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormary58
2014-08-10 05:37 - 2011-11-13 16:52 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-10 05:37 - 2011-09-25 14:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-09 22:36 - 2014-05-07 17:02 - 00000000 ____D () C:\Users\mary58\Documents\VirtualDJ
2014-08-06 18:06 - 2014-08-17 16:00 - 00529920 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-08-06 18:01 - 2014-08-17 16:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-08-06 17:36 - 2014-05-25 17:07 - 00000000 ____D () C:\Users\mary58\Desktop\May 25 2014
2014-08-05 18:16 - 2014-08-05 18:16 - 00000000 ____D () C:\Users\mary58\Desktop\acapella
2014-08-05 18:04 - 2014-08-05 18:04 - 00000000 ____D () C:\Users\mary58\AppData\Local\AskPartnerNetwork
2014-08-05 06:20 - 2011-09-21 05:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-08-03 16:29 - 2014-07-13 18:18 - 00000000 ____D () C:\Users\mary58\Desktop\july 13
2014-07-31 15:41 - 2014-08-17 16:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-31 15:16 - 2014-08-17 16:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-25 06:52 - 2014-08-17 16:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-25 06:02 - 2014-08-17 16:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-25 06:01 - 2014-08-17 16:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 05:51 - 2014-08-17 16:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 05:30 - 2014-08-17 16:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-25 05:28 - 2014-08-17 16:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-07-25 05:28 - 2014-08-17 16:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-07-25 05:25 - 2014-08-17 16:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-25 05:25 - 2014-08-17 16:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-07-25 05:11 - 2014-08-17 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-25 05:10 - 2014-08-17 16:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-25 05:04 - 2014-08-17 16:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 05:03 - 2014-08-17 16:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-25 05:00 - 2014-08-17 16:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-07-25 05:00 - 2014-08-17 16:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-07-25 04:59 - 2014-08-17 16:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-07-25 04:47 - 2014-08-17 16:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 04:40 - 2014-08-17 16:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-25 04:34 - 2014-08-17 16:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 04:34 - 2014-08-17 16:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 04:33 - 2014-08-17 16:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 04:30 - 2014-08-17 16:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 04:28 - 2014-08-17 16:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-25 04:28 - 2014-08-17 16:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 04:21 - 2014-08-17 16:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 04:19 - 2014-08-17 16:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-25 04:18 - 2014-08-17 16:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 04:17 - 2014-08-17 16:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-25 04:17 - 2014-08-17 16:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 04:12 - 2014-08-17 16:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 04:10 - 2014-08-17 16:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-25 04:10 - 2014-08-17 16:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 04:08 - 2014-08-17 16:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 04:06 - 2014-08-17 16:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 03:52 - 2014-08-17 16:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 03:47 - 2014-08-17 16:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-25 03:43 - 2014-08-17 16:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 03:42 - 2014-08-17 16:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-25 03:39 - 2014-08-17 16:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-25 03:39 - 2014-08-17 16:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-07-25 03:36 - 2014-08-17 16:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 03:34 - 2014-08-17 16:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 03:29 - 2014-08-17 16:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 03:23 - 2014-08-17 16:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-25 03:13 - 2014-08-17 16:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 03:07 - 2014-08-17 16:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 03:07 - 2014-08-17 16:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 03:03 - 2014-08-17 16:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 02:52 - 2014-08-17 16:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-25 02:26 - 2014-08-17 16:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-25 02:17 - 2014-08-17 16:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-07-25 02:09 - 2014-08-17 16:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 02:05 - 2014-08-17 16:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 02:00 - 2014-08-17 16:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 
Some content of TEMP:
====================
C:\Users\mary58\AppData\Local\Temp\sp64126.exe
C:\Users\mary58\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2014-06-11 00:00:25
Restore point made on: 2014-06-17 01:24:58
Restore point made on: 2014-06-24 21:00:06
Restore point made on: 2014-07-10 14:50:29
Restore point made on: 2014-07-11 00:00:17
Restore point made on: 2014-07-12 00:00:29
Restore point made on: 2014-07-20 05:15:37
Restore point made on: 2014-07-27 21:00:14
Restore point made on: 2014-08-04 15:19:13
Restore point made on: 2014-08-05 17:21:52
Restore point made on: 2014-08-06 00:00:14
Restore point made on: 2014-08-17 15:56:57
Restore point made on: 2014-08-20 04:39:44
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8191.29 MB
Available physical RAM: 7366.43 MB
Total Pagefile: 8189.43 MB
Available Pagefile: 7362.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1384.28 GB) (Free:1246.42 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:12.88 GB) (Free:1.58 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Repair disc Windows 7 64-bit) (CDROM) (Total:0.16 GB) (Free:0 GB) UDF
Drive k: () (Removable) (Total:3.73 GB) (Free:3.72 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1397.3 GB) (Disk ID: 6A3A38C1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1384.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 3.7 GB) (Disk ID: 07137FDE)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)
 
