Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer may be infected with a bot [Solved]

Started by Mark Green , Jan 16 2015 07:43 PM

  • This topic is locked This topic is locked

#1
Mark Green
Posted 16 January 2015 - 07:43 PM

Mark Green

    Member

  • Member
  • PipPip
  • 55 posts

I have been receiving messages from  Constant Guard (Infinity) that one or more of my computers may be infected with a bot.  I have run scans with Spy Bot and Norton and didn't find anything.  HOWEVER Norton has been frequently showing messages that it has blocked an intrusion attempt by Trojan.Zbot. Activity 15. It states that it was blocked and no further action is needed but combined with the message from Infinity I figured it could be a problem.   Any help would be greatly appreciated.

 

Below is my OTL log:

 

OTL logfile created on: 1/16/2015 5:25:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mark\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17501)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
15.91 Gb Total Physical Memory | 12.43 Gb Available Physical Memory | 78.16% Memory free
31.81 Gb Paging File | 28.15 Gb Available in Paging File | 88.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 915.51 Gb Total Space | 835.93 Gb Free Space | 91.31% Space Free | Partition Type: NTFS
Drive D: | 15.77 Gb Total Space | 1.92 Gb Free Space | 12.15% Space Free | Partition Type: NTFS
Drive F: | 74.50 Gb Total Space | 64.29 Gb Free Space | 86.30% Space Free | Partition Type: FAT32
 
Computer Name: MARK-HP | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2015/01/16 17:22:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
PRC - [2014/12/17 09:29:16 | 000,451,416 | ---- | M] (Garmin Ltd or its subsidiaries) -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
PRC - [2014/12/11 12:03:12 | 000,089,864 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
PRC - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2014/10/02 12:14:56 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
PRC - [2014/06/27 11:52:26 | 002,088,408 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2014/06/24 10:42:12 | 004,101,576 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2014/06/24 10:41:42 | 001,738,168 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2014/04/25 14:12:20 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/11/07 02:03:22 | 000,292,848 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2013/08/04 23:49:42 | 000,111,576 | ---- | M] (CyberLink) -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
PRC - [2013/05/15 19:09:14 | 000,366,552 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2013/05/15 19:09:14 | 000,131,544 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2013/05/15 19:09:12 | 000,169,432 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2010/02/11 10:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/05/13 12:04:48 | 000,167,768 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2014/05/13 12:04:46 | 000,109,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2014/05/13 12:04:42 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/08/05 15:48:08 | 000,016,856 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MOD - [2013/08/04 23:49:47 | 000,627,672 | ---- | M] () -- c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MOD - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/11/21 18:35:29 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/09/17 08:53:36 | 000,325,224 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\igfxCUIService.exe -- (igfxCUIService1.0.0.0)
SRV:64bit: - [2013/12/12 19:10:22 | 001,008,344 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2013/12/03 17:14:45 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/11/13 01:56:14 | 000,339,456 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2013/02/13 12:47:04 | 000,820,184 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel®
SRV:64bit: - [2013/02/13 12:46:48 | 000,731,648 | ---- | M] (Intel® Corporation) [Auto | Running] -- c:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2015/01/14 17:30:12 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/12/17 09:29:16 | 000,451,416 | ---- | M] (Garmin Ltd or its subsidiaries) [Auto | Running] -- C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe -- (Garmin Core Update Service)
SRV - [2014/12/11 12:03:12 | 000,089,864 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2014/12/03 10:06:08 | 000,081,088 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2014/10/02 12:14:56 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe -- (N360)
SRV - [2014/09/17 08:53:40 | 000,279,144 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2014/03/20 14:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/08/29 18:31:42 | 000,092,160 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2013/05/15 19:09:14 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2013/05/15 19:09:14 | 000,131,544 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2013/05/15 19:09:12 | 000,169,432 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/24 14:37:56 | 000,169,752 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2015/01/14 20:15:57 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2014/09/17 08:53:22 | 004,716,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2014/08/25 18:26:58 | 000,593,112 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)
DRV:64bit: - [2014/08/25 18:26:57 | 001,148,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys -- (SymEFA)
DRV:64bit: - [2014/08/25 18:20:22 | 000,876,248 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2014/08/25 18:20:22 | 000,037,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2014/08/06 11:48:16 | 000,266,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys -- (SymIRON)
DRV:64bit: - [2014/05/21 04:12:56 | 000,791,256 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2014/04/07 09:44:04 | 008,071,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2014/03/24 04:30:04 | 000,901,848 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2013/12/03 17:18:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2013/12/03 17:18:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2013/12/03 17:06:22 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2013/11/13 01:56:18 | 000,551,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2013/11/12 14:25:22 | 000,091,912 | ---- | M] (CyberLink) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CLVirtualDrive.sys -- (CLVirtualDrive)
DRV:64bit: - [2013/11/07 02:03:22 | 000,790,000 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2013/11/07 02:03:22 | 000,368,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2013/11/07 02:03:22 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2013/10/02 04:35:39 | 000,172,760 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/10/01 18:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013/09/25 18:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 18:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symds64.sys -- (SymDS)
DRV:64bit: - [2013/08/29 06:13:36 | 000,644,968 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2013/08/29 06:13:32 | 000,028,008 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2013/07/18 15:00:04 | 000,083,224 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2013/07/09 13:58:32 | 000,263,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2013/05/15 19:09:12 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/12/04 03:38:27 | 000,598,808 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2012/08/23 06:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 06:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/05/02 06:18:28 | 000,184,144 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2012/03/06 11:29:42 | 000,210,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2012/03/06 11:29:39 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2011/09/18 00:38:52 | 000,039,976 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010/11/20 19:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 19:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 16:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 15:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2015/01/14 19:49:36 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150115.040\ex64.sys -- (NAVEX15)
DRV - [2015/01/14 19:49:36 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150115.040\eng64.sys -- (NAVENG)
DRV - [2015/01/14 19:42:20 | 000,668,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSviA64.sys -- (IDSVia64)
DRV - [2015/01/06 19:29:50 | 001,622,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2014/11/25 14:30:45 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2014/11/25 14:30:44 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...1TR&pc=HPDTDFJS
IE:64bit: - HKLM\..\SearchScopes\{B59F3FC6-FD87-46DC-B523-5C2D41949ACC}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...1TR&pc=HPDTDFJS
IE - HKLM\..\SearchScopes\{B59F3FC6-FD87-46DC-B523-5C2D41949ACC}: "URL" = http://www.amazon.co...ds={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...1TR&pc=HPDTDFJS
IE - HKCU\..\SearchScopes\{B59F3FC6-FD87-46DC-B523-5C2D41949ACC}: "URL" = http://www.amazon.co...ds={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.25.2: C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2015/01/14 20:18:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2015/01/16 17:18:17 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\Beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [IgfxTray] C:\windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [Persistence] "C:\windows\system32\igfxpers.exe" File not found
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [GarminExpressTrayApp] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (Garmin Ltd or its subsidiaries)
O4:64bit: - HKLM..\RunOnce: [NCPluginUpdater] C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9AEC11D6-B86F-4411-8DD2-43ADA26BD2A8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2015/01/08 08:23:49 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2003/01/31 14:25:04 | 000,000,000 | RH-D | M] - F:\autorun -- [ FAT32 ]
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/16 17:22:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2015/01/14 20:32:32 | 001,148,120 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\symefa64.sys
[2015/01/14 20:32:32 | 000,876,248 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys
[2015/01/14 20:32:32 | 000,593,112 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\symnets.sys
[2015/01/14 20:32:32 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\symds64.sys
[2015/01/14 20:32:32 | 000,266,968 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\ironx64.sys
[2015/01/14 20:32:32 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.sys
[2015/01/14 20:32:32 | 000,037,592 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys
[2015/01/14 20:32:32 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\N360x64\1506000.020\symelam.sys
[2015/01/14 20:30:37 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64\1506000.020
[2015/01/14 20:19:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2015/01/14 20:15:58 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2015/01/14 20:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2015/01/14 20:13:41 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\N360x64
[2015/01/14 20:13:39 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2015/01/14 20:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2015/01/14 20:05:28 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Symantec
[2015/01/14 20:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2015/01/14 20:05:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2015/01/14 19:38:01 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2015/01/14 19:38:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2015/01/10 08:15:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2015/01/10 08:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2015/01/10 08:14:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2015/01/10 08:14:21 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Google
[2015/01/10 08:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2015/01/10 08:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2015/01/10 08:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2015/01/10 08:11:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2015/01/10 08:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2015/01/10 08:11:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2015/01/10 07:55:11 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\hpqlog
[2015/01/08 22:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2015/01/08 12:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2015/01/08 12:34:46 | 000,021,040 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2015/01/08 08:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2015/01/08 08:47:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2015/01/08 08:46:25 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Programs
[2014/12/30 20:40:13 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\HP
[2014/12/30 20:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hp
[2014/12/30 15:16:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Garmin
[2014/12/30 15:15:14 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Garmin
[2014/12/30 15:15:05 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Garmin
[2014/12/30 15:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2014/12/30 15:14:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Garmin
[2014/12/30 15:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
[2014/12/30 15:14:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garmin
[2014/12/30 15:10:58 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Diagnostics
[2014/12/27 15:30:22 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft Games
[2014/12/26 17:29:58 | 000,000,000 | -HSD | C] -- C:\Users\Mark\IntelGraphicsProfiles
[2014/12/26 17:13:46 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2014/12/26 17:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\EmieUserList
[2014/12/26 17:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\EmieSiteList
[2014/12/26 17:07:19 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\EmieBrowserModeList
[2014/12/26 17:01:49 | 000,000,000 | --SD | C] -- C:\windows\SysNative\CompatTel
[2014/12/26 17:01:49 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appraiser
[2014/12/26 17:01:39 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Wat
[2014/12/26 17:01:39 | 000,000,000 | ---D | C] -- C:\windows\SysNative\Wat
[2014/12/26 11:44:38 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/12/25 17:01:23 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Adobe
[2014/12/25 16:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2014/12/25 16:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2014/12/25 16:46:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2014/12/25 14:30:46 | 000,000,000 | ---D | C] -- C:\windows\SysNative\appmgmt
[2014/12/25 13:41:47 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Macromedia
[2014/12/25 13:41:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Broadcom
[2014/12/25 13:41:16 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Bluetooth Exchange Folder
[2014/12/25 13:40:55 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Adobe
[2014/12/25 13:40:54 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2014/12/25 13:40:54 | 000,000,000 | R--D | C] -- C:\Users\Mark\Searches
[2014/12/25 13:40:54 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2014/12/25 13:40:54 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2014/12/25 13:40:46 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Identities
[2014/12/25 13:40:45 | 000,000,000 | R--D | C] -- C:\Users\Mark\Contacts
[2014/12/25 13:40:40 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\VirtualStore
[2014/12/25 13:40:32 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Hewlett-Packard
[2014/12/25 13:38:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Hewlett-Packard
[2014/12/25 13:36:57 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Power2Go8
[2014/12/25 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\RemEngine
[2014/12/25 13:36:50 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Hewlett-Packard_Company
[2014/12/25 13:36:24 | 000,000,000 | --SD | C] -- C:\Users\Mark\AppData\Roaming\Microsoft
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Videos
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Saved Games
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Pictures
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Music
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Links
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Favorites
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Downloads
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Documents
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\Desktop
[2014/12/25 13:36:24 | 000,000,000 | R--D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Temporary Internet Files
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Templates
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Start Menu
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\SendTo
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Recent
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\PrintHood
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\NetHood
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Videos
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Pictures
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Documents\My Music
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\My Documents
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Local Settings
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\History
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Cookies
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\Application Data
[2014/12/25 13:36:24 | 000,000,000 | -HSD | C] -- C:\Users\Mark\AppData\Local\Application Data
[2014/12/25 13:36:24 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Documents\hp.system.package.metadata
[2014/12/25 13:36:24 | 000,000,000 | -H-D | C] -- C:\Users\Mark\Documents\hp.applications.package.appdata
[2014/12/25 13:36:24 | 000,000,000 | -H-D | C] -- C:\Users\Mark\AppData
[2014/12/25 13:36:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Temp
[2014/12/25 13:36:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Local\Microsoft
[2014/12/25 13:36:24 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Media Center Programs
[2014/12/25 13:35:58 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/16 17:25:44 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/16 17:25:09 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/16 17:25:09 | 000,027,568 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/16 17:24:17 | 000,056,558 | ---- | M] () -- C:\Users\Mark\Desktop\Bot Intrusion Block.PNG
[2015/01/16 17:22:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Desktop\OTL.exe
[2015/01/16 17:17:47 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/16 17:17:11 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2015/01/16 17:17:02 | 4220,391,422 | -HS- | M] () -- C:\hiberfil.sys
[2015/01/15 17:30:28 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2015/01/15 03:37:00 | 000,069,995 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\VT20150115.002
[2015/01/14 23:09:36 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/14 20:40:23 | 000,002,442 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2015/01/14 20:40:00 | 002,031,262 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2015/01/14 20:28:27 | 000,001,267 | ---- | M] () -- C:\Users\Mark\Desktop\Norton Installation Files.lnk
[2015/01/14 20:15:57 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS
[2015/01/14 20:15:57 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2015/01/14 20:15:57 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2015/01/11 07:14:29 | 000,002,277 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/10 08:41:30 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
[2015/01/08 12:34:50 | 000,001,377 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/01/08 12:12:01 | 000,000,085 | ---- | M] () -- C:\windows\wininit.ini
[2015/01/08 08:23:49 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2015/01/08 07:43:55 | 000,781,298 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2015/01/08 07:43:55 | 000,661,656 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2015/01/08 07:43:55 | 000,121,524 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/12/30 22:57:30 | 000,272,016 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2014/12/30 15:54:20 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2014/12/30 15:14:22 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/12/27 08:43:22 | 000,000,144 | ---- | M] () -- C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/12/26 17:29:57 | 000,000,451 | ---- | M] () -- C:\windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2014/12/26 17:26:56 | 001,185,316 | ---- | M] () -- C:\windows\SysNative\oem67.inf
[2014/12/26 11:45:14 | 000,773,536 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/12/25 13:43:25 | 000,001,405 | ---- | M] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/25 13:36:45 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_cPC_700-215xt_Y53316J_0U_Q2MD4480VFV_E14AM1RCW603_4A_I2AF7_SHP_V1.04_B80.19_T140718_W748-1_L409_M16290_J1000_7Intel_8_93.40_#141126_N14E44359;10EC8168_Z_G80860412_Ohp CDDVDW SH-216DB SCSI CdRom Device.MRK
[2014/12/25 13:36:45 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_cPC_700-215xt_Y53316J_0U_Q2MD4480VFV_E14AM1RCW603_4A_I2AF7_SHP_V1.04_B80.19_T140718_W748-1_L409_M16290_J1000_7Intel_8_93.40_#141126_N14E44359;10EC8168_Z_G80860412_Ohp CDDVDW SH-216DB SCSI CdRom Device.MRK
[2014/12/25 13:34:35 | 000,041,450 | ---- | M] () -- C:\windows\SysWow64\license.rtf
[2014/12/25 13:34:35 | 000,041,450 | ---- | M] () -- C:\windows\SysNative\license.rtf
 
========== Files Created - No Company Name ==========
 
[2015/01/16 17:24:17 | 000,056,558 | ---- | C] () -- C:\Users\Mark\Desktop\Bot Intrusion Block.PNG
[2015/01/15 17:32:11 | 000,069,995 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\VT20150115.002
[2015/01/14 20:39:40 | 002,031,262 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Cat.DB
[2015/01/14 20:32:32 | 000,009,939 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symelam64.cat
[2015/01/14 20:32:32 | 000,008,202 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.cat
[2015/01/14 20:32:32 | 000,008,194 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symefa64.cat
[2015/01/14 20:32:32 | 000,008,192 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symnet64.cat
[2015/01/14 20:32:32 | 000,008,188 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symds64.cat
[2015/01/14 20:32:32 | 000,008,188 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtspx64.cat
[2015/01/14 20:32:32 | 000,008,184 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtsp64.cat
[2015/01/14 20:32:32 | 000,008,184 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\iron.cat
[2015/01/14 20:32:32 | 000,003,433 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symefa.inf
[2015/01/14 20:32:32 | 000,002,852 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symds.inf
[2015/01/14 20:32:32 | 000,001,440 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symnet.inf
[2015/01/14 20:32:32 | 000,001,437 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtsp64.inf
[2015/01/14 20:32:32 | 000,001,420 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\srtspx64.inf
[2015/01/14 20:32:32 | 000,001,098 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\symelam.inf
[2015/01/14 20:32:32 | 000,000,855 | R--- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\ccsetx64.inf
[2015/01/14 20:32:32 | 000,000,767 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\iron.inf
[2015/01/14 20:30:37 | 000,000,172 | ---- | C] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\isolate.ini
[2015/01/14 20:15:58 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT
[2015/01/14 20:15:58 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF
[2015/01/14 20:15:18 | 000,002,442 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2015/01/14 19:38:01 | 000,001,267 | ---- | C] () -- C:\Users\Mark\Desktop\Norton Installation Files.lnk
[2015/01/10 08:41:30 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
[2015/01/10 08:15:15 | 000,002,277 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2015/01/10 08:15:15 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2015/01/10 08:14:24 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2015/01/10 08:14:23 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2015/01/08 12:34:50 | 000,001,389 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2015/01/08 12:34:50 | 000,001,377 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2015/01/08 12:11:55 | 000,000,085 | ---- | C] () -- C:\windows\wininit.ini
[2015/01/08 08:23:49 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2014/12/30 15:14:22 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Garmin Express.lnk
[2014/12/27 08:43:22 | 000,000,144 | ---- | C] () -- C:\windows\SysNative\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
[2014/12/26 17:29:57 | 000,000,451 | ---- | C] () -- C:\windows\SysNative\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
[2014/12/26 17:27:01 | 001,185,316 | ---- | C] () -- C:\windows\SysNative\oem67.inf
[2014/12/26 11:13:11 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2014/12/25 13:43:25 | 000,001,405 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/12/25 13:40:55 | 000,001,411 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2014/12/25 13:36:49 | 000,002,224 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish.lnk
[2014/12/25 13:36:45 | 4220,391,422 | -HS- | C] () -- C:\hiberfil.sys
[2014/12/25 13:36:45 | 000,000,000 | RHS- | C] () -- C:\windows\SysWow64\drivers\103C_HP_cPC_700-215xt_Y53316J_0U_Q2MD4480VFV_E14AM1RCW603_4A_I2AF7_SHP_V1.04_B80.19_T140718_W748-1_L409_M16290_J1000_7Intel_8_93.40_#141126_N14E44359;10EC8168_Z_G80860412_Ohp CDDVDW SH-216DB SCSI CdRom Device.MRK
[2014/12/25 13:36:45 | 000,000,000 | RHS- | C] () -- C:\windows\SysNative\drivers\103C_HP_cPC_700-215xt_Y53316J_0U_Q2MD4480VFV_E14AM1RCW603_4A_I2AF7_SHP_V1.04_B80.19_T140718_W748-1_L409_M16290_J1000_7Intel_8_93.40_#141126_N14E44359;10EC8168_Z_G80860412_Ohp CDDVDW SH-216DB SCSI CdRom Device.MRK
[2014/12/25 13:36:24 | 000,000,290 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2014/12/25 13:36:24 | 000,000,272 | ---- | C] () -- C:\Users\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2014/09/17 08:53:16 | 000,186,368 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2014/09/17 08:53:12 | 016,857,968 | ---- | C] () -- C:\windows\SysWow64\igd11dxva32.dll
[2013/12/03 12:26:55 | 000,773,536 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/02/13 12:27:54 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 18:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 17:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2014/12/30 15:15:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Garmin
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements

#2
LiquidTension
Posted 17 January 2015 - 10:54 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hello Mark Green, welcome to Geeks to Go Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. smile.png
 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.  
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you require additional time to complete my instructions.
  • Ensure you are following this topic. Click etYzdbu.png at the top of the page. 
     

======================================================
 
Please run the following diagnostic scans so I can ascertain the state of your computer.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 2
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached)

  • 0

#3
Mark Green
Posted 17 January 2015 - 12:16 PM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Hello Adam.  Yes you can call me Mark.  Thanks for helping me.  Here are the logs requested:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015 01
Ran by Mark (administrator) on MARK-HP on 17-01-2015 09:51:22
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark (Available profiles: Mark)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-13] (Hewlett-Packard )
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-13] (IDT, Inc.)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [456296 2014-09-17] ()
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-11-07] (Intel Corporation)
HKLM-x32\...\Run: [HP KEYBOARDx] => C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE [710656 2010-02-11] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => c:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-12-16] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1745054824-4254663-531343314-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2014-12-17] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1745054824-4254663-531343314-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKU\S-1-5-21-1745054824-4254663-531343314-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKU\S-1-5-21-1745054824-4254663-531343314-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {B59F3FC6-FD87-46DC-B523-5C2D41949ACC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKLM-x32 -> {B59F3FC6-FD87-46DC-B523-5C2D41949ACC} URL = http://www.amazon.co...ds={searchTerms}
SearchScopes: HKU\S-1-5-21-1745054824-4254663-531343314-1000 -> {B59F3FC6-FD87-46DC-B523-5C2D41949ACC} URL = http://www.amazon.co...ds={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2015-01-14]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-17]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-14]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2015-01-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-08-29] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [325224 2014-09-17] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-13] (IDT, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-12-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-02] (Broadcom Corporation.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-25] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-29] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150116.021\ENG64.SYS [129752 2015-01-14] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20150116.021\EX64.SYS [2137304 2015-01-14] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2015-01-14] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
U3 McAPExe; No ImagePath
U3 McMPFSvc; No ImagePath
U3 McNaiAnn; No ImagePath
U3 mcpltsvc; No ImagePath
U3 McProxy; No ImagePath
U3 mfecore; No ImagePath
U3 MSK80Service; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 09:51 - 2015-01-17 09:51 - 00018141 _____ () C:\Users\Mark\Desktop\FRST.txt
2015-01-17 09:51 - 2015-01-17 09:51 - 00000000 ____D () C:\FRST
2015-01-17 09:49 - 2015-01-17 09:49 - 02125824 _____ (Farbar) C:\Users\Mark\Desktop\frst64.exe
2015-01-16 17:29 - 2015-01-16 17:29 - 00109206 _____ () C:\Users\Mark\Desktop\OTL.Txt
2015-01-16 17:29 - 2015-01-16 17:29 - 00072874 _____ () C:\Users\Mark\Desktop\Extras.Txt
2015-01-16 17:22 - 2015-01-16 17:22 - 00602112 _____ (OldTimer Tools) C:\Users\Mark\Desktop\OTL.exe
2015-01-14 20:45 - 2015-01-14 20:45 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security Suite
2015-01-14 20:16 - 2015-01-14 20:40 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2015-01-14 20:15 - 2015-01-14 20:40 - 00002442 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2015-01-14 20:15 - 2015-01-14 20:15 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2015-01-14 20:15 - 2015-01-14 20:15 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2015-01-14 20:15 - 2015-01-14 20:15 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2015-01-14 20:13 - 2015-01-14 20:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2015-01-14 20:13 - 2015-01-14 20:40 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2015-01-14 20:13 - 2015-01-14 20:13 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2015-01-14 20:05 - 2015-01-14 20:05 - 00000000 ____D () C:\Users\Mark\Documents\Symantec
2015-01-14 19:38 - 2015-01-14 20:36 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-01-14 19:38 - 2015-01-14 20:36 - 00000000 ____D () C:\ProgramData\Norton
2015-01-14 19:38 - 2015-01-14 20:28 - 00001267 _____ () C:\Users\Mark\Desktop\Norton Installation Files.lnk
2015-01-14 19:38 - 2015-01-14 19:38 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2015-01-13 17:48 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-13 17:48 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-13 17:48 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-13 17:48 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-13 17:48 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:48 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:48 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 17:08 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-13 17:08 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-13 17:08 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-13 17:08 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-13 17:08 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-13 17:08 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-10 08:41 - 2015-01-10 08:41 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_ImmunetNetworkMonitor_01009.Wdf
2015-01-10 08:39 - 2015-01-10 08:39 - 00539448 _____ (Sourcefire, Inc.) C:\Users\Mark\Downloads\ImmunetSetup.exe
2015-01-10 08:22 - 2015-01-10 08:23 - 36904648 _____ (Microsoft Corporation) C:\Users\Mark\Downloads\Windows-KB890830-x64-V5.19.exe
2015-01-10 08:15 - 2015-01-14 23:09 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-01-10 08:15 - 2015-01-10 08:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-01-10 08:14 - 2015-01-17 09:25 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-10 08:14 - 2015-01-17 08:25 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-10 08:14 - 2015-01-11 07:14 - 00000000 ____D () C:\Users\Mark\AppData\Local\Google
2015-01-10 08:14 - 2015-01-10 08:20 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-10 08:14 - 2015-01-10 08:20 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-10 08:14 - 2015-01-10 08:15 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-10 08:14 - 2015-01-10 08:14 - 00000000 ____D () C:\ProgramData\Google
2015-01-10 08:14 - 2015-01-10 08:14 - 00000000 ____D () C:\Program Files\Google
2015-01-10 08:11 - 2015-01-10 08:11 - 00000000 ____D () C:\ProgramData\Sun
2015-01-10 08:11 - 2015-01-10 08:11 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-10 08:11 - 2015-01-10 08:11 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-10 08:09 - 2015-01-10 08:09 - 00638888 _____ (Oracle Corporation) C:\Users\Mark\Downloads\JavaSetup8u25.com
2015-01-10 07:55 - 2015-01-10 07:55 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\hpqlog
2015-01-09 10:15 - 2015-01-16 17:29 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log
2015-01-09 10:15 - 2015-01-16 17:29 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2015-01-08 22:05 - 2015-01-08 22:05 - 00000000 ____D () C:\ProgramData\Recovery
2015-01-08 12:34 - 2015-01-08 12:34 - 00001389 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-08 12:34 - 2015-01-08 12:34 - 00001377 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-08 12:34 - 2015-01-08 12:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-08 12:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2015-01-08 12:20 - 2015-01-08 12:33 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybot-2.4 (1).exe
2015-01-08 12:11 - 2015-01-08 12:12 - 00000085 _____ () C:\windows\wininit.ini
2015-01-08 08:48 - 2015-01-08 08:48 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2015-01-08 08:47 - 2015-01-08 12:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-08 08:47 - 2015-01-08 12:34 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-08 08:34 - 2015-01-08 08:46 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Mark\Downloads\spybot-2.4.exe
2015-01-08 08:23 - 2015-01-08 08:23 - 00000000 _____ () C:\autoexec.bat
2015-01-08 08:20 - 2015-01-08 08:20 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Mark\Downloads\SpyHunter-Installer.exe
2014-12-30 20:40 - 2014-12-30 20:40 - 00000000 ____D () C:\Users\Mark\AppData\Local\HP
2014-12-30 20:29 - 2014-12-30 20:29 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-12-30 15:16 - 2014-12-30 15:52 - 00000000 ____D () C:\Users\Mark\Documents\Garmin
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Garmin
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 ____D () C:\Users\Mark\AppData\Local\Garmin
2014-12-30 15:15 - 2014-12-30 15:15 - 00000000 ____D () C:\Program Files\DIFX
2014-12-30 15:14 - 2014-12-30 15:15 - 00000000 ____D () C:\ProgramData\Garmin
2014-12-30 15:14 - 2014-12-30 15:15 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-12-30 15:14 - 2014-12-30 15:14 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-12-30 15:14 - 2014-12-30 15:14 - 00001890 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-12-30 15:14 - 2014-12-30 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-12-30 15:11 - 2014-12-30 15:11 - 36631128 _____ (Garmin Ltd or its subsidiaries) C:\Users\Mark\Downloads\GarminExpressInstaller.exe
2014-12-27 15:30 - 2015-01-09 13:38 - 00000000 ____D () C:\Users\Mark\AppData\Local\Microsoft Games
2014-12-27 14:02 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-27 14:02 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-27 14:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-12-27 14:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-12-27 14:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-12-27 14:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-12-27 14:02 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-12-27 14:02 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-12-27 14:02 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-12-27 14:02 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-12-27 14:02 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-12-27 14:02 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-12-27 14:02 - 2014-07-08 14:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-12-27 14:02 - 2014-07-08 14:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-12-27 08:49 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-27 08:49 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-27 08:49 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-12-27 08:49 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-12-27 08:43 - 2014-12-27 08:43 - 00000144 _____ () C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-26 17:29 - 2014-12-26 17:29 - 00000451 _____ () C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-12-26 17:27 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-12-26 17:27 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-26 17:27 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-26 17:27 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-12-26 17:27 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-12-26 17:27 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-12-26 17:27 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-12-26 17:27 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-12-26 17:27 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-12-26 17:27 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-12-26 17:27 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-12-26 17:27 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-12-26 17:27 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-26 17:27 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-12-26 17:27 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-26 17:27 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-12-26 17:27 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-12-26 17:27 - 2012-08-23 06:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2014-12-26 17:27 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-12-26 17:27 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-12-26 17:13 - 2015-01-13 20:03 - 00000000 ____D () C:\windows\system32\MRT
2014-12-26 17:13 - 2015-01-13 20:01 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-26 17:07 - 2014-12-26 17:07 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieUserList
2014-12-26 17:07 - 2014-12-26 17:07 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieSiteList
2014-12-26 17:07 - 2014-12-26 17:07 - 00000000 __SHD () C:\Users\Mark\AppData\Local\EmieBrowserModeList
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-26 17:01 - 2014-12-26 17:01 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-26 11:14 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-26 11:14 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-26 11:14 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-26 11:14 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-26 11:14 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-26 11:14 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-26 11:14 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-26 11:14 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-26 11:14 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-26 11:14 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-26 11:13 - 2012-07-25 19:08 - 00744448 _____ (Microsoft Corporation) C:\windows\system32\WUDFx.dll
2014-12-26 11:13 - 2012-07-25 19:08 - 00229888 _____ (Microsoft Corporation) C:\windows\system32\WUDFHost.exe
2014-12-26 11:13 - 2012-07-25 19:08 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\WUDFPlatform.dll
2014-12-26 11:13 - 2012-07-25 19:08 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\WUDFSvc.dll
2014-12-26 11:13 - 2012-07-25 19:08 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\WUDFCoinstaller.dll
2014-12-26 11:13 - 2012-07-25 18:26 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFRd.sys
2014-12-26 11:13 - 2012-07-25 18:26 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WUDFPf.sys
2014-12-26 11:13 - 2012-06-02 06:57 - 00000003 _____ () C:\windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-12-26 11:07 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-12-26 11:07 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-12-26 11:03 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-12-26 11:03 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-12-26 11:03 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-12-26 11:03 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-12-26 11:03 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-12-26 11:03 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-12-26 11:03 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-12-26 11:03 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-12-26 10:10 - 2011-04-08 22:58 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-12-26 10:10 - 2011-04-08 21:56 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-12-26 10:05 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-12-26 10:03 - 2014-12-03 18:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-26 10:03 - 2014-12-03 18:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-26 10:03 - 2014-12-03 18:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-26 10:03 - 2014-12-03 18:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-26 10:03 - 2014-12-03 18:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-26 10:03 - 2014-12-03 18:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-26 10:03 - 2014-12-03 18:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-26 10:03 - 2014-12-01 15:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-26 10:02 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-12-26 10:02 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-12-26 10:02 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-12-26 10:02 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-12-26 10:02 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-12-26 10:02 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-12-26 10:02 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-12-26 10:02 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-12-26 10:02 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-12-26 10:02 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-12-26 10:02 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-12-26 10:02 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-12-26 10:02 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-12-26 10:02 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-12-26 10:02 - 2011-11-16 22:35 - 00395776 _____ (Microsoft Corporation) C:\windows\system32\webio.dll
2014-12-26 10:02 - 2011-11-16 21:35 - 00314880 _____ (Microsoft Corporation) C:\windows\SysWOW64\webio.dll
2014-12-26 10:00 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-12-26 10:00 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-12-26 10:00 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-12-26 10:00 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-12-26 10:00 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-12-26 10:00 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-12-26 10:00 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-12-26 10:00 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-12-26 10:00 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-12-26 10:00 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-12-26 10:00 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-12-26 09:59 - 2014-11-26 17:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-26 09:59 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-26 09:59 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-26 09:59 - 2014-11-21 19:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-26 09:59 - 2014-11-21 19:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-26 09:59 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-26 09:59 - 2014-11-21 18:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-26 09:59 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-26 09:59 - 2014-11-21 18:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-26 09:59 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-26 09:59 - 2014-11-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-26 09:59 - 2014-11-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-26 09:59 - 2014-11-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-26 09:59 - 2014-11-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-26 09:59 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-26 09:59 - 2014-11-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-26 09:59 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-26 09:59 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-26 09:59 - 2014-11-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-26 09:59 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-26 09:59 - 2014-11-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-26 09:59 - 2014-11-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-26 09:59 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-26 09:59 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-26 09:59 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-26 09:59 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-26 09:59 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-26 09:59 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-26 09:59 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-26 09:59 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-26 09:59 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-26 09:59 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-26 09:59 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-26 09:59 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-26 09:59 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-26 09:59 - 2014-11-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-26 09:59 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-26 09:59 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-26 09:59 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-26 09:59 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-26 09:59 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-26 09:59 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-26 09:59 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-26 09:59 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-26 09:59 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-26 09:59 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-26 09:59 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-26 09:59 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-26 09:59 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-26 09:59 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-26 09:59 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-26 09:59 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-26 09:59 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-26 09:59 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-26 09:59 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-26 09:59 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-26 09:59 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-26 09:59 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-12-26 09:59 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-12-26 09:59 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-12-26 09:59 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-12-26 09:59 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-12-26 09:59 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-12-26 09:59 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-12-26 09:59 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-12-26 09:59 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-12-26 09:57 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-12-26 09:57 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-12-26 09:57 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-12-26 09:57 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-12-26 09:57 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-12-26 09:57 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-12-26 09:57 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-12-26 09:57 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-12-26 09:57 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-12-26 09:57 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\cngprovider.dll
2014-12-26 09:57 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\windows\SysWOW64\adprovider.dll
2014-12-26 09:57 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\windows\SysWOW64\capiprovider.dll
2014-12-26 09:57 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpapiprovider.dll
2014-12-26 09:57 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-12-26 09:57 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wincredprovider.dll
2014-12-26 09:57 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-12-26 09:56 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-12-26 09:56 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-12-26 09:56 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-12-26 09:56 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-12-26 09:56 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-12-26 09:55 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-12-26 09:55 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-12-26 09:55 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-12-26 09:55 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-12-26 09:55 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-26 09:55 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-26 09:55 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-26 09:55 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-26 09:55 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-12-26 09:55 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-12-26 09:55 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-12-26 09:55 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-12-26 09:55 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-26 09:55 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-12-26 09:55 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-26 09:55 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-26 09:55 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-26 09:55 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-12-26 09:55 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-12-26 09:55 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-12-26 09:55 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-12-26 09:55 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-26 09:55 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-26 09:55 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-26 09:55 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-26 09:55 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-26 09:55 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-12-26 09:55 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-12-26 09:55 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-26 09:55 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-12-26 09:55 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-26 09:55 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-12-26 09:55 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-12-26 09:55 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-12-26 09:55 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-12-26 09:55 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-12-26 09:55 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-12-26 09:55 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-12-26 09:55 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-12-26 09:55 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-12-26 09:55 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-12-26 09:55 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-12-26 09:55 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-12-26 09:55 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-12-26 09:55 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-26 09:55 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-26 09:55 - 2014-04-11 18:22 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-12-26 09:55 - 2014-04-11 18:19 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-12-26 09:55 - 2014-04-11 18:19 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-12-26 09:55 - 2014-04-11 18:19 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-12-26 09:55 - 2014-04-11 18:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-12-26 09:55 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-12-26 09:55 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-12-26 09:55 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-12-26 09:55 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-12-26 09:55 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-12-26 09:55 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-26 09:55 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-26 09:54 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-12-26 09:54 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-12-26 09:54 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-12-26 09:54 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-12-26 09:54 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-12-26 09:54 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-12-26 09:54 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-12-26 09:54 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-12-26 09:54 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-12-26 09:54 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-12-26 09:54 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-12-26 09:54 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-12-26 09:54 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-12-26 09:54 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-12-26 09:54 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-12-26 09:54 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-12-26 09:54 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-12-26 09:54 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-12-26 09:54 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-12-26 09:54 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-12-26 09:54 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-12-26 09:54 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-12-26 09:54 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-12-26 09:54 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-12-26 09:54 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-12-26 09:54 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-12-26 09:54 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-12-26 09:54 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-12-26 09:53 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-12-26 09:53 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-12-26 09:53 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-12-26 09:53 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-12-26 09:53 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-12-26 09:53 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-12-26 09:53 - 2011-02-22 20:55 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bowser.sys
2014-12-25 17:01 - 2015-01-10 08:15 - 00000000 ____D () C:\Users\Mark\AppData\Local\Adobe
2014-12-25 16:46 - 2014-12-25 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-25 16:46 - 2014-12-25 16:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-25 16:46 - 2014-12-25 16:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-25 14:30 - 2014-12-25 14:30 - 00000000 ____D () C:\windows\system32\appmgmt
2014-12-25 13:41 - 2014-12-30 20:30 - 00059144 _____ () C:\Users\Mark\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-25 13:41 - 2014-12-25 13:41 - 00000000 ____D () C:\Users\Mark\Documents\Bluetooth Exchange Folder
2014-12-25 13:41 - 2014-12-25 13:41 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Macromedia
2014-12-25 13:41 - 2014-12-25 13:41 - 00000000 ____D () C:\Users\Mark\AppData\Local\Broadcom
2014-12-25 13:41 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\windows\system32\rdpcore.dll
2014-12-25 13:41 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpcore.dll
2014-12-25 13:41 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdtcp.sys
2014-12-25 13:40 - 2015-01-16 17:20 - 00003918 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{8088A92D-A176-402E-ABA4-3D2E6AC1224A}
2014-12-25 13:40 - 2014-12-30 15:38 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Adobe
2014-12-25 13:40 - 2014-12-25 13:40 - 00001411 _____ () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-25 13:40 - 2014-12-25 13:40 - 00000000 ____D () C:\Users\Mark\AppData\Roaming\Hewlett-Packard
2014-12-25 13:40 - 2014-12-25 13:40 - 00000000 ____D () C:\Users\Mark\AppData\Local\VirtualStore
2014-12-25 13:38 - 2014-12-30 20:30 - 00000000 ____D () C:\Users\Mark\AppData\Local\Hewlett-Packard
2014-12-25 13:36 - 2014-12-26 17:29 - 00000000 ____D () C:\Users\Mark
2014-12-25 13:36 - 2014-12-25 13:36 - 00003290 _____ () C:\windows\System32\Tasks\RMCreator
2014-12-25 13:36 - 2014-12-25 13:36 - 00000020 ___SH () C:\Users\Mark\ntuser.ini
2014-12-25 13:36 - 2014-12-25 13:36 - 00000000 __RSH () C:\windows\SysWOW64\Drivers\103C_HP_cPC_700-215xt_Y53316J_0U_Q2MD4480VFV_E14AM1RCW603_4A_I2AF7_SHP_V1.04_B80.19_T140718_W748-1_L409_M16290_J1000_7Intel_8_93.40_#141126_N14E44359;10EC8168_Z_G80860412_Ohp CDDVDW SH-216DB SCSI CdRom Device.MRK
2014-12-25 13:36 - 2014-12-25 13:36 - 00000000 __RSH () C:\windows\system32\Drivers\103C_HP_cPC_700-215xt_Y53316J_0U_Q2MD4480VFV_E14AM1RCW603_4A_I2AF7_SHP_V1.04_B80.19_T140718_W748-1_L409_M16290_J1000_7Intel_8_93.40_#141126_N14E44359;10EC8168_Z_G80860412_Ohp CDDVDW SH-216DB SCSI CdRom Device.MRK
2014-12-25 13:36 - 2014-12-25 13:36 - 00000000 ____D () C:\Users\Mark\AppData\Local\RemEngine
2014-12-25 13:36 - 2014-12-25 13:36 - 00000000 ____D () C:\Users\Mark\AppData\Local\Power2Go8
2014-12-25 13:36 - 2014-12-25 13:36 - 00000000 ____D () C:\Users\Mark\AppData\Local\Hewlett-Packard_Company
2014-12-25 13:36 - 2014-11-26 01:03 - 00002224 _____ () C:\Users\Public\Desktop\Snapfish.lnk
2014-12-25 13:36 - 2014-11-26 00:51 - 00000000 ___HD () C:\Users\Mark\Documents\hp.system.package.metadata
2014-12-25 13:36 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-12-25 13:36 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-12-25 13:36 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-12-25 13:36 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-12-25 13:36 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-12-25 13:36 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-12-25 13:36 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-12-25 13:36 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-12-25 13:36 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-12-25 13:36 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-12-25 13:36 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-12-25 13:36 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-12-25 13:36 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-12-25 13:36 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-12-25 13:36 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-25 13:36 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-25 13:35 - 2015-01-17 08:18 - 01499467 _____ () C:\windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-17 09:30 - 2014-11-26 01:01 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-17 08:22 - 2009-07-13 20:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-17 08:22 - 2009-07-13 20:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-17 08:13 - 2010-11-20 19:47 - 00024994 _____ () C:\windows\PFRO.log
2015-01-17 08:13 - 2009-07-13 21:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-17 08:13 - 2009-07-13 20:51 - 00040449 _____ () C:\windows\setupact.log
2015-01-14 20:27 - 2014-11-26 01:06 - 00000000 ____D () C:\ProgramData\McAfee
2015-01-14 20:27 - 2014-11-26 01:06 - 00000000 ____D () C:\Program Files (x86)\McAfee
2015-01-14 20:08 - 2014-11-26 00:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-01-14 17:30 - 2014-11-26 01:01 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 17:30 - 2014-11-26 01:01 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 17:30 - 2014-11-26 01:01 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-10 07:49 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\rescache
2015-01-09 10:24 - 2014-11-26 00:41 - 00000000 ____D () C:\windows\Hewlett-Packard
2015-01-09 10:23 - 2014-03-28 15:26 - 00000000 ____D () C:\SWSETUP
2015-01-08 07:43 - 2009-07-13 21:13 - 00781298 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-30 22:57 - 2009-07-13 20:45 - 00272016 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-30 15:54 - 2014-11-26 01:04 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-30 15:54 - 2014-11-26 01:04 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-12-30 15:39 - 2014-11-26 01:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-30 15:15 - 2013-12-03 12:23 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-30 15:10 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-26 17:29 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-26 17:28 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-26 17:01 - 2010-11-20 23:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-26 17:01 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-12-26 17:01 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\system32\Dism
2014-12-26 17:01 - 2009-07-13 19:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-26 17:01 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-26 11:45 - 2013-12-03 12:26 - 00773536 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-12-26 11:27 - 2014-11-26 01:02 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-26 11:27 - 2014-11-26 01:02 - 00000000 ____D () C:\ProgramData\Skype
2014-12-25 14:07 - 2009-07-13 21:32 - 00000000 ____D () C:\windows\system32\restore
2014-12-25 13:44 - 2014-11-26 00:51 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-25 13:40 - 2013-12-03 17:02 - 00000000 _RSHD () C:\SYSTEM.SAV
2014-12-25 13:36 - 2014-11-26 01:02 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2014-12-25 13:36 - 2014-11-26 01:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2014-12-25 13:36 - 2014-11-26 00:57 - 00000000 ___RD () C:\Program Files (x86)\Online Services
2014-12-25 13:36 - 2014-11-26 00:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2014-12-25 13:36 - 2013-12-03 12:17 - 00000000 ____D () C:\windows\Panther
2014-12-25 13:36 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries

Some content of TEMP:
====================
C:\Users\Mark\AppData\Local\Temp\Extract.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-10 07:42

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015 01
Ran by Mark at 2015-01-17 09:51:40
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.21.3317.03861 - Alcor Micro Corp.)
Alcor Micro USB Card Reader Driver  (x32 Version: 20.21.3317.03861 - Alcor Micro Corp.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: 6.30.223.201 - Broadcom Corporation)
Broadcom Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.5000 - Broadcom Corporation)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6805 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3606 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Elevated Installer (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Escape the Emerald Star (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.97 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Garmin Express (HKLM-x32\...\{0db152f6-3b8d-4363-aedd-374ee54d33ba}) (Version: 3.2.26.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Golden Trails 2: The Lost Legacy Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Desktop Keyboard (HKLM-x32\...\HP Keyboard_is1) (Version: 1.0.0.13 - Hewlett-Packard)
HP Documentation (HKLM-x32\...\{C869E3D3-23D3-4102-A5C5-3D33448FC613}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP Setup (HKLM-x32\...\{438363A8-F486-4C37-834C-4955773CB3D3}) (Version: 9.1.15430.4033 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{3AF15EEA-8EDF-4393-BB6C-CF8A9986486A}) (Version: 7.3.35.20 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.5.1367 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3939 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.1.28 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
My Farm Life 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6704 - CyberLink Corp.) Hidden
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VS10Runtimex64 (Version: 1.0.0 - sourcefire) Hidden
WildTangent Games App (HP Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Fisherman (x32 Version: 2.2.0.98 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1745054824-4254663-531343314-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1745054824-4254663-531343314-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points  =========================

13-01-2015 20:01:27 Windows Update
17-01-2015 09:01:06 Removed Java 8 Update 25

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0462B4AE-8509-4FB2-9A3A-E523E0A6197E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {1D427B32-D4CF-4764-BC78-C49E9C91EE57} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
Task: {33EECE1B-AF4C-4F61-862C-589B6B88A35D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-10] (Google Inc.)
Task: {5039F220-3854-4D89-8435-CC3D8616B3D9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {91FEDDD5-D62E-4BBC-94E7-44236052BB26} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {9E513FCC-EC45-498B-8EE5-13600F159022} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {9F21BCFD-3158-4E53-80D6-0A86DC2CBB62} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2013-07-04] (CyberLink)
Task: {B67F33B0-A6EF-4EC4-BEA3-E1C027CCC16A} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-12-17] ()
Task: {B73EAF1F-4A43-4B19-96D8-E297F343FAA1} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C2AB5B44-BE7E-44CC-9A94-1FDF8721AE46} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-20] (Symantec Corporation)
Task: {C40F1732-A419-45C4-9E77-862762916E4E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {CD74F8E7-6B90-4FC1-881B-FF3D5E7865BF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {CD7A9A6C-6E7C-4551-A149-CB09491C7951} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {D08F1077-4B33-4269-B8EA-9DF600C4727A} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {D2D519E3-12E7-4F48-8EA4-2205BF2C8B0D} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-04] (CyberLink)
Task: {D3318C99-AF00-45C1-B9D1-57F9AB6A70C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D7D0D741-9DDC-4699-A35F-529DD2EFC6F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-08-29] (Hewlett-Packard Company)
Task: {EFA57C96-76DD-4138-A5CB-44BB9D7A5B33} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-11-26 00:57 - 2009-07-02 14:58 - 00406016 _____ () C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
2015-01-08 12:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-08 12:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-08 12:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-08 12:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-08 12:34 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-11-26 01:01 - 2013-08-04 23:49 - 00627672 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 15:48 - 2013-08-05 15:48 - 00016856 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-26 00:53 - 2013-05-15 19:09 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-1745054824-4254663-531343314-500 - Administrator - Disabled)
Guest (S-1-5-21-1745054824-4254663-531343314-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1745054824-4254663-531343314-1002 - Limited - Enabled)
Mark (S-1-5-21-1745054824-4254663-531343314-1000 - Administrator - Enabled) => C:\Users\Mark

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 05:19:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 13bc

Start Time: 01d031f38b674113

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/14/2015 07:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4ce7a46b
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x00120da2
Faulting process id: 0x9c90
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/14/2015 05:56:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc100
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x001202bc
Faulting process id: 0x1e7c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/13/2015 05:46:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcd6e
Faulting module name: igd10iumd32.dll, version: 10.18.10.3939, time stamp: 0x540e0234
Exception code: 0xc0000005
Fault offset: 0x0001ead2
Faulting process id: 0x28f0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/13/2015 05:46:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc637
Faulting module name: igd10iumd32.dll, version: 10.18.10.3939, time stamp: 0x540e0234
Exception code: 0xc0000005
Fault offset: 0x0001ead2
Faulting process id: 0x109c
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/11/2015 07:10:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iptray.exe version 3.1.13.9671 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5090

Start Time: 01d02cf4592e3d60

Termination Time: 16

Application Path: C:\Program Files\Immunet\3.1.13\iptray.exe

Report Id:

Error: (01/11/2015 01:00:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb4
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x0011fb5c
Faulting process id: 0x4044
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/10/2015 06:54:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 103c0

Start Time: 01d02d494eb721b8

Termination Time: 94

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/10/2015 07:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program McUICnt.exe version 5.9.2.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 12be0

Start Time: 01d02cee005a10a4

Termination Time: 4

Application Path: C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe

Report Id: 50914e7b-98e1-11e4-a7f0-5c93a2c5710c

Error: (01/10/2015 06:27:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Fayqdsvzw.exe, version: 36.0.1985.143, time stamp: 0x53e2e515
Faulting module name: Uifidamaj.dll, version: 0.0.0.0, time stamp: 0x54a117b0
Exception code: 0xc0000005
Fault offset: 0x000140fb
Faulting process id: 0xb18
Faulting application start time: 0xFayqdsvzw.exe0
Faulting application path: Fayqdsvzw.exe1
Faulting module path: Fayqdsvzw.exe2
Report Id: Fayqdsvzw.exe3

System errors:
=============
Error: (01/17/2015 09:25:31 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SBR-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9AEC11D6-B86F-4411-8DD2-43ADA26BD2A8}.
The master browser is stopping or an election is being forced.

Error: (01/17/2015 09:03:45 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer KIDS-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9AEC11D6-B86F-4411-8DD2-43ADA26BD2A8}.
The master browser is stopping or an election is being forced.

Error: (01/17/2015 08:49:34 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SBR-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9AEC11D6-B86F-4411-8DD2-43ADA26BD2A8}.
The master browser is stopping or an election is being forced.

Error: (01/17/2015 08:40:12 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/17/2015 08:25:35 AM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer SBR-PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9AEC11D6-B86F-4411-8DD2-43ADA26BD2A8}.
The master browser is stopping or an election is being forced.

Error: (01/17/2015 08:15:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/17/2015 08:15:11 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Mark-HP\Mark (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (01/16/2015 05:23:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/16/2015 05:18:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/16/2015 05:18:34 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Mark-HP\Mark (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Microsoft Office Sessions:
=========================
Error: (01/16/2015 05:19:40 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749613bc01d031f38b6741130C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/14/2015 07:50:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964ce7a46bMSHTML.dll11.0.9600.17496546ff2f9c00000fd00120da29c9001d0307555286fbdC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dlla1b7333a-9c69-11e4-bac4-5c93a2c5710c

Error: (01/14/2015 05:56:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc100MSHTML.dll11.0.9600.17496546ff2f9c00000fd001202bc1e7c01d03065f16f3e97C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dllc06c7654-9c59-11e4-bac4-5c93a2c5710c

Error: (01/13/2015 05:46:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bcd6eigd10iumd32.dll10.18.10.3939540e0234c00000050001ead228f001d02f9bf07abb94C:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\igd10iumd32.dll2e949877-9b8f-11e4-bd7d-5c93a2c5710c

Error: (01/13/2015 05:46:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bc637igd10iumd32.dll10.18.10.3939540e0234c00000050001ead2109c01d02f9bed8194afC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\igd10iumd32.dll2bc197c1-9b8f-11e4-bd7d-5c93a2c5710c

Error: (01/11/2015 07:10:13 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: iptray.exe3.1.13.9671509001d02cf4592e3d6016C:\Program Files\Immunet\3.1.13\iptray.exe

Error: (01/11/2015 01:00:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: iexplore.exe11.0.9600.174964a5bcbb4MSHTML.dll11.0.9600.17496546ff2f9c00000fd0011fb5c404401d02d7cd806654bC:\Program Files\Internet Explorer\iexplore.exeC:\windows\system32\MSHTML.dll505b13ef-9970-11e4-a7f0-5c93a2c5710c

Error: (01/10/2015 06:54:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496103c001d02d494eb721b894C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/10/2015 07:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: McUICnt.exe5.9.2.012be001d02cee005a10a44C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe50914e7b-98e1-11e4-a7f0-5c93a2c5710c

Error: (01/10/2015 06:27:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fayqdsvzw.exe36.0.1985.14353e2e515Uifidamaj.dll0.0.0.054a117b0c0000005000140fbb1801d02ce1750f69b8C:\Users\Mark\AppData\LocalLow\EmieBrowserModeList\Sdyecinjhgwm\xxikgtfvqd\Fayqdsvzw.exeC:\Users\Mark\AppData\Local\Temp\4154\AppData\Local\Microsoft\Uifidamaj.dllc1fbbe4a-98d4-11e4-a7f0-5c93a2c5710c

==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 16289.17 MB
Available physical RAM: 12059.27 MB
Total Pagefile: 32576.53 MB
Available Pagefile: 29382.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:915.51 GB) (Free:840.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:15.77 GB) (Free:1.92 GB) NTFS
Drive f: (WD Passport) (Fixed) (Total:74.5 GB) (Free:64.29 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0154CD7B)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 74.5 GB) (Disk ID: B6836B4E)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=0C)

==================== End Of Log ============================

 

 

Attached Files


Edited by Mark Green, 17 January 2015 - 12:26 PM.

  • 0

#4
Mark Green
Posted 17 January 2015 - 12:20 PM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Tried using the options but it didn't attach.


Edited by Mark Green, 17 January 2015 - 12:21 PM.

  • 0

#5
LiquidTension
Posted 17 January 2015 - 12:25 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Mark, 
 
We can come back to the TDSSKiller log (depending on your decision below). 
 
Due to the nature of an infection present on your computer, I must unfortunately issue you the following warning. Please have a read of the warning & articles linked, and let me know how you wish to proceed. 
 

goGMWSt.gifBACKDOOR WARNING
 
------------------------------
 
One or more of the identified infections is known to use a backdoor, that allows attackers to remotely control your computer, download/execute files and steal system, financial & personal information.
 
If your computer has been used for online banking, has credit card information or other sensitive data, using a non-infected computer/device you should immediately change all account information (including those used for Email, eBay, Paypal, online forums, etc).
 
Banking and credit card institutions should be notified of the possible security breach. Please read the following article for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
 
Whilst the identified infection(s) can be removed, there is no way to guarantee the trustworthiness of your computer unless you reformat your Hard Drive and reinstall your Operating System. This is due to the nature of the infection, which allows a remote attacker to make any number of modifications. Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat/reinstall. Please read the following articles for more information.

You now have the choice between cleaning the infection(s) present or reformatting your computer. Ultimately, the decision is personal, and what you're most comfortable with. Once you've read the articles linked above, let me know if you have any questions, and how you wish to proceed.

  • 0

#6
Mark Green
Posted 17 January 2015 - 12:36 PM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Adam.

 

Wow.  This computer is virtually brand new.  I haven't used it for any financial transactions or anything.  I did save some personal information to an external hard drive that I unfortunately left connected.  Hopefully that isn't an issue.  It sounds like I need to reformat my hard drive.  Is it possible that this new computer arrived infected?


  • 0

#7
LiquidTension
Posted 17 January 2015 - 12:44 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Mark, 
 

Is it possible that this new computer arrived infected?

Unlikely. 
 
I see you have an outdated version of Adobe Reader installed. Malware - especially the infection present, exploit vulnerabilities in popular software such as Adobe Reader to infect computers. It's paramount you keep your Internet-facing software such as browsers, Adobe products, Apple products, etc and of course Windows itself updated at all times.  
 
I also see you had Java installed (until recently). Unless you absolutely need the programme, you're better off staying clear altogether. 
 

It sounds like I need to reformat my hard drive.

If this is the route you'd like to take - 
You have an alternative to reformatting that will accomplish the same result.
 
Using your recovery partition, you can restore the computer to the state it was the first time you switched the machine on. 
Drive d: (HP_RECOVERY) (Fixed) (Total:15.77 GB) (Free:1.92 GB) NTFS
 
I can provide instructions on how you can safely backup your data and use your recovery partition. Please provide the make and model of your computer if you're interested.


  • 0

#8
Mark Green
Posted 17 January 2015 - 12:56 PM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Adam,

 

Yes I would appreciate help to safely backup my data and use my recovery partition.  My computer info is:

 

Make: Hewlett-Packard

Model:  700-215xt


Edited by Mark Green, 17 January 2015 - 01:21 PM.

  • 0

#9
LiquidTension
Posted 18 January 2015 - 10:55 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts

Hi Mark, 
 
The steps below explain how you can safely backup your data, prepare for the restore, perform the restore, and setup your computer afterwards. 
Before starting the process, please ensure you have to hand installation discs, license information, etc for any software you have paid for (Microsoft Office, Norton Internet Security, etc). 

 

Let me know how you get on. 
 
STEP 1
ypeNg1J.png Panda USB Vaccine

  • Please download Panda USB Vaccine and save the file to your Desktop.
  • Double-click USBVaccineSetup.exe to install the programme.
  • Read and accept the license agreement, then click Next.
  • Upon completion of the setup, ensure Launch Panda USB Vaccine is checked and click Finish.
  • Click the Vaccinate Computer button. It should now show a green checkmark and confirm Computer vaccinated.
  • Hold down the Shift key on your keyboard and insert your USB drive into the clean PC.
  • Follow these instructions on how to reformat your USB drive (this will remove all files on the device). This is to ensure the drive is clean. 
  • Return to Panda USB Vaccine. When the name of the drive appears in the Panda USB Vaccine dialog box, click the Vaccinate USB drive(s)button.
  • Exit the programme when done.

-- Computer Vaccination will prevent any AutoRun file from running, regardless of whether the removable device is infected or not. USB Vaccination disables the autorun file so it cannot be read, modified or replaced and creates an AUTORUN_.INF as protection against malicious code. The Panda Resarch Blog advises that once USB drives have been vaccinated, they cannot be reversed except with a format. If you do this, be sure to back up your data files first or they will be lost during the formatting process.
 
 
STEP 2
nSymGHK.png Folder Options

  • Press the Windows Key + r on your keyboard at the same time. Type Control Folders and click OK.
  • Click View. Under Hidden files and folders:
  • Place a checkmark next to Show hidden files, folders and drives.
  • Remove the checkmark next to Hide extensions for known file types.
  • Click Apply followed by OK.
     

STEP 3
LRQ3fDK.png Backup Data
The safest practice is not to backup any executable files (.exe), screensavers (.scr), dynamic link library (.dll), autorun (.ini) or script files (.php,.asp.htm.html.xml) files because they may be infected by malware. You should also avoid backing up compressed files (.zip.cab.rar) that have executables inside as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may disguise itself by hiding a file extension or by adding double file extensions (hence why STEP 2 is important) and/or space(s) in the file's name to hide the real extension, so be sure you look closely at the full file name.

  • Backing up documents, image, music and video is fine.
  • Specially crafted Word/Excel/PDF can be used for malicious intent, so please ensure you do not backup any documents you do not recognise.
  • To repeat, do not backup up files with the following extensions:
.exe, .scr, .bat, .com, .cmd, .msi, .pif, .ini, .htm, .html, .hta, .php, .asp, .xml, .zip, .rar, .cab
  • Once you have decided which files you wish to backup, copy the files over to the USB drive. 
     

STEP 4
CXrghb6.png Download Installation Files
 
Using a clean PC, download the lWy3MWr.png Norton Internet Security Free Trial executable (.exe) and save the file to your USB drive. You need only download the installation file; do not click or open the file.
Ensure you have to hand the relevant information associated with your paid-for product. You will need your license details to use the paid-for version after the restore. 
 
If you wish to switch Anti-Virus, consider ONE of the following suggestions -

Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. For a paid solution, my choice of Anti-Virus is ESET NOD32, and for a free solution, my choice of Anti-Virus is avast!. However, please be aware that there is no universal solution that works for everyone, and there is no single best anti-virus.
 
 
STEP 5
ALPcgkH.png Reformatting/Restoring
There are several options available.

  • Restore to factory default using your HP Recovery Partition.
  • Reformat using Windows built-in tools.
  • Reformat using Darik's Boot and Nuke (DBAN).

The advantage of using your Recovery Partition is that the process is mainly automated, leaving you with little to do yourself. The Recovery Partition will restore the computer to the state it was before the very first time you switched it on. This is the option I recommend you take. 
 
Before proceeding, double-check you have backed up all the files you need. Now follow these instructions on using your HP Recovery Partition to restore to factory default. Take heed of the warnings provided to you, and take your time as you progress through the various stages. Do not click or agree to anything without first ensuring you've fully read what you're agreeing to. 
 
 
STEP 6
dPS9R8h.png Computer Setup
Before restoring your backed up data, it's important you do the following in the order specified.
 
Confirm Windows Firewall is enabled

  • Press the Windows Key + r on your keyboard at the same time. Type firewall.cpl and click OK.
  • Confirm Windows Firewall is enabled.
  • If not, enable the Firewall.

Install an Anti-Virus

  • Hold down the Shift key and insert your USB drive. Move the AV setup file to your Desktop. Remove your USB drive.
  • Open the installation file, and follow the prompts to install the Anti-Virus.
  • Once installed, connect to Internet and immediately download the latest updates for the Anti-Virus.
  • Run a scan if you wish to.

Install Windows Updates

  • Press the Windows Key + r on your keyboard at the same time. Type wuapp.exe and click OK.
  • Click Check for updates.
  • Install all recommended updates (you may wish to uncheck any optional updates).
  • Do not use the computer whilst updates are installing.
  • For best results, it is recommend you install Updates in batches, rather than all at once. For example, you wish to install a quarter each time. 

Confirm there are no Issues with...

  • Audio/Sound
  • Battery
  • Display
  • CD/DVD drive
  • Keyboard
  • Mouse
  • Wireless Network

If you find issues with any of the above, do the following.

  • Press the Windows Key + r on your keyboard at the same time. Type devmgmt.msc and click OK.
  • Locate the relevant category, and click the corresponding drop-down arrow.
  • Right-click the relevant driver, and click Uninstall.
  • Follow any prompts.
  • Reboot your computer.
  • Windows should notify you that it has found and installed the driver after the reboot.
  • Confirm if the issue is resolved. 
     

STEP 7
ypeNg1J.png Panda USB Vaccine & MCShield 

  • Download and install Panda USB Vaccine. Follow the instructions from STEP 1, and follow the instructions up to and including, "Computer vaccinated".
  • Hold down the Shift key and insert your USB drive. 
     

STEP 8
LRQ3fDK.png Restoring Backed Up Data

  • Open your Anti-Virus. Run a scan, ensuring you select the option to scan removal media/external drives or the drive letter associated with your USB drive.
  • Confirm no threats found.
  • Open Windows Explorer, and navigate to your USB drive. Copy the backed up files to your Desktop, or the location of your choice.
  • Remove your USB drive.
     

STEP 9
CXrghb6.png Install Previously Installed Software
Here are links to some of your previously installed software. I do not recommend installing Java for the reasons below.

Using zANS9oB.png Java is an unnecessary security risk; especially using older versions which have vulnerabilities that malicious sites can use to exploit and infect your system.

Java is one of those technologies that you find installed on the majority of computer systems despite the fact that average users do not come across many Java-powered websites or desktop applications [...] According to W3Techs, only four percent of websites use Java on the server side [...] it is used by 0.2 percent of all websites on the client side. And two tenths of a percent includes sites that do not use it for their core functionality [...] there are sites and applications that require Java, and if you use any of them, you obviously need Java. But that makes you a minority. The majority of Internet users do not need Java. They do not need the Java plugin, nor do they need the Java Runtime Environment installed on their operating system.


  • 0

#10
Mark Green
Posted 18 January 2015 - 11:34 AM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Thanks Adam for the detailed instructions.  This will certainly take some time so if you don't hear from me for a bit... 

 

Looking at STEP 1, I do have one question before getting started that I wanted to make sure I am clear on.  The Panda USB Vaccine step is all done on a clean computer, correct?

 

Mark


Edited by Mark Green, 18 January 2015 - 12:07 PM.

  • 0

Advertisements

#11
Mark Green
Posted 18 January 2015 - 12:35 PM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

I have one more question. For argument's sake, if I have no files on the infected computer that I care about backing up AND I have a brand new USB external drive,  would it make sense to START at step 4 (i.e. downloading anti-virus).  I would also bypass steps 7 and 8 as well.  Thanks again!


  • 0

#12
LiquidTension
Posted 18 January 2015 - 12:54 PM

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Hi Mark,

Yes, steps 1-3 can be skipped if you do not have any files to backup.

Don't forget to ensure you have access to license information for paid software before you initiate the restore process.
  • 0

#13
Mark Green
Posted 19 January 2015 - 09:35 AM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

Adam,

 

One additional question regarding step 4 (downloading anti-virus to a USB drive).  I am able to get Norton for free thru my ISB.  However, when I download to my USB drive, all I seem to be able to download was the Norton Download Manager.  That obviously means I would have to be online to complete the installation.  Do you know  if it is possible to execute a download manager without it automatically starting installation?   That is, get to the point where the installation file is downloaded to the USB drive so that the actual installation.exe file is saved to the USB drive.


  • 0

#14
LiquidTension
Posted 19 January 2015 - 10:13 AM

LiquidTension

    Expert

  • Expert
  • 1,151 posts
Hi Mark,

How did you originally install Norton? Was it from an installation disc? Or did you download the setup file online?
  • 0

#15
Mark Green
Posted 19 January 2015 - 12:30 PM

Mark Green

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts

It is downloaded online (Comcast Infinity has a link to its customers to download it).


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP