Jump to content

Trojan zaccess virus


Recommended Posts

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, Adobe host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.13.2

Run by Fran at 12:25:09 on 2013-09-02

Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.3820.2068 [GMT -4:00]

.

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe

C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Windows\system32\taskhost.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\rundll32.exe

C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\rundll32.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\rundll32.exe

C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe

C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\splwow64.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.



mWinlogon: Userinit = userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll

BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll

BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

mRun: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [Dolby Advanced Audio v2] "C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe" -autostart

mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor

mRun: [Fastboot] C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe

mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\Users\Fran\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll


TCP: NameServer = 167.206.245.129 167.206.245.130

TCP: Interfaces\{5A4C0CF3-6627-417B-910F-10FBD715AB11} : DHCPNameServer = 167.206.245.129 167.206.245.130

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Symantec VIP Access Add-On: {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [TpShocks] TpShocks.exe

x64-Run: [LENOVO.TPKNRRES] C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2012-7-14 29512]

R0 Fastboot;Fastboot;C:\Windows\System32\drivers\Fastboot.sys [2012-7-14 70416]

R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-14 16152]

R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2011-12-29 25416]

R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2012-3-26 33344]

R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-11-9 8447848]

R2 FastbootService;FastbootService;C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [2012-7-14 169776]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-3 628448]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-7-14 161560]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-7-14 58192]

R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2012-3-27 101736]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-7-14 61264]

R2 LENOVO.TVTVCAM;ThinkVantage Virtual Camera Controller;C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [2012-7-14 176464]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2012-3-27 133992]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-26 418376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-26 701512]

R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]

R2 risdxc;risdxc;C:\Windows\System32\drivers\risdxc64.sys [2012-7-14 101888]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2012-3-27 145256]

R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2012-3-27 144960]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-14 363800]

R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2012-4-19 84080]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-2-26 2669840]

R3 5U877;5U877;C:\Windows\System32\drivers\5U877.sys [2012-7-14 216064]

R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [2013-1-15 1388120]

R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-1-1 138912]

R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130124.001\IDSviA64.sys [2013-1-24 513184]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-14 331264]

R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-14 356120]

R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-14 788760]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2012-1-26 25496]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-26 25928]

R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2012-7-14 1662528]

R3 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-5 451192]

R3 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-5 1129120]

R3 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-5 190072]

R3 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-5 405624]

R3 TVTI2C;Lenovo SM bus driver;C:\Windows\System32\drivers\tvti2c.sys [2012-2-7 40248]

R3 tvtvcamd;ThinkVantage Virtual Camera;C:\Windows\System32\drivers\tvtvcamd.sys [2012-7-14 27432]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2012-5-10 143936]

S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-20 71168]

S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2012-7-14 320576]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2012-1-26 34200]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-2-26 273168]

S3 PwmEWSvc;Cisco EnergyWise Enabler;C:\Program Files (x86)\ThinkPad\Utilities\PWMEWSVC.exe [2012-7-14 1665088]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-1 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-08-28 01:46:58 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B8EED554-C614-4E33-A7DC-11363D97DCCD}\mpengine.dll

2013-08-24 21:18:54 -------- d-----w- C:\Users\Fran\AppData\Local\Diagnostics

2013-08-14 12:47:38 224256 ----a-w- C:\Windows\System32\wintrust.dll

.

==================== Find3M  ====================

.

2013-08-21 01:03:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 01:03:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-07-26 05:13:37 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-26 05:12:08 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-07-26 05:12:04 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-07-26 05:12:03 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-07-26 03:35:08 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-07-26 03:13:24 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-26 03:12:04 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-07-26 03:12:00 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-07-26 03:12:00 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-07-26 02:49:14 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-07-26 02:39:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-07-26 01:59:38 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-09 06:03:30 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-07-09 05:54:22 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-07-09 05:53:12 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 05:03:34 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-07-09 05:03:34 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-07-09 04:53:47 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:33 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-09 02:49:42 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-07-09 02:49:41 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-07-09 02:49:39 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-07-09 02:49:38 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-07-06 06:03:53 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-06-15 04:32:16 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-06-05 03:34:27 3153920 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 12:25:46.66 ===============

 


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional 

Boot Device: \Device\HarddiskVolume1

Install Date: 12/27/2012 7:17:52 AM

System Uptime: 9/2/2013 9:33:30 AM (3 hours ago)

.

Motherboard: LENOVO |  | 234238U

Processor: Intel® Core i5-3320M CPU @ 2.60GHz | CPU Socket - U3E1 | 2601/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 391.332 GiB free.

Q: is FIXED (NTFS) - 14 GiB total, 2.218 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}

Description: Officejet J6400 series

Device ID: ROOT\MULTIFUNCTION\0000

Manufacturer: HP

Name: Officejet J6400 series

PNP Device ID: ROOT\MULTIFUNCTION\0000

Service: 

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

64 Bit HP CIO Components Installer

6400_Help

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.03)

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bonjour

bpd_scan

BPDSoftware

BPDSoftware_Ini

BufferChm

Burn.Now 4.5

Corel Burn.Now Lenovo Edition

Corel DVD MovieFactory 7

Corel DVD MovieFactory Lenovo Edition

Corel WinDVD

Create Recovery Media

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Direct DiscRecorder

Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7

DisplayLink Core Software

DocProc

Dolby Advanced Audio v2

Evernote v. 4.6

Fax

Google Chrome

Google Update Helper

GPBaseService2

HP Customer Participation Program 13.0

HP Imaging Device Functions 13.0

HP OfficeJet J6400

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPProductAssistant

HPSSupply

Integrated Camera Driver Installer Package Ver.1.2.1.16

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® Network Connections Drivers

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® WiDi

Intel® Wireless Display

Intel® PROSet/Wireless WiFi Software

Intel® Trusted Connect Service Client

iTunes

J6400

Java 7 Update 13

Java Auto Updater

Juniper Networks Network Connect 6.5.0

Juniper Networks Setup Client

Juniper Networks Setup Client Activex Control

Junk Mail filter update

Lasergene 10.1.2 Core Suite

Lenovo Auto Scroll Utility

Lenovo Graphics Software

Lenovo Patch Utility

Lenovo Patch Utility 64 bit

Lenovo Registration

Lenovo System Update

Lenovo Warranty Information

Lenovo Welcome

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

McAfee Security Scan Plus

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Network64

Norton Internet Security

OCR Software by I.R.I.S. 13.0

On Screen Display

Power Manager

ProductContext

RapidBoot HDD Accelerator

RapidBoot Shield

Realtek High Definition Audio Driver

Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7

RICOH_Media_Driver_v2.14.18.01

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Shop for HP Supplies

SmartWebPrinting

SolutionCenter

Status

SugarSync Manager

ThinkPad Power Management Driver

ThinkPad UltraNav Driver

ThinkVantage Active Protection System

ThinkVantage Communications Utility

Toolbox

TrayApp

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

VIP Access

WebReg

Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0)

Windows Driver Package - Intel System  (01/11/2012 9.3.0.1020)

Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011)

Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011)

Windows Driver Package - Lenovo 1.65.04.00 (01/11/2012 1.65.04.00)

Windows Driver Package - Synaptics (SynTP) Mouse  (02/09/2012 15.3.45.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

.

==== Event Viewer Messages From Past Week ========

.

9/2/2013 9:36:47 AM, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  Access is denied.

9/1/2013 9:08:30 PM, Error: Microsoft-Windows-WMPNSS-Service [14332]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80070420'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

9/1/2013 8:16:04 PM, Error: volsnap [25]  - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

9/1/2013 6:10:01 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.157.758.0).

8/29/2013 8:06:51 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Software Protection service to connect.

8/29/2013 8:06:51 AM, Error: Service Control Manager [7000]  - The Software Protection service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.

8/29/2013 8:04:02 AM, Error: Microsoft-Windows-DNS-Client [1012]  - There was an error while attempting to read the local hosts file.

8/29/2013 12:19:18 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LENOVO.CAMMUTE service.

.

==== End Of File ===========================

 


 

Link to post
Share on other sites

Here it is

 

RogueKiller V8.6.8 _x64_ [sep  2 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fran [Admin rights]
Mode : Scan -- Date : 09/02/2013 14:21:04
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 1 ¤¤¤
[ZeroAccess][sERVICE] ???etadpug -- "C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\   \...\???ﯹ๛\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" < [x] -> STOPPED
 
¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][ZeroAccess] HKCU\[...]\Run : Google Update ("C:\Users\Fran\AppData\Local\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\?��?��?��\?��?��?��\???ﯹ๛\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" >) -> FOUND
[RUN][ZeroAccess] HKUS\S-1-5-21-680429692-3992685079-3041373530-1001\[...]\Run : Google Update ("C:\Users\Fran\AppData\Local\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\?��?��?��\?��?��?��\???ﯹ๛\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" >) -> FOUND
[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\[...]\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [x][7][x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CCSet\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\   \...\???ﯹ๛\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS001\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\   \...\???ﯹ๛\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" < [x]) -> FOUND
[sERVICE][ZeroAccess] HKLM\[...]\CS002\[...]\Services : ???etadpug ("C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\   \...\???ﯹ๛\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" < [x]) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CCSet\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS001\[...]\Services : . e () -> FOUND
[HID SVC][Hidden from API] HKLM\[...]\CS002\[...]\Services : . e () -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_32\Desktop.ini [-] --> FOUND
[ZeroAccess][File] Desktop.ini : C:\Windows\assembly\GAC_64\Desktop.ini [-] --> FOUND
[ZeroAccess][Junction] MpClient.dll : C:\Program Files\Windows Defender\MpClient.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpRTP.dll : C:\Program Files\Windows Defender\MpRTP.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Junction] MpSvc.dll : C:\Program Files\Windows Defender\MpSvc.dll >> \systemroot\system32\config [-] --> FOUND
[ZeroAccess][Folder] Install : C:\Users\Fran\AppData\Local\Google\Desktop\Install [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: HITACHI HTS725050A7E630 +++++
--- User ---
[MBR] bf50300cc74cbb7727c0de1d493acd09
[bSP] 4d5435361d28d51a2982dc58772d43b9 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] b52b80e7851f1a5c01708703cfebeb54
[bSP] 2d4020102160183d417311fc9bcb8c66 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo
 
Finished : << RKreport[0]_S_09022013_142104.txt >>
 
 
 
 
Link to post
Share on other sites

Please read the following information first.
 

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

I would change all my passwords and keep a close eye on all your sensitive accounts.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


-----------------------------------------

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system) 64 bit for you

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Link to post
Share on other sites

Here is the first txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-09-2013 06
Ran by Fran (administrator) on FRAN-THINK on 02-09-2013 19:49:24
Running from C:\Users\Fran\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Lenovo.) C:\Windows\system32\ibmpmsvc.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Juniper Networks) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Lenovo) C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
(Lenovo Group Limited) C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Lenovo Group Limited) C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\VIPUIManager.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\WhiteList.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\VIP Access Client\GreenList.exe
(BrowserSafeguard) C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProStart.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Smartbar) C:\Users\Fran\AppData\Local\Smartbar\Application\QuickShare.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Fran\Downloads\FRST64 (3).exe
(Farbar) C:\Users\Fran\Downloads\FRST64 (4).exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2870032 2012-02-09] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12480616 2012-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-03-09] (Realtek Semiconductor)
HKLM\...\Run: [TpShocks] - C:\Windows\system32\TpShocks.exe [382528 2012-02-25] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] - C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [289104 2012-05-08] (Lenovo Group Limited)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Google Update*] -  [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [browserSafeguard] - C:\Program Files (x86)\Browsersafeguard\Browsersafeguard.exe [559616 2013-08-19] (BrowserSafeguard)
HKCU\...\Run: [Optimizer Pro] - C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [135672 2013-08-26] (PC Utilities Pro)
HKCU\...\Run: [browser Infrastructure Helper] - C:\Users\Fran\AppData\Local\Smartbar\Application\QuickShare.exe [20248 2013-08-26] (Smartbar)
MountPoints2: {b28c936a-057b-11e3-9290-0021ccc42616} - D:\VZW_Software_upgrade_assistant.exe
MountPoints2: {cc82efc6-cdea-11e1-8cd9-806e6f6e6963} - Q:\LenovoQDrive.exe
MountPoints2: {e2f5beed-5d59-11e2-b8be-0021ccc42616} - D:\TL-Bootstrap.exe
HKLM-x32\...\Run: [RotateImage] - C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [iMSS] - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-28] (Intel Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [507744 2011-12-20] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [PWMTRV] - C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL [5940288 2012-05-01] (Lenovo Group Limited)
HKLM-x32\...\Run: [Fastboot] - C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBConsole.exe [1091376 2012-01-17] (Lenovo)
HKLM-x32\...\Run: [Lenovo Registration] - C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKU\Default\...\RunOnce: [] -  [x]
HKU\Default\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2011-12-14] ()
HKU\Default User\...\RunOnce: [] -  [x]
HKU\Default User\...\RunOnce: [Lenovoautoqdrive] - C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe [159744 2011-12-14] ()
AppInit_DLLs:  C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL [2533376 2013-09-02] ()
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~1.dll [2740696 2013-08-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Fran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
 
==================== Internet (Whitelisted) ====================
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:56777;https=127.0.0.1:56777
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {299947DB-8111-41FF-8D7C-6C3019314E56} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=0DFE12C2-B43E-4E5A-934A-4CAB015BF861&apn_sauid=230D8FD8-B26E-42E3-BB29-912722A41A7F
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\64bit\VIPAddOnForIE64.dll (Symantec Corporation)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Symantec VIP Access Add-On - {C63CD127-A1CB-4D49-A4F7-D6F88A917BE6} - C:\Program Files (x86)\Symantec\VIP Access Client\VIPAddOnForIE.dll (Symantec Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 167.206.245.129 167.206.245.130
 
Chrome: 
=======
 
 
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\gcswf32.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Norton Confidential) - C:\Users\Fran\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.1.0.30_0\npcoplgn.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Chrome In-App Payments service) - C:\Users\Fran\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Exts\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [8447848 2011-11-09] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320576 2012-05-01] (Lenovo.)
R2 FastbootService; C:\Program Files (x86)\Lenovo\RapidBoot HDD Accelerator\FBService.exe [169776 2012-01-17] (Lenovo)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-28] (Intel Corporation)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [176464 2012-05-08] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [22376 2013-06-26] ()
R2 VIPAppService; C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [84080 2012-04-19] (Symantec Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] ()
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\   \...\???\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys [1388120 2013-01-15] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys [167072 2012-06-07] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-28] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-12-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-01-01] (Symantec Corporation)
R0 Fastboot; C:\Windows\System32\DRIVERS\Fastboot.sys [70416 2012-01-17] (Windows ® Win 7 DDK provider)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130124.001\IDSvia64.sys [513184 2012-12-27] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130124.001\IDSvia64.sys [513184 2012-12-27] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130125.004\ENG64.SYS [126192 2013-01-18] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130125.004\ENG64.SYS [126192 2013-01-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130125.004\EX64.SYS [2087664 2013-01-18] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130125.004\EX64.SYS [2087664 2013-01-18] (Symantec Corporation)
R1 PHCORE; C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS [33344 2012-03-26] (Lenovo Group Limited)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1309010.00E\SRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [175736 2012-12-28] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS [190072 2012-04-17] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
R3 TVTI2C; C:\Windows\System32\DRIVERS\Tvti2c.sys [40248 2011-05-29] (Lenovo Information Product(ShenZhen China) Inc.)
R3 tvtvcamd; C:\Windows\System32\DRIVERS\tvtvcamd.sys [27432 2011-12-07] (ThinkVantage Communications Utility)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-02 19:48 - 2013-09-02 19:48 - 01951862 _____ (Farbar) C:\Users\Fran\Downloads\FRST64 (3).exe
2013-09-02 19:48 - 2013-09-02 19:48 - 00000000 ____D C:\FRST
2013-09-02 19:46 - 2013-09-02 19:46 - 00000000 ____D C:\Program Files (x86)\FileOpenerPro
2013-09-02 19:45 - 2013-09-02 19:46 - 00000000 ____D C:\Users\Fran\AppData\Local\Smartbar
2013-09-02 19:45 - 2013-09-02 19:45 - 01951862 _____ (Farbar) C:\Users\Fran\Downloads\FRST64 (2).exe
2013-09-02 19:45 - 2013-09-02 19:45 - 00001073 _____ C:\Users\Fran\Desktop\Optimizer Pro.lnk
2013-09-02 19:45 - 2013-09-02 19:45 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-09-02 19:43 - 2013-09-02 19:43 - 00003860 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-09-02 19:43 - 2013-09-02 19:43 - 00000000 ____D C:\ProgramData\Real
2013-09-02 19:43 - 2013-09-02 19:43 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-09-02 19:42 - 2013-09-02 19:42 - 01069208 _____ (InstallManager) C:\Users\Fran\Downloads\Setup.exe
2013-09-02 19:41 - 2013-09-02 19:42 - 01951862 _____ (Farbar) C:\Users\Fran\Downloads\FRST64 (1).exe
2013-09-02 15:39 - 2013-09-02 15:39 - 01951954 _____ (Farbar) C:\Users\Fran\Downloads\FRST64.exe
2013-09-02 15:05 - 2013-09-02 15:05 - 00000000 ____D C:\576714808db897c0a94892d647dbd20e
2013-09-02 14:21 - 2013-09-02 14:21 - 00004588 _____ C:\Users\Fran\Desktop\RKreport[0]_S_09022013_142104.txt
2013-09-02 14:19 - 2013-09-02 14:23 - 00000000 ____D C:\Users\Fran\Desktop\RK_Quarantine
2013-09-02 14:19 - 2013-09-02 14:19 - 03784192 _____ C:\Users\Fran\Downloads\RogueKillerX64.exe
2013-09-02 13:05 - 2013-09-02 13:06 - 00000000 ____D C:\Users\Fran\Desktop\Computer Stuff
2013-09-02 12:54 - 2013-09-02 13:03 - 00000000 ____D C:\Users\Fran\Desktop\Decks and Styles to consider in our addition
2013-09-02 12:24 - 2013-09-02 12:24 - 00688992 ____R (Swearware) C:\Users\Fran\Downloads\dds.com
2013-08-29 10:08 - 2013-08-29 10:08 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-15 03:06 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:06 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:06 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:06 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:06 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:06 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:06 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:06 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:06 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:06 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:06 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:06 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:06 - 2013-07-25 22:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:06 - 2013-07-25 21:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 08:47 - 2013-07-25 05:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 08:47 - 2013-07-25 04:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 08:47 - 2013-07-18 21:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 08:47 - 2013-07-18 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 08:47 - 2013-07-09 02:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 08:47 - 2013-07-09 01:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 08:47 - 2013-07-09 01:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 08:47 - 2013-07-09 01:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 08:47 - 2013-07-09 01:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 08:47 - 2013-07-09 01:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 08:47 - 2013-07-09 01:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 08:47 - 2013-07-09 01:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 08:47 - 2013-07-09 01:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 08:47 - 2013-07-09 01:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 08:47 - 2013-07-09 00:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 08:47 - 2013-07-09 00:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 08:47 - 2013-07-09 00:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 08:47 - 2013-07-09 00:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 08:47 - 2013-07-09 00:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 08:47 - 2013-07-09 00:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 08:47 - 2013-07-09 00:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 08:47 - 2013-07-08 22:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 08:47 - 2013-07-08 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 08:47 - 2013-07-08 22:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 08:47 - 2013-07-08 22:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 08:47 - 2013-07-06 02:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 08:47 - 2013-06-15 00:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 17:58 - 2013-09-02 13:05 - 00000000 ____D C:\Users\Fran\Desktop\mindy & fran  and john kostick
 
==================== One Month Modified Files and Folders =======
 
2013-09-02 19:48 - 2013-09-02 19:48 - 01951862 _____ (Farbar) C:\Users\Fran\Downloads\FRST64 (3).exe
2013-09-02 19:48 - 2013-09-02 19:48 - 00000000 ____D C:\FRST
2013-09-02 19:46 - 2013-09-02 19:46 - 00000000 ____D C:\Program Files (x86)\FileOpenerPro
2013-09-02 19:46 - 2013-09-02 19:45 - 00000000 ____D C:\Users\Fran\AppData\Local\Smartbar
2013-09-02 19:45 - 2013-09-02 19:45 - 01951862 _____ (Farbar) C:\Users\Fran\Downloads\FRST64 (2).exe
2013-09-02 19:45 - 2013-09-02 19:45 - 00001073 _____ C:\Users\Fran\Desktop\Optimizer Pro.lnk
2013-09-02 19:45 - 2013-09-02 19:45 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-09-02 19:43 - 2013-09-02 19:43 - 00003860 _____ C:\Windows\System32\Tasks\BrowserSafeguard Update Task
2013-09-02 19:43 - 2013-09-02 19:43 - 00000000 ____D C:\ProgramData\Real
2013-09-02 19:43 - 2013-09-02 19:43 - 00000000 ____D C:\Program Files (x86)\Browsersafeguard
2013-09-02 19:42 - 2013-09-02 19:42 - 01069208 _____ (InstallManager) C:\Users\Fran\Downloads\Setup.exe
2013-09-02 19:42 - 2013-09-02 19:41 - 01951862 _____ (Farbar) C:\Users\Fran\Downloads\FRST64 (1).exe
2013-09-02 19:39 - 2013-02-02 17:12 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-02 19:39 - 2012-07-14 15:53 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-02 19:39 - 2012-07-14 15:37 - 01155598 _____ C:\Windows\WindowsUpdate.log
2013-09-02 15:39 - 2013-09-02 15:39 - 01951954 _____ (Farbar) C:\Users\Fran\Downloads\FRST64.exe
2013-09-02 15:31 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-02 15:31 - 2009-07-14 00:45 - 00034432 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-02 15:05 - 2013-09-02 15:05 - 00000000 ____D C:\576714808db897c0a94892d647dbd20e
2013-09-02 14:23 - 2013-09-02 14:19 - 00000000 ____D C:\Users\Fran\Desktop\RK_Quarantine
2013-09-02 14:21 - 2013-09-02 14:21 - 00004588 _____ C:\Users\Fran\Desktop\RKreport[0]_S_09022013_142104.txt
2013-09-02 14:19 - 2013-09-02 14:19 - 03784192 _____ C:\Users\Fran\Downloads\RogueKillerX64.exe
2013-09-02 13:06 - 2013-09-02 13:05 - 00000000 ____D C:\Users\Fran\Desktop\Computer Stuff
2013-09-02 13:06 - 2013-04-21 08:26 - 00000000 ____D C:\Users\Fran\Desktop\Real Estate
2013-09-02 13:05 - 2013-08-11 17:58 - 00000000 ____D C:\Users\Fran\Desktop\mindy & fran  and john kostick
2013-09-02 13:03 - 2013-09-02 12:54 - 00000000 ____D C:\Users\Fran\Desktop\Decks and Styles to consider in our addition
2013-09-02 12:55 - 2009-07-14 01:13 - 00778834 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-02 12:24 - 2013-09-02 12:24 - 00688992 ____R (Swearware) C:\Users\Fran\Downloads\dds.com
2013-09-02 09:34 - 2012-07-14 15:53 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-02 09:34 - 2012-07-14 15:50 - 629710336 ___SH C:\Windows\lenovo_fastboot.img
2013-09-02 09:33 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-02 09:33 - 2009-07-14 00:51 - 00054929 _____ C:\Windows\setupact.log
2013-08-29 10:15 - 2010-11-20 23:47 - 00052224 _____ C:\Windows\PFRO.log
2013-08-29 10:08 - 2013-08-29 10:08 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-29 10:08 - 2012-12-26 23:37 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-29 09:38 - 2012-07-14 15:53 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-29 09:10 - 2012-12-27 08:21 - 00000000 ____D C:\Users\Fran\AppData\Local\Google
2013-08-28 07:55 - 2012-12-28 15:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-20 21:03 - 2013-02-02 17:12 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 21:03 - 2013-02-02 17:12 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 21:03 - 2013-02-02 17:12 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-15 17:03 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 03:02 - 2013-07-11 03:00 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 03:01 - 2013-01-01 21:57 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-04 08:02 - 2012-12-28 20:28 - 00000000 ____D C:\Users\Fran\AppData\Local\CrashDumps
 
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
 
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
 
Files to move or delete:
====================
ZeroAccess:
C:\Users\Fran\AppData\Local\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}
C:\Users\Fran\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Fran\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Fran\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\Fran\AppData\Local\Temp\ose00000.exe
C:\Users\Fran\AppData\Local\Temp\~nsu.tmp\Au_.exe
C:\Users\Fran\AppData\Local\Temp\Temp1_Lasergene-10.1.2-Win-Install.zip\Lasergene-10.1.2-Win-Install\LasergeneCoreSuite1012WinInstall.exe
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\fd5ac984\002b41ab_fa32cd01\AccuWeatherTile.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\fa8f0246\00fe0faa_fa32cd01\InternetExplorer.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\f6696851\001d1aa4_fa32cd01\Biztree.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\e836f615\00fb53be_fa32cd01\MSOffice.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\d5f88fef\00f0e8a2_fa32cd01\ScreenRotate.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\c94fb36a\00bf5e13_35dacc01\SugarSync.SimpleTapAddons.FileManager.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\9c8634fb\006699b3_fa32cd01\Kayak.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\9be15dc6\002885bf_fa32cd01\Skype.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\944cea58\005b2e98_fa32cd01\CoreAudioApi.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\91cebae5\002b41ab_fa32cd01\PriceGrabber.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\91b8b560\00fe0faa_fa32cd01\EvernoteLauncher.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\8d2817c7\00d1dea8_fa32cd01\Chrome.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\89e3ee9c\00df05b0_fa32cd01\Flickr.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\84518bf2\00ce22bd_fa32cd01\MessageCenterPlus.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\808ff700\0074c0ba_fa32cd01\LenovoTV.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\747170ab\0093cab4_fa32cd01\LenovoMusic.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\72e34eaf\005d7dce_21dacc01\AccuWeatherTile.resources.DLL
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\5e792308\001a5eb8_fa32cd01\LenovoSolutionCenter.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\5dfbaaa3\006699b3_fa32cd01\Groupon.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\47d1bc85\005872ac_fa32cd01\SimpleTapAppStoreAddon.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\43d9f2a4\00e2c19b_fa32cd01\WirelessApi.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\31bc89e9\00777ca6_fa32cd01\DefaultTheme.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\2cfbd654\00885f99_fa32cd01\DisplayBrightnessApi.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\28355692\000f03da_18e1cc01\NewsTile.dll
C:\Users\Fran\AppData\Local\Temp\SimpleTap\assembly\dl3\1cda5e52\002885bf_fa32cd01\Wikipedia.dll
C:\Users\Fran\AppData\Local\Temp\nsr7D56.tmp\Registry.dll
C:\Users\Fran\AppData\Local\Temp\Juniper Networks\setup\NeoterisSetupApp.exe
C:\Users\Fran\AppData\Local\Temp\is-928N3.tmp\OptProCrash.dll
C:\Users\Fran\AppData\Local\Temp\HpUpdate\25732\CIOUMUpdate_3545_000_009_hpu.exe
C:\Users\Fran\AppData\Local\Temp\HpUpdate\21598\CPE_SLP_NETWORKMSI_hpu_000_006.exe
C:\Users\Fran\AppData\Local\Temp\HPSUNW5I.JMG\hpusetup.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\hpzc3212.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\hpzids01.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\HPZIDS40.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\hpzsetup.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\HPZstub.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\Setup.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\cfgedt\hpbcfgap.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\cfgedt\hpbcfgre.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\cfgedt\hpbcfgui.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\cfgedt\HPBDMC32.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\cfgedt\HPCDMC32.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\cfgedt\hpcdmc64.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\CCC_Uninstaller.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\hpqrrx08.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\WindowsInstaller-KB884016-v2-x86.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\trk\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\trk\WindowsXP-KB822603-x86-TRK.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\sve\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\sve\WindowsXP-KB822603-x86-SVE.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\rus\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\rus\WindowsXP-KB822603-x86-RUS.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\ptb\Q283787_W2K_SP3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\ptb\WindowsXP-KB822603-x86-PTB.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\plk\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\plk\WindowsXP-KB822603-x86-PLK.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\nob\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\nob\WindowsXP-KB822603-x86-NOR.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\nld\Q283787_W2K_SP3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\nld\WindowsXP-KB822603-x86-NLD.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\kor\Q283787_W2K_SP3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\kor\WindowsXP-KB822603-x86-KOR.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\jpn\Q283787_W2K_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\jpn\WindowsXP-KB822603-x86-JPN.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\ita\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\ita\WindowsXP-KB822603-x86-ITA.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\hun\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\hun\WindowsXP-KB822603-x86-HUN.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\fra\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\fra\WindowsXP-KB822603-x86-FRA.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\fin\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\fin\WindowsXP-KB822603-x86-FIN.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\esn\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\esn\WindowsXP-KB822603-x86-ESN.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\esm\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\enu\Q283787_W2K_SP3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\enu\WindowsXP-KB822603-x86-ENU.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\ell\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\ell\WindowsXP-KB822603-x86-ELL.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\DeviceInfo.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\HpAppEgn.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\HpSdUi.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\HPSysDig.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\logging.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\systeminfo.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\zlib.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\tu\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\tc\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\sw\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\sp\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\sc\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\ru\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\pol\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\po\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\no\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\ko\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\ja\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\it\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\hu\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\gr\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\ge\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\fr\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\fi\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\en\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\du\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\da\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\diagnostics\loc\cz\HpSdRes.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\deu\Q283787_W2K_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\deu\WindowsXP-KB822603-x86-DEU.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\dan\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\dan\WindowsXP-KB822603-x86-DAN.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\csy\Q283787_w2k_sp3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\csy\WindowsXP-KB822603-x86-CSY.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\cht\Q283787_W2K_SP3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\cht\WindowsXP-KB822603-x86-CHT.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\chs\Q283787_W2K_SP3_x86.EXE
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\util\ccc\chs\WindowsXP-KB822603-x86-CHS.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\BlockSysUserInstall.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\DelNwPrinter.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\DeviceDisconnect.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\difxapi.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPCommunication.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpdot4chk.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPeDiag.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPeSupport.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpnwchk.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpprtchk.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpqbhp01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpqrrx08.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPScripting.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpwlpd01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpxpschk.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZarp01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZcdl01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZchk01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZdui01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZdui40.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpzfwx01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZgat01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZmsi01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZnop01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpznui01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZnui40.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpznuiprn01.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpznuiprn40.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpznuiscn01.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\hpznuiscn40.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZpnp01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZpnp40.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZprl01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZprl40.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZpsc01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZpsl01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZrcn01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZrcv01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZrein01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZscr01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZscr40.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZshl01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZshl40.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZSWP01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZtim01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZwis01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZwrp01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\HPZwup01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\InstallMetrics.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\InternetUtil.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\msxml3.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\msxml3a.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\msxml3r.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\RulesEngine.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\usbready.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\yahoo\ytb_7.2.2.0_1.5.4_mail_bts_pub_uber_rev_setup_2008.11.25.01.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\yahoo\y_hp_intl_detect.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\x64\difxapi.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\wis\Win2K_XP\instmsi.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx86\hpqNwDr01.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx86\hpzscb01.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx86\hpzscbi0SmrtK.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx86\hpzscbi1BPDUSB.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx86\hpzscbi257usw.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx86\hpzscbi259Nop.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx86\hpzscbi2Snmp.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx64\hpqNwDr40.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx64\hpzscb01.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx64\hpzscbi0SmrtK.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx64\hpzscbi1BPDUSB.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx64\hpzscbi257usw.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx64\hpzscbi259Nop.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\networkx64\hpzscbi2Snmp.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\dpinst_x64\DPInst.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\setup\dpinst_x32\DPInst.exe
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\scanner\x64\hpovst11.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\scanner\x64\hpwtiop3.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\scanner\x64\hpwwiax3.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\scanner\x32\hpovst11.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\scanner\x32\hpwtiop3.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\scanner\x32\hpwtusd1.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\scanner\x32\hpwwiax3.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\dot4\win2000\difxapi.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\dot4\win2000\hppldcoi.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\dot4\win2000\hpzc3212.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\dot4\amd64\winxp\difxapi.dll
C:\Users\Fran\AppData\Local\Temp\7zS0797\OJJ6400_Full_13\drivers\dot4\amd64\winxp\hppldcoi.dll
C:\Users\Fran\AppData\Local\Temp\7zS01BA\Dot4Scrubber.exe
C:\Users\Fran\AppData\Local\Temp\7zS01BA\ExecuteProcess.exe
C:\Users\Fran\AppData\Local\Temp\7zS01BA\HPeDiag.dll
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-09-02 15:22
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

Here is the additional txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-09-2013 06
Ran by Fran at 2013-09-02 19:49:54
Running from C:\Users\Fran\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
64 Bit HP CIO Components Installer (Version: 7.2.8)
6400_Help (x32 Version: 1.00.0000)
Adobe AIR (x32 Version: 3.2.0.2070)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Apple Application Support (x32 Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (x32 Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
bpd_scan (x32 Version: 3.00.0000)
BPDSoftware (x32 Version: 130.0.000.000)
BPDSoftware_Ini (x32 Version: 1.00.0000)
BrowserSafeguard (x32)
BufferChm (x32 Version: 130.0.331.000)
Burn.Now 4.5 (x32 Version: 4.5.0)
Corel Burn.Now Lenovo Edition (x32 Version: 4.5.0)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0)
Corel DVD MovieFactory Lenovo Edition (x32 Version: 7.0.0)
Corel WinDVD (x32 Version: 10.0.6.385)
Create Recovery Media (x32 Version: 1.20.0.00)
D3DX10 (x32 Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.465.000)
Direct DiscRecorder (x32 Version: 1.00.0000)
Disable AMT Profile Synchronization Pop-up for Windows XP/Vista/7 (Version: 1.00)
DisplayLink Core Software (Version: 6.1.35392.0)
DocProc (x32 Version: 13.0.0.0)
Dolby Advanced Audio v2 (x32 Version: 7.2.7000.11)
dows Driver Package - Intel System  (01/11/2012 9.3.0.1020) (Version: 01/11/2012 9.3.0.1020)
Evernote v. 4.6 (x32 Version: 4.6.0.7670)
Fax (x32 Version: 130.0.418.000)
File Opener Pro (x32)
Google Chrome (x32 Version: 29.0.1547.62)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP OfficeJet J6400 (Version: 13.0)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (x32 Version: 5.005.000.002)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
Integrated Camera Driver Installer Package Ver.1.2.1.16 (x32 Version: 1.2.1.16)
Intel PROSet Wireless
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 8.0.3.1427)
Intel® Network Connections Drivers (Version: 16.8)
Intel® OpenCL CPU Runtime (x32)
Intel® Processor Graphics (x32 Version: 8.15.10.2639)
Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.4.220)
Intel® WiDi (x32 Version: 3.0.13.0)
Intel® Wireless Display
Intel® PROSet/Wireless WiFi Software (Version: 15.01.0000.0830)
Intel® Trusted Connect Service Client (Version: 1.23.605.1)
iTunes (Version: 11.0.1.12)
J6400 (x32 Version: 130.0.000.000)
Java 7 Update 13 (x32 Version: 7.0.130)
Java Auto Updater (x32 Version: 2.1.9.0)
Juniper Networks Network Connect 6.5.0 (x32 Version: 6.5.0.14951)
Juniper Networks Setup Client (HKCU Version: 2.1.2.5973)
Juniper Networks Setup Client Activex Control (x32 Version: 2.1.1.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Lasergene 10.1.2 Core Suite (x32)
Lenovo Auto Scroll Utility (Version: 1.11)
Lenovo Graphics Software (Version: 6.1.35401.0)
Lenovo Patch Utility (x32 Version: 1.3.0.9)
Lenovo Patch Utility 64 bit (Version: 1.3.0.9)
Lenovo Registration (x32 Version: 1.0.4)
Lenovo System Update (x32 Version: 5.02.0018)
Lenovo Warranty Information (x32 Version: 1.0.0005.00)
Lenovo Welcome (x32 Version: 3.1.0017.00)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Network64 (Version: 130.0.579.000)
Network64 (Version: 140.0.221.000)
Norton Internet Security (x32 Version: 19.9.1.14)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
On Screen Display (Version: 6.71.03)
Optimizer Pro v3.0 (x32 Version: 3.0)
Power Manager (x32 Version: 6.30)
ProductContext (x32 Version: 130.0.000.000)
QuickShare (x32 Version: 1.90.60.12091)
RapidBoot HDD Accelerator (x32 Version: 1.00.0802)
RapidBoot Shield (Version: 1.21)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6617)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
RICOH_Media_Driver_v2.14.18.01 (x32 Version: 2.14.18.01)
Scan (x32 Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
SmartWebPrinting (x32 Version: 130.0.457.000)
SolutionCenter (x32 Version: 130.0.373.000)
Status (x32 Version: 130.0.469.000)
SugarSync Manager (x32 Version: 1.9.59.88888)
ThinkPad Power Management Driver (Version: 1.65.04.00)
ThinkPad UltraNav Driver (Version: 15.3.45.0)
ThinkVantage Active Protection System (Version: 1.76)
ThinkVantage Communications Utility (Version: 3.0.10.0)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.422.000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
VIP Access (x32 Version: 2.0.5.13)
WebReg (x32 Version: 130.0.132.017)
Windows Driver Package - Intel (e1cexpress) Net  (01/11/2012 11.15.16.0) (Version: 01/11/2012 11.15.16.0)
Windows Driver Package - Intel System  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Intel USB  (08/26/2011 9.3.0.1011) (Version: 08/26/2011 9.3.0.1011)
Windows Driver Package - Lenovo 1.65.04.00 (01/11/2012 1.65.04.00) (Version: 01/11/2012 1.65.04.00)
Windows Driver Package - Synaptics (SynTP) Mouse  (02/09/2012 15.3.45.0) (Version: 02/09/2012 15.3.45.0)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2013-02-10 13:20 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => start w32time task_started
Task: {242C2A81-6D78-4D5C-8AE5-E5958E6D6D04} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {5040C6A3-60D7-4F6B-A193-1AAEE303333A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => start osppsvc
Task: {565C43D6-8F2D-4AD6-8FB4-C5C04FCCA05A} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {65F86878-7D3E-4F7F-81A5-8C2C87542B81} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {68F7D283-6EA6-4FF8-9ED4-8A9586160D3F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {78B724C2-EA6D-4457-BCE2-E6F9498FA53A} - System32\Tasks\TVT\TVSUUpdateTask => C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe [2013-06-26] ()
Task: {838803C8-BE1C-4BDD-A651-4A485A5AE5CB} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SymErr.exe [2012-02-03] (Symantec Corporation)
Task: {8DDE179F-F838-49A2-BACC-63DC982888CA} - System32\Tasks\BrowserSafeguard Update Task => C:\Program Files (x86)\Browsersafeguard\uninstall.browsersafeguard.exe [2013-09-02] ()
Task: {8F4FB3CE-983E-4BB0-8326-D317844D7C3D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {ABEB51D9-40F0-4F39-ABFA-69955AAAA0A7} - System32\Tasks\DiskUpdate => C:\SWTOOLS\OSFIXES\DISKUPDT\DiskUpdate.exe [2009-02-09] ()
Task: {AC073B34-6916-4DF7-8D41-D18EB4E80C77} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.)
Task: {BAED0B43-C7FD-4F51-99E9-B4B715DEEF9B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-14] (Google Inc.)
Task: {CCCC9772-C1C8-45F2-B88E-B4858EEC6214} - System32\Tasks\PMTask => C:\PROGRA~2\ThinkPad\UTILIT~1\PwmIdTsv.exe [2012-05-01] (Lenovo Group Limited)
Task: {DDE3ED18-F3E6-4086-9531-187BD9B67448} - System32\Tasks\Microsoft\Windows\MobilePC\DisplayLink TMM Control
Task: {FBE24E33-4F11-43C3-A82D-ED5B276D9BFC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\WSCStub.exe [2013-02-02] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-07-14 15:42 - 2012-01-31 23:44 - 09598976 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2012-08-16 06:51 - 2012-08-16 06:51 - 06670496 _____ (Microsoft Corporation) C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
2013-01-01 22:00 - 2013-01-01 22:00 - 00176456 _____ (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895\ATL90.DLL
2011-03-17 01:07 - 2011-03-17 01:07 - 04297568 _____ () C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
2010-10-20 16:23 - 2010-10-20 16:23 - 08801632 _____ () C:\PROGRA~1\MICROS~1\Office14\1033\GrooveIntlResource.dll
2012-04-09 17:02 - 2012-04-09 17:02 - 00463952 _____ (SugarSync, Inc.) C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll
2012-07-14 15:45 - 2012-05-01 17:30 - 05940288 ____N (Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL
2012-07-14 15:45 - 2012-05-01 17:30 - 00093696 ____N () C:\PROGRA~2\ThinkPad\UTILIT~1\US\PWMRT64V.DLL
2012-07-14 15:45 - 2012-05-01 17:30 - 04044352 ____N (Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\PWMIF64V.Dll
2012-07-14 15:43 - 2012-01-31 22:40 - 00028672 _____ (Intel Corporation) C:\Windows\system32\IGFXEXPS.DLL
2011-12-29 01:48 - 2011-12-29 01:48 - 00023616 _____ (Lenovo.) C:\Windows\system32\Sensor64.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fdproxy.dll
2009-07-13 19:57 - 2009-07-13 21:41 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2009-07-13 20:40 - 2009-07-13 21:41 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2009-07-13 20:40 - 2009-07-13 21:41 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 01050624 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2010-11-20 23:23 - 2010-11-20 23:23 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2012-07-14 15:43 - 2012-01-31 22:40 - 00386048 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2012-07-14 15:42 - 2012-01-31 22:39 - 00110592 _____ (Intel Corporation) C:\Windows\system32\hccutils.DLL
2012-07-14 15:43 - 2012-01-31 22:38 - 00286208 _____ (Intel Corporation) C:\Windows\system32\igfxrENU.lrc
2012-07-14 15:43 - 2012-01-31 22:40 - 00063488 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2012-07-14 15:43 - 2012-01-31 22:39 - 00430080 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2013-02-05 19:45 - 2012-06-15 22:31 - 01033680 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\19.9.1.14\ccL110U.dll
2013-02-05 19:45 - 2012-06-15 22:24 - 00113616 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\19.9.1.14\ccVrTrst.dll
2013-02-05 19:45 - 2012-05-21 21:37 - 00113104 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\19.9.1.14\EFACli64.dll
2013-02-05 19:45 - 2012-06-15 22:24 - 00469456 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\19.9.1.14\ccSet.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\SPPC.DLL
2012-07-14 15:28 - 2012-02-09 06:54 - 00422672 _____ (Synaptics Incorporated) C:\Windows\system32\SynCOM.dll
2012-07-14 15:28 - 2012-02-09 06:54 - 00229648 _____ (Synaptics Incorporated) C:\Windows\system32\SynTPAPI.dll
2012-07-14 15:28 - 2012-02-09 06:54 - 00060688 _____ (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2012-07-14 15:42 - 2010-11-03 05:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2012-07-14 15:42 - 2012-03-19 21:47 - 03608680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2012-07-14 15:42 - 2012-01-31 22:39 - 00110592 _____ (Intel Corporation) C:\Windows\System32\hccutils.DLL
2012-07-14 15:43 - 2012-01-31 22:38 - 09007616 _____ (Intel Corporation) C:\Windows\System32\igfxress.dll
2012-07-14 15:42 - 2012-01-31 22:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-02-17 11:07 - 2012-02-17 11:07 - 00246336 _____ (Lenovo.) C:\Program Files\ThinkPad\TpShocks\MUI\0409\TpShocks.dll
2011-12-29 01:48 - 2011-12-29 01:48 - 00023616 _____ (Lenovo.) C:\Windows\System32\Sensor64.dll
2013-07-09 15:32 - 2013-04-23 18:56 - 09991832 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorwks.dll
2013-07-10 03:31 - 2013-07-10 03:31 - 15577088 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\mscorlib\88744044294787b99dd4a8704ab75a79\mscorlib.ni.dll
2009-07-13 16:37 - 2009-06-10 16:39 - 00085312 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsec.dll
2013-01-12 04:13 - 2012-10-05 06:52 - 01574496 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorjit.dll
2013-08-15 03:26 - 2013-08-15 03:26 - 10655744 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System\af0a0b96a02f9925eb84392ee65a5cfa\System.ni.dll
2013-08-15 03:26 - 2013-08-15 03:26 - 04962816 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\WindowsBase\ae3db946d20bb0ad28cf588eef06ecf0\WindowsBase.ni.dll
2013-08-15 03:27 - 2013-08-15 03:27 - 16542720 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationCore\455f1bf19319ef1c59b3e0c1e45c1c9c\PresentationCore.ni.dll
2013-08-15 03:27 - 2013-08-15 03:27 - 19197952 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\PresentationFramewo#\90ad207864957bd667f551bdd1c39ada\PresentationFramework.ni.dll
2013-07-09 15:31 - 2013-04-19 18:54 - 02256032 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\wpfgfx_v0300.dll
2011-12-20 20:01 - 2011-12-20 20:01 - 01079648 _____ (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4c.dll
2013-08-15 03:30 - 2013-08-15 03:30 - 03315712 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Core\296ad113496c7e97a1689ffef9550b19\System.Core.ni.dll
2011-12-20 20:01 - 2011-12-20 20:01 - 00034656 _____ (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\Dolby.Interop.dll
2012-07-14 15:42 - 2011-12-15 00:16 - 00120160 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2013-08-15 03:26 - 2013-08-15 03:26 - 01320448 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Configuration\1031b311ee568364d4ca1c4db634eaf0\System.Configuration.ni.dll
2013-08-15 03:26 - 2013-08-15 03:26 - 06964736 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Xml\3975acf49313ceea1280da91f0383480\System.Xml.ni.dll
2011-12-20 20:00 - 2011-12-20 20:00 - 00018784 _____ (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Advanced Audio v2\en-US\pcee4c.resources.dll
2013-08-15 03:27 - 2013-08-15 03:27 - 02320384 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Drawing\868d117286ad259249f31d3fe813d39a\System.Drawing.ni.dll
2013-08-15 03:27 - 2013-08-15 03:27 - 17383424 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Windows.Forms\95674cb72317e3a5380ea450b913786f\System.Windows.Forms.ni.dll
2012-07-14 15:45 - 2012-05-01 17:30 - 05940288 ____N (Lenovo Group Limited) C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL
2012-07-14 15:45 - 2012-05-01 17:30 - 00135456 ____N (Lenovo Japan) C:\PROGRA~2\ThinkPad\UTILIT~1\ATM64.DLL
2012-07-14 15:40 - 2012-02-20 23:08 - 00021784 _____ ( ) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\AMT_COM_InterfaceLib.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00299008 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\zh-TW\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\fr-FR\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00311296 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\ja-JP\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\de-DE\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00319488 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\ru-RU\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\it-IT\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\es-ES\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\pt-BR\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\ko-KR\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00299008 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\zh-CN\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00311296 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\ar-SA\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\cs-CZ\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\da-DK\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00327680 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\el-GR\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\fi-FI\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\he-IL\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\hu-HU\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\nl-NL\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\nb-NO\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:07 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\pl-PL\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\pt-PT\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00307200 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\sk-SK\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\sl-SI\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\sv-SE\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00331776 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\th-TH\PrivacyIconClient.resources.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00303104 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\tr-TR\PrivacyIconClient.resources.dll
2013-08-15 03:32 - 2013-08-15 03:32 - 01472000 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_64\System.Management\7e1a0f53a8580321c5902b6867c3f7da\System.Management.ni.dll
2012-07-14 15:40 - 2012-02-20 23:08 - 00506648 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\AMT_SW_GUI.dll
2010-11-20 23:23 - 2010-11-20 23:23 - 00042328 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\wminet_utils.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00132968 _____ (Apple Inc.) C:\Program Files\Bonjour\mdnsNSP.dll
2012-07-14 15:46 - 2012-05-08 20:27 - 00088912 _____ (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CommFunc.dll
2012-07-14 15:46 - 2012-05-08 20:27 - 00051536 _____ (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamDll.dll
2012-07-14 15:46 - 2012-05-08 20:28 - 00010576 _____ (Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\tpknrdll.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2012-07-14 15:40 - 2012-02-07 17:46 - 00184320 _____ (Ricoh co.,Ltd.) C:\Windows\system32\5U877.ax
2010-11-20 23:24 - 2010-11-20 23:24 - 00107008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kswdmcap.ax
2009-09-23 23:42 - 2009-09-23 23:42 - 00205824 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
2009-09-23 23:42 - 2009-09-23 23:42 - 00048128 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-09-23 23:42 - 2009-09-23 23:42 - 00150528 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
2010-01-08 20:32 - 2010-01-08 20:32 - 00538112 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
2010-01-08 20:32 - 2010-01-08 20:32 - 00015360 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
2010-01-08 20:32 - 2010-01-08 20:32 - 00274432 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
2009-05-21 21:05 - 2009-05-21 21:05 - 00326144 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
2009-05-21 21:09 - 2009-05-21 21:09 - 00338432 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
2009-09-23 23:42 - 2009-09-23 23:42 - 00293376 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcob08.dll
2009-09-23 23:11 - 2009-09-23 23:11 - 01170944 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpodio08.dll
2009-09-23 23:28 - 2009-09-23 23:28 - 00049664 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
2009-09-23 23:28 - 2009-09-23 23:28 - 00213504 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
2009-05-21 21:09 - 2009-05-21 21:09 - 00554496 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
2013-01-01 22:00 - 2013-01-01 22:00 - 00159048 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.DLL
2010-08-06 11:15 - 2010-08-06 11:15 - 00054784 _____ (Hewlett-Packard) C:\Windows\system32\hpzipr12.dll
2009-05-21 21:05 - 2009-05-21 21:05 - 00097280 _____ (Hewlett Packard) C:\Program Files (x86)\HP\Digital Imaging\Product Assistant\bin\hprbevst.dll
2009-09-23 23:42 - 2009-09-23 23:42 - 00124416 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxm08.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00121704 _____ (Apple Inc.) C:\Program Files (x86)\Bonjour\mdnsNSP.dll
2010-08-06 11:15 - 2010-08-06 11:15 - 00079872 _____ (Hewlett-Packard) C:\Windows\system32\hpzidr12.dll
2012-07-06 07:43 - 2012-07-06 07:43 - 00284160 _____ (Evernote Corporation) C:\Program Files (x86)\Evernote\Evernote\encrashrep.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00433664 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00258048 _____ (Evernote Corporation, 333 West Evelyn Avenue, Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\LibPCRE.dll
2012-09-08 13:16 - 2012-09-08 13:16 - 00315392 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2012-07-14 15:40 - 2012-02-26 13:59 - 00073728 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2012-12-28 16:12 - 2012-10-16 03:39 - 00561664 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcLayers.DLL
2013-08-14 08:47 - 2013-07-09 00:45 - 00044032 _____ (Microsoft Corporation) C:\Windows\AppPatch\AcWow64.DLL
2012-12-12 14:57 - 2012-12-12 14:57 - 00148960 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01079184 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00053648 _____ (Open Source Software community project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00124816 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00043408 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01292136 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00923496 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 16303976 _____ (The ICU Project) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00075664 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
2012-12-12 14:57 - 2012-12-12 14:57 - 00041440 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
2012-12-12 14:57 - 2012-12-12 14:57 - 00040416 _____ (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
2012-08-11 17:43 - 2012-08-11 17:43 - 01447824 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 02463632 _____ (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 00456592 _____ (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-31 00:05 - 2011-08-31 00:05 - 00085864 _____ (Apple Inc.) C:\Windows\system32\dnssd.dll
2012-12-26 23:37 - 2013-04-04 14:50 - 00527944 _____ (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
2012-12-26 23:37 - 2013-04-04 14:50 - 02191944 _____ (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
2012-03-27 01:53 - 2011-06-27 23:56 - 00125288 _____ (Lenovo Group Limited) C:\PROGRA~1\Lenovo\HOTKEY\enlpu32.dll
2009-09-23 23:11 - 2009-09-23 23:11 - 00485888 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwso08.dll
2009-09-23 23:11 - 2009-09-23 23:11 - 00307712 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsti08.dll
2009-05-21 19:57 - 2009-05-21 19:57 - 00040960 _____ (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpb01.dll
2009-09-23 23:11 - 2009-09-23 23:11 - 00285184 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.dll
2009-09-23 23:11 - 2009-09-23 23:11 - 00012288 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2009-09-23 23:11 - 2009-09-23 23:11 - 00203776 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqssm08.dll
2009-09-23 23:11 - 2009-09-23 23:11 - 00922112 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2009-09-23 23:11 - 2009-09-23 23:11 - 00057856 _____ (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSplh08.dll
2013-01-01 22:00 - 2013-01-01 22:00 - 03781960 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll
2013-01-01 22:00 - 2013-01-01 22:00 - 00053584 _____ (Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90ENU.DLL
2010-02-28 03:13 - 2010-02-28 03:13 - 00049024 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
2009-05-21 19:57 - 2009-05-21 19:57 - 00038912 _____ (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpreh.dll
2013-02-05 19:45 - 2012-06-15 22:31 - 00678352 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccL110U.dll
2013-02-05 19:45 - 2012-06-15 22:24 - 00085456 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccVrTrst.dll
2013-02-05 19:45 - 2012-05-21 21:37 - 00085968 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\EFACli.dll
2013-02-05 19:45 - 2012-06-15 22:24 - 00146896 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvc.dll
2013-02-05 19:45 - 2012-07-05 22:17 - 00419808 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\srtsp32.dll
2013-02-05 19:45 - 2012-06-15 22:24 - 00161232 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccIPC.dll
2013-02-05 19:45 - 2013-02-02 00:18 - 00419664 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\NPCTRAY.DLL
2013-02-05 19:45 - 2013-02-02 00:18 - 00698704 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\NPCStats.dll
2013-02-05 19:45 - 2012-06-15 22:24 - 00323024 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSet.dll
2013-02-05 19:45 - 2013-02-02 00:18 - 01222480 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\isDataPr.dll
2013-02-05 19:45 - 2012-09-04 14:09 - 00365040 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\cltPE.dll
2013-02-05 19:45 - 2013-02-02 00:18 - 00430928 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\ASHELPER.DLL
2013-02-05 19:45 - 2011-12-12 01:38 - 02760120 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\SYMHTML.DLL
2013-02-05 19:45 - 2013-02-02 00:18 - 00409936 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\naHelper.dll
2013-02-05 19:45 - 2012-09-04 14:09 - 00790512 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\cltLMS.dll
2013-02-05 19:45 - 2013-02-02 00:18 - 00413520 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\ASOEHOOK.DLL
2013-02-05 19:45 - 2013-02-01 18:17 - 00718232 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coDataPr.dll
2013-02-05 19:45 - 2013-02-01 18:17 - 00881560 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coShdObj.dll
2013-02-05 19:45 - 2013-02-02 00:18 - 00419152 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\AVPAPP32.DLL
2013-02-05 19:45 - 2012-06-15 22:24 - 00396752 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\CCJOBMGR.DLL
2013-02-05 19:45 - 2013-02-02 00:18 - 00473424 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\AVIfc.dll
2013-02-05 19:45 - 2013-02-01 18:17 - 01354648 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\COACTMGR.DLL
2013-02-05 19:45 - 2012-06-15 22:24 - 00292816 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccGEvt.dll
2013-02-05 19:45 - 2012-04-12 23:41 - 00296376 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\diStRptr.dll
2013-02-05 19:45 - 2012-05-25 17:10 - 00754072 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\DataStor.dll
2013-02-05 19:45 - 2012-05-25 17:10 - 00752024 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\Comm.dll
2013-02-05 19:45 - 2012-09-04 14:09 - 01556464 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\CLTALDIS.DLL
2013-02-05 19:45 - 2012-09-04 14:09 - 00962544 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\MUI\19.9.1.14\09\01\cltRes.loc
2013-02-05 19:45 - 2013-02-02 00:18 - 00370512 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\FWSESAL.DLL
2013-02-05 19:45 - 2013-02-02 00:18 - 00159568 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\QSPLUGIN.DLL
2013-02-05 19:45 - 2012-03-09 08:38 - 00169912 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\SDKCMN.DLL
2013-02-05 19:45 - 2013-02-02 00:18 - 00731984 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\UIALERT.DLL
2013-02-05 19:45 - 2012-05-25 17:10 - 00052120 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\19.9.1.14\USERCTXT.DLL
2013-02-05 19:45 - 2013-02-02 00:18 - 00317776 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\AvScnTsk.dll
2011-06-11 04:15 - 2011-06-11 04:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\system32\MSVCR100.dll
2011-06-11 04:15 - 2011-06-11 04:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\system32\MSVCP100.dll
2012-07-14 15:41 - 2012-02-20 23:21 - 00045336 _____ (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\JHI.dll
2012-04-19 03:15 - 2012-04-19 03:15 - 00087640 _____ () C:\Program Files (x86)\Symantec\VIP Access Client\JSON.dll
2013-07-09 15:32 - 2013-04-23 18:57 - 05932696 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
2013-07-10 03:34 - 2013-07-10 03:34 - 11499520 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
2013-01-12 04:13 - 2012-10-05 06:53 - 00364656 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 07989760 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 01593344 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 12436480 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 00978432 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 05464064 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
2009-07-13 19:50 - 2009-07-13 21:32 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\security.dll
2013-09-02 19:45 - 2013-08-26 14:30 - 02740696 _____ () c:\progra~2\optimi~1\optpro~1.dll
2009-07-13 16:46 - 2009-06-10 17:23 - 00074064 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00033048 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00055576 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00149784 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2007-05-11 22:09 - 2007-05-11 22:09 - 00218536 _____ (Microsoft Corporation) C:\Users\Fran\AppData\Local\Smartbar\Application\Microsoft.Practices.EnterpriseLibrary.Logging.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00111896 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00044824 _____ (Smartbar) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettingsAutoUpdater.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 01765144 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00078104 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00016664 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Personalization.Settings.UserSettingsManager.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00035608 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.Base.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00012568 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00725272 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00100632 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessEntities.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00059160 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00178456 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.SetBrowsersSettings.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00081176 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00013592 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00016152 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00019736 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00025368 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll
2013-08-15 03:36 - 2013-08-15 03:36 - 01051136 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9a1bc983c28c695729b3e46acdc6933e\System.Management.ni.dll
2010-11-20 23:23 - 2010-11-20 23:23 - 00032088 _____ (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v2.0.50727\wminet_utils.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 01840640 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\d23f99753f2703d5b8f68e558ca3e85c\System.Web.Services.ni.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00028952 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.DefaultBrowser.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00014104 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ShareManagerLocalPlugin.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00053528 _____ (Microsoft) C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00057112 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2013-09-02 19:45 - 2013-09-02 19:45 - 00145688 _____ ( ) C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
2012-12-28 15:58 - 2012-12-28 15:58 - 08007680 _____ ( ) C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00013592 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00014104 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00051480 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2013-07-10 03:41 - 2013-07-10 03:41 - 00220672 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\de6ee26de5e4f343509de7e92ab48ba6\CustomMarshalers.ni.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
2013-08-26 17:47 - 2013-08-26 17:47 - 00047384 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00025368 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2013-08-26 17:48 - 2013-08-26 17:48 - 00245528 _____ () C:\Users\Fran\AppData\Local\Smartbar\Application\Smartbar.Resources.NetSeer.dll
2013-09-02 19:45 - 2013-09-02 19:45 - 00911128 _____ () C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 06611456 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\da8cdc615b6825dd263004e8d3adcda9\System.Data.ni.dll
2010-11-20 23:24 - 2010-11-20 23:24 - 02927616 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 00627200 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4ada2213cefea889a5ed6e2fb6839b93\System.Transactions.ni.dll
2009-07-13 16:46 - 2009-06-10 17:23 - 00261632 _____ (Microsoft Corporation) C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
2013-08-15 03:29 - 2013-08-15 03:29 - 00628224 _____ (Microsoft Corporation) C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\5970036570c1e44e8ae0f6f94c1039aa\System.EnterpriseServices.ni.dll
2013-08-29 08:34 - 2013-08-24 13:48 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\icudt.dll
2012-07-14 15:48 - 2007-04-04 21:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2012-08-16 06:43 - 2012-08-16 06:43 - 04171424 _____ (Microsoft Corporation) C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
2011-03-17 01:11 - 2011-03-17 01:11 - 04297568 _____ () C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
2010-10-20 16:45 - 2010-10-20 16:45 - 08801120 _____ () C:\PROGRA~2\MICROS~3\Office14\1033\GrooveIntlResource.dll
2013-08-29 08:34 - 2013-08-24 12:07 - 03231688 _____ (Microsoft Corporation) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\D3DCompiler_46.dll
2013-08-29 08:34 - 2013-08-24 13:49 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libglesv2.dll
2013-08-29 08:34 - 2013-08-24 13:49 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\libegl.dll
2013-08-29 08:34 - 2013-08-24 13:49 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll
2013-08-29 08:34 - 2013-08-24 13:49 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll
2013-08-29 08:34 - 2013-08-24 13:48 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ffmpegsumo.dll
2013-08-29 08:34 - 2013-08-24 13:49 - 13594064 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
 
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/02/2013 03:40:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056
 
Error: (09/02/2013 03:40:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4056
 
Error: (09/02/2013 03:40:13 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/02/2013 03:40:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (09/02/2013 03:40:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (09/02/2013 03:40:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/02/2013 03:40:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error: (09/02/2013 03:40:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
 
Error: (09/02/2013 03:40:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/02/2013 03:40:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
 
System errors:
=============
Error: (09/02/2013 03:05:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.157.758.0).
 
Error: (09/02/2013 09:36:47 AM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%5
 
Error: (09/02/2013 09:33:45 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:15:00 PM on ‎9/‎1/‎2013 was unexpected.
 
Error: (09/01/2013 09:09:46 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%5
 
Error: (09/01/2013 09:08:30 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070420
 
Error: (09/01/2013 08:16:04 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
 
Error: (09/01/2013 08:15:19 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%5
 
Error: (09/01/2013 08:05:54 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%5
 
Error: (09/01/2013 07:53:14 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%5
 
Error: (09/01/2013 06:52:55 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (09/02/2013 03:40:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4056
 
Error: (09/02/2013 03:40:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4056
 
Error: (09/02/2013 03:40:13 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/02/2013 03:40:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error: (09/02/2013 03:40:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
 
Error: (09/02/2013 03:40:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/02/2013 03:40:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2013
 
Error: (09/02/2013 03:40:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2013
 
Error: (09/02/2013 03:40:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/02/2013 03:40:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-05-01 07:53:50.190
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:50.150
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:50.070
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:49.990
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:49.920
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:49.860
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:49.800
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:49.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:49.430
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2013-05-01 07:53:49.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 56%
Total physical RAM: 3819.96 MB
Available physical RAM: 1672.67 MB
Total Pagefile: 7638.11 MB
Available Pagefile: 5012.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (Windows7_OS) (Fixed) (Total:450.62 GB) (Free:391.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:13.67 GB) (Free:2.22 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 59C497F2)
Partition 1: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-09-2013 06

Ran by Fran at 2013-09-02 20:49:34 Run:1

Running from C:\Users\Fran\Downloads

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKCU\...\Run: [Google Update*] -  

U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\   \...\???\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}\GoogleUpdate.exe" 

C:\Windows\assembly\GAC_32\Desktop.ini

C:\Windows\assembly\GAC_64\Desktop.ini

C:\Users\Fran\AppData\Local\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}

C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5}

DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

*****************

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.

*etadpug => Service deleted successfully.

C:\Windows\assembly\GAC_32\Desktop.ini => Moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini => Moved successfully.

C:\Users\Fran\AppData\Local\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5} => Moved successfully.

C:\Program Files (x86)\Google\Desktop\Install\{b8b1c585-fe99-9d8d-a5f8-49dc720476b5} => Moved successfully.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

 

==== End of Fixlog ====

Link to post
Share on other sites

Ran malwarebytes anti rootkit it said it detected 2 threats so I did the cleanup then restarted. Ran another scan which said all was clean. Tried to copy and send the logs to you and now I cannot use google chrome. It is telling me the proxy server isn't working. I am connected to the Internet. So I ran the fix damage.exe and that was fine but still cannot use my laptop to sign into anything.

Link to post
Share on other sites

Finally got it to work

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org
 
Database version: v2013.09.02.09
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Fran :: FRAN-THINK [administrator]
 
9/2/2013 11:05:48 PM
mbar-log-2013-09-02 (23-05-48).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 252182
Time elapsed: 7 minute(s), 43 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
Link to post
Share on other sites

here is the txt

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 1765494784
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 1804972032
 
=======================================
Initializing...
------------ Kernel report ------------
     09/02/2013 20:55:37
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\DRIVERS\Fastboot.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\tvtvcamd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130124.001\IDSvia64.sys
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006978060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005720050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006979a00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa80069789f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006979040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa8006817b20, DeviceName: Unknown, DriverName: \Driver\Fastboot\
DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800571ae40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005720050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59C497F2
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 945025024
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 948099072  Numsec = 28672000
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 1737035776
 
Downloaded database version: v2013.09.02.09
Downloaded database version: v2013.08.06.01
=======================================
Initializing...
------------ Kernel report ------------
     09/02/2013 21:05:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\DRIVERS\Fastboot.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\tvtvcamd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130124.001\IDSvia64.sys
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\DRIVERS\asyncmac.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\msvcrt.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\difxapi.dll
\Windows\System32\oleaut32.dll
\Windows\System32\urlmon.dll
\Windows\System32\nsi.dll
\Windows\System32\imm32.dll
\Windows\System32\kernel32.dll
\Windows\System32\normaliz.dll
\Windows\System32\wininet.dll
\Windows\System32\ole32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\setupapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\usp10.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msctf.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\lpk.dll
\Windows\System32\shell32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006978060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005720050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006979a00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa80069789f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006979040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa8006817b20, DeviceName: Unknown, DriverName: \Driver\Fastboot\
DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800571ae40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005720050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59C497F2
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 945025024
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 948099072  Numsec = 28672000
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: C:\Users\Fran\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AUZAYEK7\checker_20130826[1].exe --> [Trojan.Downloader.Agent]
Infected: C:\Users\Fran\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V2S1E0L9\SolidSavings_20130826[1].exe --> [Adware.Packed.Ranver]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 2260824064
 
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 2394099712
 
Initializing...
======================
------------ Kernel report ------------
     09/02/2013 21:18:34
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\DRIVERS\Fastboot.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\tvtvcamd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130124.001\IDSvia64.sys
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\imm32.dll
\Windows\System32\advapi32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\lpk.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ole32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\psapi.dll
\Windows\System32\msctf.dll
\Windows\System32\clbcatq.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\wininet.dll
\Windows\System32\gdi32.dll
\Windows\System32\sechost.dll
\Windows\System32\comdlg32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\setupapi.dll
\Windows\System32\urlmon.dll
\Windows\System32\normaliz.dll
\Windows\System32\msvcrt.dll
\Windows\System32\shell32.dll
\Windows\System32\wintrust.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\KernelBase.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\comctl32.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800695b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8005704050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800695b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800695ca00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa80067fda40, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800695c040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa800695bd60, DeviceName: Unknown, DriverName: \Driver\Fastboot\
DevicePointer: 0xfffffa800695b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80056ff8b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8005704050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59C497F2
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 945025024
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 948099072  Numsec = 28672000
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Non-administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 2149937152
 
=======================================
Initializing...
------------ Kernel report ------------
     09/02/2013 21:38:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\DRIVERS\Fastboot.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\tvtvcamd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006978060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80044e4050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006979a00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa80045dd9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006979040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa8006978d60, DeviceName: Unknown, DriverName: \Driver\Fastboot\
DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80036c4e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80044e4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59C497F2
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 945025024
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 948099072  Numsec = 28672000
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 2038202368
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 10.0.9200.16660
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 4005519360, free: 2043277312
 
=======================================
Initializing...
------------ Kernel report ------------
     09/02/2013 23:05:45
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\DRIVERS\Fastboot.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\DRIVERS\DzHDD64.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\DRIVERS\ApsHM64.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\DRIVERS\Apsx64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\Program Files\Lenovo\RapidBoot\PHCORE64.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\System32\drivers\Tppwr64v.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\e1c62x64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\risdxc64.sys
\SystemRoot\system32\DRIVERS\NETwNs64.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\ibmpmdrv.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\dsNcAdpt.sys
\SystemRoot\system32\DRIVERS\tvtvcamd.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\psadd.sys
\SystemRoot\system32\DRIVERS\Tvti2c.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\iwdbus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\5U877.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130124.001\IDSvia64.sys
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\SRTSPX64.SYS
\SystemRoot\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS
\SystemRoot\system32\drivers\NISx64\1309010.00E\Ironx64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130116.013\BHDrvx64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\ole32.dll
\Windows\System32\sechost.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\setupapi.dll
\Windows\System32\psapi.dll
\Windows\System32\advapi32.dll
\Windows\System32\gdi32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\kernel32.dll
\Windows\System32\comdlg32.dll
\Windows\System32\wininet.dll
\Windows\System32\imm32.dll
\Windows\System32\normaliz.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\iertutil.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\nsi.dll
\Windows\System32\user32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\crypt32.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\KernelBase.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8006978060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80044e4050
Lower Device Driver Name: \Driver\iaStor\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8006979a00, DeviceName: \Device\DozeHDD0\, DriverName: \Driver\DzHDD64\
DevicePointer: 0xfffffa80045dd9f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8006979040, DeviceName: Unknown, DriverName: \Driver\Shockprf\
DevicePointer: 0xfffffa8006978d60, DeviceName: Unknown, DriverName: \Driver\Fastboot\
DevicePointer: 0xfffffa8006978060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80036c4e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80044e4050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 59C497F2
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 945025024
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 948099072  Numsec = 28672000
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...
Removal finished
Link to post
Share on other sites

Ok here it is

 

RogueKiller V8.6.9 _x64_ [sep  3 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Fran [Admin rights]
Mode : Scan -- Date : 09/03/2013 13:39:32
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 4 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:56777;hxxps=127.0.0.1:56777) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][Folder] Install : C:\Users\Fran\AppData\Local\Google\Desktop\Install [-] --> FOUND
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection : ZeroAccess ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: HITACHI HTS725050A7E630 +++++
--- User ---
[MBR] bf50300cc74cbb7727c0de1d493acd09
[bSP] 4d5435361d28d51a2982dc58772d43b9 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] b52b80e7851f1a5c01708703cfebeb54
[bSP] 2d4020102160183d417311fc9bcb8c66 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461438 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 948099072 | Size: 14000 Mo
 
Finished : << RKreport[0]_S_09032013_133932.txt >>
RKreport[0]_S_09022013_142104.txt
Link to post
Share on other sites

How did you get it fixed????

It wasn't the proxy because it's still there:

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (hxxp=127.0.0.1:56777;hxxps=127.0.0.1:56777) -> FOUND

-----------------------------------

Run RogueKiller again and click Scan
When the scan completes > click on the Files tab
Put a check next to all of these and uncheck the rest: (if found)
 

[ZeroAccess][Folder] Install : C:\Users\Fran\AppData\Local\Google\Desktop\Install [-] --> FOUND


Now click Delete on the right hand column under Options

-------------------------------------------

Let me know how the computer is running.....MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.