 
LastRegBack: 2014-08-20 05:45
 
==================== End Of Log ============================

  • 0

#19
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi :)
 
I need to run another scan from the Recovery Environment.
The instructions point to the USB booting, you should do it from CD/DVD created prior and just run a RogueKiller scan.
 
 
rufus-128.png_RogueKiller.png Scan with RogueKiller from the Recovery Environment

We will be working outside of Windows, so I think it would be prudent to save it or print down for further reference.
This instruction is a quite complicated one as it contains multiple steps. We will need a clean machine and a USB stick (thumbdrive).

DOWNLOADS

Prepare the tool on your clean machine.

Please download RogueKiller and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection there, as it may detect is as harmful - instructions here.
After downloaded, please transfer it to the root of your USB stick.
Now unplug your pendrive and move it into your corrupted machine.

ACTION

Insert your USB drive to the corrupted machine and start the computer.
Make sure that booting from USB is set. If you don't know how to do it, instructions HERE.

Getting form one step to another during this part will take some time. Please be patient.

WindowsKey.png Run Recovery Environment

  • When the machine boots-up, you will see the Install now window. Instead choose the Repair my computer option.
  • You will be presented with the list of operating systems (usually there will be only one). Highlight it by clicking on it and select Next.
  • In the Choose Recovery Tool menu select Command Prompt.

You will see a big black window with a blinking cursor (command prompt).

notepad.png Access the notepad and identify your USB drive

In the Command Prompt please type in:

notepad

and press Enter.

  • When the notepad opens, go to File menu.
  • Select Open.
  • Go to Computer and search there for your USB drive letter.

Note down the letter and close the notepad.

RogueKiller.png Scan with RogueKiller

Once back in the command prompt window, please do the following:

  • Type in e:\roguekillerx64.exe and press Enter.
    You need to replace e with the letter of your USB drive taken from notepad!
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please make sure that you have saved this logfile to the root of your pendive!
Also do not click Delete unless instructed!

Transfer it to your clean machine and include it in your next reply.


  • 0

#20
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Hi Naat, It appears initialization for Rogue Killer has run for about 10 minutes now. Should I continue to wait?


  • 0

#21
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

If it started, please wait.

 

If no joy after another couple of minutes, please retry after the reboot.


  • 0

#22
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I had to do a reboot and Rogue Killer is still doing the initialization  for about 30 minutes now. I will let it continue and hopefully it will finish running before I have to leave for the job this morning. 


  • 0

#23
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
You may try it later once more.

In the meantime please post me a screenshot of this ransomware. I suppose that it could be difficult, but see if you can make a picture from your mobile or so.
  • 0

#24
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Naat,  I was not able to take a picture of the ransonware virus because I received an error message. See below 

 

 

 

 `  

Attached Thumbnails

  • IMAG0758.jpg

  • 0

#25
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
And what happens when you click OK?
  • 0

Advertisements


#26
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

I have a blank desktop with a black screen and only the recycle bin icon. I can still seem to access the control panel and folders by using the start menu.


  • 0

#27
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Are you able to run FRST there? May be even from your pendrive.

If so, try to run a scan there.
  • 0

#28
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Running frst now, I found a picture of the virus on this forum. I think my version had one window displaying you were being recorded, but it resembles this picture below. 

 

post-388496-0-54473200-1403564861.jpeg


  • 0

#29
Jay2014

Jay2014

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts

Here is the Frst logfile. 

 

`Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2014 01

Ran by mary58 (administrator) on MARY58-HP on 21-08-2014 06:53:27
Running from J:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Affinegy, Inc.) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccsvchst.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [664600 2010-09-28] (PDF Complete Inc)
HKLM-x32\...\Run: [Easy Dock] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2014-01-22] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN)
HKU\S-1-5-21-2047981503-1941223184-1078615342-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-10-02] (Google Inc.)
HKU\S-1-5-21-2047981503-1941223184-1078615342-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\cvh.exe [3207912 2013-07-23] (Microsoft Corporation)
HKU\S-1-5-21-2047981503-1941223184-1078615342-1000\...\Run: [HP Officejet 4620 series (NET)] => C:\Program Files\hp\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\Users\mary58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 4620 series (Network).lnk -> C:\Program Files\hp\HP Officejet 4620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
URLSearchHook: HKLM-x32 - Radio 1.1 Toolbar - {2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} - C:\Program Files (x86)\Radio_1.1\prxtbRadi.dll (Conduit Ltd.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM-x32 - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKCU - DefaultScope {37E24096-BD71-4D1B-ACA8-F62ECF1AD18E} URL = http://search.condui...&ctid=CT3014000
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKCU - {37E24096-BD71-4D1B-ACA8-F62ECF1AD18E} URL = http://search.condui...&ctid=CT3014000
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = https://www.google.c...q={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKCU - {B89729B4-EEB1-4B36-ABD0-A4DD770F0C31} URL = http://www.search.as...archTerms}&psv=
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKCU - {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.co...s}&mfe=Desktops
SearchScopes: HKCU - {DCB7FDFF-CE98-4B16-8822-9843B01EA84B} URL = http://websearch.sho...q={searchTerms}
BHO: Virtual DJ Toolbar -> {56444A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ-V7\Passport_x64.dll (APN LLC.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Radio 1.1 Toolbar -> {2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} -> C:\Program Files (x86)\Radio_1.1\prxtbRadi.dll (Conduit Ltd.)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Virtual DJ Toolbar -> {56444A2D-5637-006A-76A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ-V7\Passport.dll (APN LLC.)
BHO-x32: Symantec NCO BHO -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
BHO-x32: ShopAtHome.com Cash Back Helper -> {66516A07-F617-488A-90CF-4E690CFB3C5F} -> C:\Users\mary58\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Virtual DJ Toolbar - {56444A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Radio 1.1 Toolbar - {2d7432c9-a3fd-4ed1-aea9-fbdb12dba4a7} - C:\Program Files (x86)\Radio_1.1\prxtbRadi.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - ShopAtHome.com Toolbar - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\mary58\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Virtual DJ Toolbar - {56444A2D-5637-006A-76A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\VDJ-V7\Passport.dll (APN LLC.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {2D7432C9-A3FD-4ED1-AEA9-FBDB12DBA4A7} -  No File
DPF: HKLM-x32 {E0FEE963-BB53-4215-81AD-B28C77384644} https://pattcw.att.m...Installer64.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @hulu.com/Hulu Desktop -> C:\Users\mary58\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn
FF Extension: Symantec IPS - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn [2011-09-11]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_13_2 [2014-08-21]
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2012-12-16]
 
Chrome: 
=======
CHR DefaultSuggestURL: {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.114\pdf.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Hulu Desktop) - C:\Users\mary58\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\mary58\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-12-16]
CHR Extension: (Google Search) - C:\Users\mary58\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-16]
CHR Extension: (RealDownloader) - C:\Users\mary58\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2012-12-16]
CHR Extension: (Google Wallet) - C:\Users\mary58\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-05]
CHR Extension: (Gmail) - C:\Users\mary58\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-16]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [563024 2009-09-11] (Affinegy, Inc.)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-14] (APN LLC.)
S4 CLKMSVC10_C6F09094; C:\Program Files (x86)\Hewlett-Packard\Media\DVD\Kernel\HDDVD\NavFilter\kmsvc.exe [245232 2010-11-25] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LeapFrog Connect Device Service; C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe [7393280 2014-01-22] (LeapFrog Enterprises, Inc.) [File not signed]
S4 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 McciCMService; C:\Program Files (x86)\Common Files\Motive\McciCMService.exe [319488 2010-04-30] (Alcatel-Lucent) [File not signed]
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2010-04-30] (Alcatel-Lucent) [File not signed]
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
S4 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20100810.004\BHDrvx64.sys [945200 2010-08-08] (Symantec Corporation)
S3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [27456 2012-05-29] (Windows ® Codename Longhorn DDK provider)
S3 cqcpu; C:\Windows\System32\drivers\cqcpu.sys [24376 2010-03-01] ()
R3 HCW723x; C:\Windows\System32\DRIVERS\HCW723x.sys [1799552 2009-12-15] (Hauppauge Computer Works, Inc.)
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-09-11] (Hauppauge Computer Works, Inc.)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20100706.002\IDSVia64.sys [463408 2010-06-26] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-04-30] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\ENG64.SYS [117808 2010-08-13] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20100813.009\EX64.SYS [1791536 2010-08-13] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2011-09-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-21 06:26 - 2014-08-21 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Hewlett-Packard
2014-08-21 06:26 - 2014-08-21 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Hewlett-Packard
2014-08-21 02:06 - 2014-08-21 06:53 - 00000000 ____D () C:\FRST
2014-08-20 07:42 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-20 07:42 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-20 07:42 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-20 07:42 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-20 07:42 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-20 07:42 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-20 07:42 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-20 07:42 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-18 20:45 - 2014-08-21 06:20 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-08-17 19:11 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-17 19:11 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-17 19:11 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-17 19:11 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-17 19:11 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-17 19:11 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-17 19:11 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-17 19:11 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-17 19:11 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-17 19:11 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-17 19:11 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-17 19:11 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-17 19:11 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-17 19:11 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-17 19:11 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-17 19:11 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-17 19:11 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-17 19:11 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-17 19:11 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-17 19:11 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-17 19:11 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-17 19:11 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-17 19:11 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-17 19:11 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-17 19:11 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-17 19:11 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-17 19:11 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-17 19:11 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-17 19:11 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-17 19:11 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-17 19:11 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-17 19:11 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-17 19:11 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-17 19:11 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-17 19:11 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-17 19:11 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-17 19:11 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-17 19:11 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-17 19:11 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-17 19:11 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-17 19:11 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-17 19:11 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-17 19:11 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-17 19:11 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-17 19:11 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-17 19:11 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-17 19:11 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-17 19:11 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-17 19:11 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-17 19:11 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-17 19:11 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-17 19:11 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-17 19:11 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-17 19:11 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-17 19:11 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-17 19:11 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-17 19:11 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-17 19:11 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-17 19:11 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-17 19:00 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-17 19:00 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-17 07:55 - 2014-08-19 13:24 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-08-10 19:03 - 2014-08-20 07:03 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-08-10 01:53 - 2014-08-10 19:45 - 00000000 ____D () C:\Users\mary58\Desktop\oldschool blues
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Users\mary58\Desktop\acapella
2014-08-05 21:04 - 2014-08-05 21:04 - 00000000 ____D () C:\Users\mary58\AppData\Local\AskPartnerNetwork
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-21 06:53 - 2014-08-21 02:06 - 00000000 ____D () C:\FRST
2014-08-21 06:35 - 2011-09-11 10:57 - 02014504 _____ () C:\Windows\WindowsUpdate.log
2014-08-21 06:26 - 2014-08-21 06:26 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Hewlett-Packard
2014-08-21 06:26 - 2014-08-21 06:26 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Hewlett-Packard
2014-08-21 06:26 - 2011-10-02 14:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-21 06:26 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-21 06:26 - 2009-07-13 23:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-21 06:24 - 2009-07-14 00:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-21 06:20 - 2014-08-18 20:45 - 00003376 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-08-21 06:20 - 2011-10-02 14:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-21 06:20 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-21 06:19 - 2009-07-14 00:08 - 00028906 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-21 06:18 - 2009-07-13 23:51 - 00069032 _____ () C:\Windows\setupact.log
2014-08-20 18:10 - 2012-12-05 13:59 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-20 14:38 - 2014-01-26 09:41 - 00000336 _____ () C:\Windows\Tasks\HPCeeScheduleFormary58.job
2014-08-20 09:04 - 2011-05-24 17:27 - 00000000 ____D () C:\ProgramData\PDFC
2014-08-20 08:53 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-08-20 08:28 - 2012-12-16 12:18 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-20 08:01 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-20 07:40 - 2014-05-06 03:00 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-20 07:03 - 2014-08-10 19:03 - 00000000 ___HD () C:\Users\Public\Documents\Report
2014-08-19 13:24 - 2014-08-17 07:55 - 00000000 ____D () C:\Kaspersky Rescue Disk 10.0
2014-08-18 20:45 - 2011-09-12 11:46 - 00000000 ____D () C:\Users\mary58\AppData\Roaming\SoftGrid Client
2014-08-18 06:44 - 2011-11-08 15:20 - 00000000 ____D () C:\Users\mary58\AppData\Local\CrashDumps
2014-08-10 19:49 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-08-10 19:49 - 2013-03-14 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-10 19:47 - 2014-06-02 07:14 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2047981503-1941223184-1078615342-1000
2014-08-10 19:47 - 2014-01-21 20:44 - 00003212 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2047981503-1941223184-1078615342-1000
2014-08-10 19:45 - 2014-08-10 01:53 - 00000000 ____D () C:\Users\mary58\Desktop\oldschool blues
2014-08-10 14:41 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-08-10 08:38 - 2014-01-26 09:41 - 00003192 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFormary58
2014-08-10 08:37 - 2011-11-13 19:52 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-08-10 08:37 - 2011-09-25 17:56 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-08-10 01:36 - 2014-05-07 20:02 - 00000000 ____D () C:\Users\mary58\Documents\VirtualDJ
2014-08-06 21:06 - 2014-08-17 19:00 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 21:01 - 2014-08-17 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-06 20:36 - 2014-05-25 20:07 - 00000000 ____D () C:\Users\mary58\Desktop\May 25 2014
2014-08-06 03:02 - 2013-03-14 03:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-05 21:16 - 2014-08-05 21:16 - 00000000 ____D () C:\Users\mary58\Desktop\acapella
2014-08-05 21:04 - 2014-08-05 21:04 - 00000000 ____D () C:\Users\mary58\AppData\Local\AskPartnerNetwork
2014-08-05 09:20 - 2011-09-21 08:12 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-03 19:29 - 2014-07-13 21:18 - 00000000 ____D () C:\Users\mary58\Desktop\july 13
2014-07-31 18:41 - 2014-08-17 19:11 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-31 18:16 - 2014-08-17 19:11 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-25 09:52 - 2014-08-17 19:11 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-25 09:02 - 2014-08-17 19:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-25 09:01 - 2014-08-17 19:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-25 08:51 - 2014-08-17 19:11 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-25 08:30 - 2014-08-17 19:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-25 08:28 - 2014-08-17 19:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-25 08:28 - 2014-08-17 19:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-25 08:25 - 2014-08-17 19:11 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-25 08:25 - 2014-08-17 19:11 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-25 08:11 - 2014-08-17 19:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-25 08:10 - 2014-08-17 19:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-25 08:04 - 2014-08-17 19:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-25 08:03 - 2014-08-17 19:11 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-25 08:00 - 2014-08-17 19:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-25 08:00 - 2014-08-17 19:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-25 07:59 - 2014-08-17 19:11 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-25 07:47 - 2014-08-17 19:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-25 07:40 - 2014-08-17 19:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-25 07:34 - 2014-08-17 19:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-25 07:34 - 2014-08-17 19:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-25 07:33 - 2014-08-17 19:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-25 07:30 - 2014-08-17 19:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-25 07:28 - 2014-08-17 19:11 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-25 07:28 - 2014-08-17 19:11 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-25 07:21 - 2014-08-17 19:11 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-25 07:19 - 2014-08-17 19:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-25 07:18 - 2014-08-17 19:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-25 07:17 - 2014-08-17 19:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-25 07:17 - 2014-08-17 19:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-25 07:12 - 2014-08-17 19:11 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-25 07:10 - 2014-08-17 19:11 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-25 07:10 - 2014-08-17 19:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-25 07:08 - 2014-08-17 19:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-25 07:06 - 2014-08-17 19:11 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-25 06:52 - 2014-08-17 19:11 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-25 06:47 - 2014-08-17 19:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-25 06:43 - 2014-08-17 19:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-25 06:42 - 2014-08-17 19:11 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-25 06:39 - 2014-08-17 19:11 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-25 06:39 - 2014-08-17 19:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-25 06:36 - 2014-08-17 19:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-25 06:34 - 2014-08-17 19:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-25 06:29 - 2014-08-17 19:11 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-25 06:23 - 2014-08-17 19:11 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-25 06:13 - 2014-08-17 19:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-25 06:07 - 2014-08-17 19:11 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-25 06:07 - 2014-08-17 19:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-25 06:03 - 2014-08-17 19:11 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-25 05:52 - 2014-08-17 19:11 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-25 05:26 - 2014-08-17 19:11 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-25 05:17 - 2014-08-17 19:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-25 05:09 - 2014-08-17 19:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-25 05:05 - 2014-08-17 19:11 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-25 05:00 - 2014-08-17 19:11 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
 
Some content of TEMP:
====================
C:\Users\mary58\AppData\Local\Temp\sp64126.exe
C:\Users\mary58\AppData\Local\Temp\UninstallHPSA.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-20 08:45
 
==================== End Of Log ============================

  • 0

#30
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Do you have also the Addition.txt report?


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP