Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Advice needed


  • This topic is locked This topic is locked
33 replies to this topic

#1 hophop000

hophop000

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 20 November 2013 - 08:51 AM

Hi,

 

I have Immunet installed and it keeps picking up threats in the form of *.tmp files that are appearing all over the place, in different application folders and app data folders.

 

I tried to use the DDS tool as suggested but i get an error when running it, saying it is not meant to be run in compatibility mode. (I am running Windows 8).  So I used HijackThis instead, please find my log attached.

 

Any help would be appreciated.

 

Thank You

Hop

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,760 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:51 AM

Posted 25 November 2013 - 10:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514800 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 25 November 2013 - 12:59 PM

Ok, so i tried dds again, does not work, I get a compatibility error (I attached a screenshot).

 

Screenshot%20007.jpg

 

I have also attached some screens of the *.tmp file trojans that keep appearing on my system, constantly over the past few days despite many antivirus/malware scans by many different programs.

 

Screenshot%20001.jpg

 

Screenshot%20002.jpg

 

Screenshot%20003.jpg

 

 

Screenshot%20004.jpg

 

Screenshot%20005.jpg

 

Screenshot%20006.jpg

 

I will attach Hijackthis log too.

 

Sorry for the bombardment of images, I just want to make my issue as clear as possible.

 

Thanks

Attached Files



#4 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 25 November 2013 - 01:10 PM

Here are 3 more that are not in a *.tmp file

 

Screenshot%20008.jpg

 

Screenshot%20009.jpg

 

Screenshot%20010.jpg



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 PM

Posted 25 November 2013 - 01:12 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Many of the tools we suggest are not compatible with Windows 8.1

Try these for now.

Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Please paste the logs in your next reply, DO NOT ATTACH THEM
Let me know what problem persists.

#6 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 25 November 2013 - 01:39 PM

Hi nasdaq,

 

Thank you for your time.

 

I actually ran these scans the other day, followed my a Malwarebytes scan and then a Hitman Pro scan.

 

Here are the logs from today's scan:

 

adwcleaner

 

# AdwCleaner v3.013 - Report created 25/11/2013 at 18:23:43
# Updated 24/11/2013 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : marka_000 - MARK-LAPTOP
# Running from : C:\Users\marka_000\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\imark_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1860 octets] - [23/11/2013 22:12:49]
AdwCleaner[R1].txt - [1235 octets] - [25/11/2013 18:22:29]
AdwCleaner[S0].txt - [1824 octets] - [23/11/2013 22:14:30]
AdwCleaner[S1].txt - [1158 octets] - [25/11/2013 18:23:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1218 octets] ##########
 

 

 

jrt

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 Pro x64
Ran by marka_000 on 25/11/2013 at 18:26:41.68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\marka_000\AppData\Roaming\mozilla\firefox\profiles\zavr3e40.default\prefs.js

user_pref("extensions.fvd_sync.bookmarks.changes", "{\"removedIds\":[\"CmqlFJ1pU0FyrFC6Oy6RPbTthUuvmEMJ\",\"plAvJlhWq4ONxXdZFOEaJhDLN80VsBgq\",\"DvsVL5DBfCF1hIT6RLX0BXiTE8nqHD



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/11/2013 at 18:33:52.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

I will try to find the logs from my previous scans.

 

Thanks



#7 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 25 November 2013 - 01:43 PM

OK, these are from the 23rd:

 

 

Adwcleaner [R0]

 

# AdwCleaner v3.012 - Report created 23/11/2013 at 22:12:49
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : marka_000 - MARK-LAPTOP
# Running from : C:\Users\marka_000\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\imark_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Found : C:\Users\imark_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal
File Found : C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\searchplugins\safesearch.xml
Folder Found : C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
Folder Found C:\Users\marka_000\AppData\Local\Zoom_Downloader

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\imark_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1716 octets] - [23/11/2013 22:12:49]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1776 octets] ##########
 

 

 

 

AdwCleaner [S0]

 

# AdwCleaner v3.012 - Report created 23/11/2013 at 22:14:30
# Updated 11/11/2013 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : marka_000 - MARK-LAPTOP
# Running from : C:\Users\marka_000\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\marka_000\AppData\Local\Zoom_Downloader
Folder Deleted : C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna
File Deleted : C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\searchplugins\safesearch.xml
File Deleted : C:\Users\imark_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage
File Deleted : C:\Users\imark_000\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16384


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\prefs.js ]


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\imark_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1860 octets] - [23/11/2013 22:12:49]
AdwCleaner[S0].txt - [1684 octets] - [23/11/2013 22:14:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1744 octets] ##########
 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8.1 Pro x64
Ran by marka_000 on 23/11/2013 at 22:19:45.71
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\marka_000\AppData\Roaming\mozilla\firefox\profiles\zavr3e40.default\prefs.js

user_pref("extensions.fvd_sync.bookmarks.changes", "{\"removedIds\":[\"CmqlFJ1pU0FyrFC6Oy6RPbTthUuvmEMJ\",\"plAvJlhWq4ONxXdZFOEaJhDLN80VsBgq\",\"DvsVL5DBfCF1hIT6RLX0BXiTE8nqHD
user_pref("extensions.lastpass.3d0a17d4c8a46a4f9e5759afcaf66b9a16b61760d8cea9b0bd0280681ed97c02.searchforsiteswithinaddressbar", true);



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/11/2013 at 22:26:09.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Hope this helps.

 

Thank you again.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 PM

Posted 26 November 2013 - 07:53 AM

It's unfortunate that the DDS and ComboFix are not presently ready for Windows 8.1

The last two I suggested are working OK.

Now try this one.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

#9 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 26 November 2013 - 08:33 AM

I am still getting them.

 

Screenshot%20011.jpg

 

Screenshot%20012.jpg

 

What do i do now?

 

Thanks

 

*EDIT* Sorry just saw your last message, will do that now.


Edited by hophop000, 26 November 2013 - 08:44 AM.


#10 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 26 November 2013 - 08:45 AM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-11-2013 01
Ran by marka_000 (administrator) on MARK-LAPTOP on 26-11-2013 13:35:33
Running from C:\Users\marka_000\Desktop
Windows 8.1 Pro (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AuthenTec, Inc) C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Sourcefire, Inc.) C:\Program Files\Immunet\3.0.12\agent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Immunet) C:\Program Files\Immunet\3.0.12\iptray.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 4.0\EMET_Agent.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Yaletown Software Design Inc.) C:\Program Files (x86)\Bvckup\bvckup.exe
(Dropbox, Inc.) C:\Users\marka_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\Dock64.exe
(Stardock) C:\Program Files (x86)\Stardock\ObjectDock\ObjectDockTray.exe
(WinLaunch.bplaced.net) D:\Program Files\WinLaunch  x64 Portable\WinLaunch.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe
( New Softwares.net) C:\Program Files (x86)\NewSoftware's\Folder Lock\FLComServ.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
(MSI) C:\Program Files (x86)\SCM\Radio Manager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(PortableApps.com) D:\Program Files\PortableApps\PicPickPortable\PicPickPortable.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
(NTeWORKS) D:\Program Files\PortableApps\PicPickPortable\App\picpick\picpick.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Authentec) C:\Program Files\AuthenTec TrueSuite\KeepSafe\fvsvr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Piotr Pawlowski) C:\Program Files (x86)\foobar2000\foobar2000.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [StartupDelayer] - C:\Program Files\r2 Studios\Startup Delayer\Startup Launcher.exe [1083392 2013-10-03] (r2 Studios)
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4123 2012-05-30] ()
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [457728 2013-09-30] (Microsoft Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\marka_000\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64] - C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\marka_000\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64"
HKCU\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKLM-x32\...\Run: [] - [x]
HKU\UpdatusUser\...\Run: [GmailNotifierPro] - D:\Program Files\GmailNotifierPro Portable\GmailNotifierPro.exe [2827072 2013-10-17] (IntelliBreeze Software)
HKU\UpdatusUser\...\Run: [Lightscreen] - D:\Program Files\PortableApps\LightscreenPortable\App\Lightscreen\lightscreen.exe [563200 2010-03-17] ()
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
Startup: C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\marka_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

ProxyServer: 78.46.103.8:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\IEBHO.dll (AuthenTec Inc.)
BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\AuthenTec TrueSuite\x86\IEBHO.dll (AuthenTec Inc.)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
BHO-x32: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll (LastPass)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
DPF: HKLM-x32 {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default
FF NewTab: chrome://fvd.speeddial/content/fvd_about_blank.html
FF DefaultSearchEngine: Google UK - the web
FF SelectedSearchEngine: Google UK - the web
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\marka_000\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\marka_000\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\searchplugins\amazon-brit.xml
FF SearchPlugin: C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\searchplugins\ebay-couk.xml
FF SearchPlugin: C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\searchplugins\google-uk---the-web.xml
FF Extension: FoxyProxy Basic - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\foxyproxy@eric.h.jung
FF Extension: EverSync - Sync bookmarks, backup your favorites. - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\fvdmedia@gmail.com
FF Extension: FVD Speed Dial - New Tab Page - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\pavel.sherbakov@gmail.com
FF Extension: LastPass - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\support@lastpass.com
FF Extension: Flash and Video Download - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF Extension: artur.dubovoy - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\artur.dubovoy@gmail.com.xpi
FF Extension: brief - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\brief@mozdev.org.xpi
FF Extension: cutyfox - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\cutyfox@apps.metzweb.net.xpi
FF Extension: DuplicateInTabContext - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\DuplicateInTabContext@schuzak.jp.xpi
FF Extension: feca4b87-3be4-43da-a1b1-137c24220968 - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi
FF Extension: jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi
FF Extension: jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\jid0-k75TfRGfOXPHfEZmJ9cKu5eCgLc@jetpack.xpi
FF Extension: jid0-pJMJEntDZuwYnkFvfCcFQsgmvBY - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\jid0-pJMJEntDZuwYnkFvfCcFQsgmvBY@jetpack.xpi
FF Extension: jid0-raWjElI57dRa4jx9CCiYm5qZUQU - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\jid0-raWjElI57dRa4jx9CCiYm5qZUQU@jetpack.xpi
FF Extension: jid1-ASMu9YBkP688TA - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\jid1-ASMu9YBkP688TA@jetpack.xpi
FF Extension: rssicon - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\rssicon@jasnapaka.com.xpi
FF Extension: tiletabs - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\tiletabs@DW-dev.xpi
FF Extension: treestyletab - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\treestyletab@piro.sakura.ne.jp.xpi
FF Extension: undoclosedtabsbutton - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\undoclosedtabsbutton@supernova00.biz.xpi
FF Extension: flashgot - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: gmanager - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\{582195F5-92E7-40a0-A127-DB71295901D7}.xpi
FF Extension: Adblock Plus - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: downbarconfig - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: yoonoprefs - C:\Users\marka_000\AppData\Roaming\Mozilla\Firefox\Profiles\zavr3e40.default\Extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\

Chrome:
=======
CHR HomePage: https://sites.google.com/site/adfamspeeddial/
CHR RestoreOnStartup: "https://sites.google.com/site/adfamspeeddial/", "hxxp://mysearch.avg.com/?cid={715CF0A4-36C2-4FB3-8156-AAE922F80D00}&mid=fb29f3960df047d39d35d157cad195f9-24609393397a353f4890159589927ac7769911a3&lang=en&ds=st011&pr=sa&d=2013-09-12 22:24:28&v=15.4.0.5&pid=safeguard&sg=0&sap=hp"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Create PDF) - C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0\plugin/npWCChromeExtnStub.dll (Adobe Systems Inc.)
CHR Plugin: (NPLastPass) - C:\Users\marka_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0\nplastpass.dll (LastPass)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AdobeExManDetect) - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Bejeweled) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0
CHR Extension: (Send using Gmail\u2122 (no button)) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahldefgplekckalfcolhhnljbbgaiboc\1.13.1.13_0
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla\1.0.25_0
CHR Extension: (Angry Birds) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0
CHR Extension: (Sort by Name) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp\2.0.0_0
CHR Extension: (Google Docs) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (WOT) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp\1.4.13_0
CHR Extension: (YouTube) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Recently Closed Tabs [FVD]) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckdmacmopjaoijgapmfhbggpijooeadm\1.0_0
CHR Extension: (Google Search) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Day - Night Time Clock [FVD]) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcpimnbcbcgjmncfkidnhmefoaamkkhf\1.0_0
CHR Extension: (Read Later Fast) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\decdfngdidijkdjgbknlnepdljfaepji\1.5.8_0
CHR Extension: (MightyText - Send/Receive SMS Text Messages) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\10.0_0
CHR Extension: (Logitech SetPoint) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd\6.52.74_0
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj\11.0.3.37_0
CHR Extension: (Box - 5 GB Free Storage) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl\1.1.6_0
CHR Extension: (Minus) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\emgdobmndjcmnciellikkhigcbpgpklk\1.25_0
CHR Extension: (Web Lab) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe\1.0_0
CHR Extension: (Add to Boxee for Google Chrome) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgcnkjnfibefoaggcgbhgjejoigpfphp\1.5.7_0
CHR Extension: (CalcuNow) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fknmadebinekaklkambdfphgjpomcehm\0.91_0
CHR Extension: (Quick Launch) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fladocijdganbikpfjhgnodllkgcmmgm\0.0.0.10_0
CHR Extension: (KB SSL Enforcer) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\flcpelgcagfhfoegekianiofphddckof\2.0.0_0
CHR Extension: (Highlight to Search) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\floipahigmmkfhkoapmnijnlnboniglg\1.0.36_0
CHR Extension: (Myibidder Auction Bid Sniper for eBay) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmebanjjkaohcmifehogijfgcoieefnp\1.3.5_0
CHR Extension: (AdBlock) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (Pinterest) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic\1.1_0
CHR Extension: (LastPass) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.25_0
CHR Extension: (Dictionary Instant) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hngaklbjlbjhmoilkegninbmpfigheol\2.0.0_0
CHR Extension: (goo.gl URL Shortener) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iblijlcdoidgdpfknkckljiocdbnlagk\0.7.5_0
CHR Extension: (Chrome to Mobile) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\idknbmbdnapjicclomlijcgfpikmndhd\1.0.0_0
CHR Extension: (EverSync - Sync bookmarks, backup favorites) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\iohcojnlgnfbmjfjfkbhahhmppcggdog\4.2.4_0
CHR Extension: (eBay Extension for Google Chrome\u2122 (by eBay)) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\khhckppjhonfmcpegdjdibmngahahhck\3.0.1.5_0
CHR Extension: (Picasa Extension (by Google)) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhhlohbbihddnfcehbijmlnpkafmmkfp\0.1_0
CHR Extension: (FVD Speed Dial - 3D Wall, Sync, New Tab Page) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa\3.3.7_0
CHR Extension: (Download Master) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcceagdollnkjlogmdckgjakjapmkdjf\3.0.1.2_0
CHR Extension: (Weather forecast Widget [FVD] ) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfgbknfcldbddnkmjkoodkfafghifinp\1.0_0
CHR Extension: (Google Dictionary (by Google)) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.19_0
CHR Extension: (Google Mail Checker) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0
CHR Extension: (Quick Note) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.5.3_0
CHR Extension: (Norton Identity Protection) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Plants vs Zombies) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0
CHR Extension: (Better Google Tasks) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbhddnkmimnokfjdlogacnfjfclgcdme\4.1_0
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.2_0
CHR Extension: (Chrome Tabs - fast access [FVD]) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlmjcfadckpgbkpjnkdedeamecbjogal\1.0_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Better Pop Up Blocker) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpeeekfhbmikbdhlpjbfmnpgcbeggic\2.1.6_0
CHR Extension: (Neat Bookmarks) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnancliccjabjjmipbpjkfbijifaainp\0.9.10_0
CHR Extension: (TabCloud) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\npecfdijgoblfcgagoijgmgejmcpnhof\1.17_0
CHR Extension: (The Tracktor  - Amazon Price Tracker) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\onajjgekdldckfgodnmoallcmdmfcfom\3.2.2_0
CHR Extension: (Picasa) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb\6.2.2_0
CHR Extension: (TabMemFree) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdanbocphccpmidkhloklnlfplehiikb\0.1.3.2_0
CHR Extension: (Evernote Web Clipper) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc\5.9.19_0
CHR Extension: (Gmail) - C:\Users\MARKA_~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - C:\Program Files (x86)\LastPass\lpchrome.crx
CHR HKLM-x32\...\Chrome\Extension: [iihnfacppckhlolhipenbiachkjioanm] - C:\Program Files\AuthenTec TrueSuite\x86\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [144152 2013-10-10] (SUPERAntiSpyware.com)
R2 FLService; C:\WINDOWS\SysWow64\WinFLService.exe [92360 2013-01-10] (New Softwares.net)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [296776 2012-04-23] (AuthenTec, Inc)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [1830768 2013-11-23] (SurfRight B.V.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-12-17] (Realsil Microelectronics Inc.)
R2 ImmunetProtect; C:\Program Files\Immunet\3.0.12\agent.exe [514856 2013-10-17] (Sourcefire, Inc.)
R2 MCLIENT; C:\Program Files (x86)\Norton Management\Engine\3.2.2.12\ccSvcHst.exe [143928 2012-12-05] (Symantec Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2012-11-06] (Micro-Star International Co., Ltd.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [85504 2009-06-26] (PC Pitstop LLC)
S3 scan; C:\Program Files\Immunet\tetra\scan.dll [411648 2013-10-17] (S.C. BitDefender S.R.L)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-01] (Symantec Corporation)
R1 ccSet_MCLIENT; C:\Windows\system32\drivers\MCLIENTx64\0302020.00C\ccSetx64.sys [168096 2012-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-23] (Symantec Corporation)
R2 hmpalert; C:\WINDOWS\system32\drivers\hmpalert.sys [17416 2013-11-23] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131125.001\IDSvia64.sys [521816 2013-11-22] (Symantec Corporation)
R2 ImmunetNetworkMonitorDriver; C:\WINDOWS\System32\Drivers\ImmunetNetworkMonitor.sys [99584 2013-10-17] (Sourcefire, Inc.)
R1 ImmunetProtectDriver; C:\Windows\System32\DRIVERS\ImmunetProtect.sys [58112 2013-10-17] (Windows ® Win 7 DDK provider)
R1 ImmunetSelfProtectDriver; C:\Windows\System32\DRIVERS\ImmunetSelfProtect.sys [33024 2013-10-17] (Windows ® Win 7 DDK provider)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R2 LxrSII1d; C:\WINDOWS\System32\Drivers\LxrSII1d.sys [63064 2009-12-30] (Lexar Media, Inc.)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131125.036\ENG64.SYS [126040 2013-11-23] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131125.036\EX64.SYS [2099288 2013-11-23] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R2 NEWDRIVER; C:\WINDOWS\SysWow64\WinVDEdrv6.sys [197648 2013-01-10] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R0 rtcrfilt64; C:\Windows\System32\DRIVERS\rtcrfilt64.sys [19600 2012-12-17] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-23] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [284232 2013-10-17] (BitDefender S.R.L.)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R1 WinFLAdrv; C:\Windows\SysWow64\WinFLAdrv.sys [34816 2013-01-10] ()
R2 WinVDEDrv; C:\WINDOWS\SysWow64\WinVDEdrv.sys [225680 2013-01-10] (NewSoftwares.net, Inc.)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2013-08-22] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-26 13:35 - 2013-11-26 13:42 - 00038904 _____ C:\Users\marka_000\Desktop\FRST.txt
2013-11-26 13:34 - 2013-11-26 13:34 - 00000000 ____D C:\FRST
2013-11-26 13:33 - 2013-11-26 13:33 - 01958474 _____ (Farbar) C:\Users\marka_000\Desktop\FRST64.exe
2013-11-26 09:26 - 2013-11-26 09:26 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\picpick
2013-11-25 21:40 - 2013-11-25 21:40 - 00000000 ____D C:\Users\marka_000\Documents\OneNote Notebooks
2013-11-25 21:34 - 2013-11-25 21:34 - 00001089 _____ C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps Launcher.lnk
2013-11-25 21:28 - 2013-11-25 21:28 - 00001544 _____ C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicPick.lnk
2013-11-25 20:12 - 2013-11-25 20:12 - 00000970 _____ C:\Users\marka_000\Desktop\Photo Workspace.lnk
2013-11-25 18:21 - 2013-11-25 18:21 - 01091882 _____ C:\Users\marka_000\Desktop\adwcleaner.exe
2013-11-25 18:21 - 2013-11-25 18:21 - 01034531 _____ (Thisisu) C:\Users\marka_000\Desktop\JRT(1).exe
2013-11-24 23:30 - 2013-11-24 23:30 - 00000000 ____D C:\Users\marka_000\AppData\Local\Logitech
2013-11-24 23:29 - 2013-11-24 23:30 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-11-24 23:29 - 2013-11-24 23:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-11-24 23:25 - 2013-11-24 23:26 - 00008397 _____ C:\WINDOWS\LDPINST.LOG
2013-11-24 21:35 - 2013-11-24 21:35 - 00000000 ____D C:\WINDOWS\SysWOW64\N360_BACKUP
2013-11-23 22:39 - 2013-11-23 22:39 - 00564312 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll
2013-11-23 22:39 - 2013-11-23 22:39 - 00518480 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll
2013-11-23 22:39 - 2013-11-23 22:39 - 00017416 _____ C:\WINDOWS\system32\Drivers\hmpalert.sys
2013-11-23 22:39 - 2013-11-23 22:39 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-11-23 22:32 - 2013-11-23 22:34 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-23 22:29 - 2013-11-23 22:29 - 10264904 _____ (SurfRight B.V.) C:\Users\marka_000\Desktop\HitmanPro_x64(1).exe
2013-11-23 22:19 - 2013-11-23 22:19 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-23 22:18 - 2013-11-23 22:18 - 01034531 _____ (Thisisu) C:\Users\marka_000\Desktop\JRT.exe
2013-11-23 22:12 - 2013-11-25 18:36 - 00000000 ____D C:\AdwCleaner
2013-11-23 21:57 - 2013-11-23 21:57 - 13946480 ____N (Symantec Corporation) C:\Users\marka_000\Desktop\NortonZone.exe
2013-11-23 21:28 - 2013-11-23 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 21:28 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-11-23 21:26 - 2013-11-23 21:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2013-11-23 21:21 - 2013-11-23 21:21 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2013-11-23 21:21 - 2013-11-23 21:21 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2013-11-23 21:21 - 2013-11-23 21:21 - 00003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2013-11-23 21:21 - 2013-11-23 21:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-23 21:19 - 2013-11-23 21:19 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2013-11-23 21:19 - 2013-11-23 21:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-11-23 21:01 - 2011-04-15 17:26 - 01598464 _____ (Micro-Star International Co., Ltd.) C:\WINDOWS\SysWOW64\MSIWmiAcpi.dll
2013-11-23 21:01 - 2009-07-09 15:54 - 00160768 _____ (Micro-Star International Co., Ltd.) C:\WINDOWS\SysWOW64\MSIService.exe
2013-11-21 10:05 - 2013-11-21 10:05 - 985064842 _____ C:\WINDOWS\MEMORY.DMP
2013-11-21 10:05 - 2013-11-21 10:05 - 00302624 _____ C:\WINDOWS\Minidump\112113-18406-01.dmp
2013-11-21 10:05 - 2013-11-21 10:05 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-20 11:27 - 2013-11-20 11:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\marka_000\Desktop\HijackThis.exe
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Users\marka_000\Documents\Stardock
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Stardock
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Users\marka_000\AppData\Local\Stardock
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-11-20 10:48 - 2013-11-20 10:53 - 00000000 ____D C:\ProgramData\Stardock
2013-11-20 10:47 - 2013-11-20 10:48 - 00000000 ____D C:\Users\marka_000\Downloads\Stardock
2013-11-20 10:25 - 2013-11-20 10:25 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-11-20 10:07 - 2013-11-20 10:07 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\SUPERAntiSpyware.com
2013-11-20 10:06 - 2013-11-20 10:07 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-20 10:06 - 2013-11-20 10:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-20 09:59 - 2013-11-20 09:59 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-20 09:59 - 2013-11-20 09:59 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2013-11-20 00:41 - 2013-11-20 09:50 - 00000000 ____D C:\Users\marka_000\AppData\Local\NPE
2013-11-18 16:29 - 2013-11-18 16:30 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-18 16:29 - 2013-11-18 16:30 - 00000000 ____D C:\Program Files\iTunes
2013-11-18 16:29 - 2013-11-18 16:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-18 16:29 - 2013-11-18 16:29 - 00000000 ____D C:\Program Files\iPod
2013-11-17 20:08 - 2013-11-21 10:45 - 00000755 _____ C:\Users\marka_000\Desktop\TO WATCH.lnk
2013-11-17 08:45 - 2013-11-17 08:45 - 00000600 _____ C:\Users\marka_000\PUTTY.RND
2013-11-17 08:45 - 2013-11-17 08:45 - 00000600 _____ C:\Users\marka_000\AppData\Roaming\PUTTY.RND
2013-11-15 21:01 - 2013-11-15 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 20:53 - 2013-11-05 20:21 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-15 20:53 - 2013-11-05 18:51 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-15 20:53 - 2013-11-05 16:20 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-15 20:53 - 2013-11-05 16:11 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-15 20:53 - 2013-11-05 14:30 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-15 20:53 - 2013-11-05 14:29 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-15 20:53 - 2013-10-10 16:23 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2013-11-15 20:53 - 2013-10-10 11:53 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2013-11-15 20:53 - 2013-10-10 11:26 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2013-11-15 20:53 - 2013-10-10 11:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2013-11-15 20:53 - 2013-10-10 11:05 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2013-11-15 20:53 - 2013-10-10 10:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2013-11-15 20:53 - 2013-10-10 10:34 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2013-11-15 20:53 - 2013-10-10 10:27 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2013-11-15 20:53 - 2013-10-10 10:19 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2013-11-15 20:52 - 2013-10-23 11:29 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2013-11-15 20:52 - 2013-10-23 11:21 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-11-15 20:52 - 2013-10-23 11:13 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll
2013-11-15 20:52 - 2013-10-23 05:27 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-15 20:52 - 2013-10-23 05:09 - 04104704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2013-11-15 20:52 - 2013-10-23 05:04 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-11-15 20:52 - 2013-10-23 04:55 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2013-11-15 20:52 - 2013-10-23 04:46 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2013-11-15 20:52 - 2013-10-22 08:18 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2013-11-15 20:52 - 2013-10-22 08:18 - 00096088 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedapplauncher.exe
2013-11-15 20:52 - 2013-10-22 07:55 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2013-11-15 20:52 - 2013-10-22 06:03 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2013-11-15 20:52 - 2013-10-22 05:15 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2013-11-15 20:52 - 2013-10-22 04:04 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2013-11-15 20:52 - 2013-10-22 04:02 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2013-11-15 20:52 - 2013-10-22 03:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2013-11-15 20:52 - 2013-10-22 03:44 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2013-11-15 20:52 - 2013-10-22 02:38 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2013-11-15 20:52 - 2013-10-22 02:22 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2013-11-15 20:52 - 2013-10-22 02:13 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2013-11-15 20:52 - 2013-10-22 02:07 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-11-15 20:52 - 2013-10-22 01:53 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2013-11-15 20:52 - 2013-10-22 01:47 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-11-15 20:52 - 2013-10-19 09:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2013-11-15 20:52 - 2013-10-19 08:51 - 00481392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2013-11-15 20:52 - 2013-10-19 07:12 - 00380656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2013-11-15 20:52 - 2013-10-19 06:24 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-11-15 20:52 - 2013-10-19 04:48 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2013-11-15 20:52 - 2013-10-19 04:03 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2013-11-15 20:52 - 2013-10-19 03:57 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2013-11-15 20:52 - 2013-10-19 03:28 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2013-11-15 20:52 - 2013-10-19 03:26 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2013-11-15 20:52 - 2013-10-19 03:14 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2013-11-15 20:52 - 2013-10-17 15:42 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2013-11-15 20:52 - 2013-10-17 15:42 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2013-11-15 20:52 - 2013-10-17 14:04 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2013-11-15 20:52 - 2013-10-16 09:34 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2013-11-15 20:52 - 2013-10-16 09:33 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2013-11-15 20:52 - 2013-10-13 03:06 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2013-11-15 20:52 - 2013-10-13 02:43 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2013-11-15 20:52 - 2013-10-11 15:11 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2013-11-15 20:52 - 2013-10-11 14:22 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2013-11-15 20:52 - 2013-10-11 13:24 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2013-11-15 20:52 - 2013-10-11 13:04 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2013-11-15 20:52 - 2013-10-11 13:03 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2013-11-15 20:52 - 2013-10-10 16:44 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2013-11-15 20:52 - 2013-10-10 16:26 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2013-11-15 20:52 - 2013-10-10 16:26 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2013-11-15 20:52 - 2013-10-10 14:53 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2013-11-15 20:52 - 2013-10-10 14:53 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2013-11-15 20:52 - 2013-10-10 11:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2013-11-15 20:52 - 2013-10-09 05:40 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-11-15 20:52 - 2013-10-08 11:07 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2013-11-15 20:52 - 2013-10-08 10:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2013-11-15 20:52 - 2013-10-08 10:13 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-11-15 20:52 - 2013-10-08 06:46 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2013-11-15 20:52 - 2013-10-08 05:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2013-11-15 20:52 - 2013-10-08 05:50 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2013-11-15 20:52 - 2013-10-08 05:48 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2013-11-15 20:52 - 2013-10-08 05:15 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2013-11-15 20:52 - 2013-10-08 05:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2013-11-15 20:52 - 2013-10-08 04:50 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2013-11-15 20:52 - 2013-10-08 04:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2013-11-15 20:52 - 2013-10-07 07:21 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2013-11-15 20:52 - 2013-10-07 07:21 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2013-11-15 20:52 - 2013-10-07 02:13 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2013-11-15 20:52 - 2013-10-05 15:25 - 00371032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2013-11-15 20:52 - 2013-10-05 15:25 - 00057176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2013-11-15 20:52 - 2013-10-05 14:21 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2013-11-15 20:52 - 2013-10-05 12:05 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2013-11-15 20:52 - 2013-10-05 11:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2013-11-15 20:52 - 2013-10-05 09:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2013-11-15 20:52 - 2013-10-05 09:18 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2013-11-15 20:52 - 2013-10-05 09:07 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2013-11-15 20:52 - 2013-10-05 08:56 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2013-11-15 20:52 - 2013-10-05 08:55 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll
2013-11-15 20:52 - 2013-10-05 08:40 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2013-11-15 20:52 - 2013-10-05 08:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll
2013-11-15 20:52 - 2013-10-05 08:21 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2013-11-15 20:52 - 2013-10-05 08:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
2013-11-15 20:52 - 2013-10-05 07:43 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2013-11-15 20:52 - 2013-10-05 07:39 - 06639616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2013-11-15 20:52 - 2013-10-05 07:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2013-11-15 20:52 - 2013-10-05 07:32 - 05769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2013-11-15 20:52 - 2013-10-04 08:10 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2013-11-15 20:52 - 2013-09-19 05:04 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2013-11-15 20:52 - 2013-09-17 09:06 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2013-11-15 20:52 - 2013-09-17 09:06 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2013-11-15 20:52 - 2013-09-17 06:31 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2013-11-15 20:52 - 2013-09-17 06:31 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2013-11-15 20:52 - 2013-09-17 04:37 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2013-11-15 20:52 - 2013-09-14 14:07 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2013-11-15 20:52 - 2013-09-14 14:00 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2013-11-15 20:52 - 2013-09-14 12:39 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2013-11-15 20:52 - 2013-09-14 12:33 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2013-11-15 20:52 - 2013-09-14 10:05 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2013-11-15 20:52 - 2013-09-14 09:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2013-11-15 20:52 - 2013-09-13 08:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe
2013-11-15 20:52 - 2013-09-13 07:47 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe
2013-11-15 20:52 - 2013-09-12 08:45 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2013-11-15 20:52 - 2013-09-12 08:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2013-11-15 20:52 - 2013-09-12 08:08 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2013-11-15 20:52 - 2013-09-12 08:02 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2013-11-15 20:52 - 2013-09-12 07:44 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2013-11-15 20:52 - 2013-09-12 07:37 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2013-11-15 20:52 - 2013-09-12 07:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2013-11-15 20:52 - 2013-09-12 07:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2013-11-15 20:52 - 2013-09-12 07:16 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2013-11-15 20:52 - 2013-09-12 07:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2013-11-15 20:52 - 2013-09-11 12:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-11-15 20:52 - 2013-09-10 05:26 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2013-11-15 20:52 - 2013-09-10 04:52 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll
2013-11-15 20:52 - 2013-09-10 04:34 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2013-11-14 09:28 - 2013-11-14 09:28 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-11-13 09:59 - 2013-10-19 08:08 - 23212544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-11-13 09:59 - 2013-10-19 06:37 - 17142784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-11-13 09:59 - 2013-10-19 06:02 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-11-13 09:59 - 2013-10-19 05:37 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2013-11-13 09:59 - 2013-10-19 05:19 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-11-13 09:59 - 2013-10-19 05:10 - 05765120 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-11-13 09:59 - 2013-10-19 04:52 - 02166272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-11-13 09:59 - 2013-10-19 04:44 - 04240384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-11-13 09:59 - 2013-10-19 04:37 - 12995584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-11-13 09:59 - 2013-10-19 04:31 - 01993728 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-11-13 09:59 - 2013-10-19 03:56 - 11220992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-11-13 09:59 - 2013-10-19 03:55 - 01926656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2013-11-13 09:59 - 2013-10-19 03:53 - 02332160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-11-13 09:59 - 2013-10-19 03:23 - 01394176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-11-13 09:59 - 2013-10-19 03:09 - 01818112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-11-13 09:59 - 2013-10-19 03:02 - 01156608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-11-13 09:59 - 2013-10-13 02:48 - 00136536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2013-11-13 09:59 - 2013-10-12 21:48 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2013-11-13 09:59 - 2013-10-12 21:34 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2013-11-13 09:59 - 2013-10-05 14:21 - 01341288 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2013-11-13 09:59 - 2013-10-05 08:39 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2013-11-13 09:58 - 2013-11-13 09:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-11-13 09:58 - 2013-11-13 09:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-11-13 09:58 - 2013-10-16 15:58 - 01943536 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2013-11-13 09:58 - 2013-10-16 13:54 - 01581968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2013-11-11 02:20 - 2013-11-11 02:20 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Overlook
2013-11-11 02:18 - 2013-11-11 02:18 - 00000000 ____D C:\ProgramData\Overlook
2013-11-11 01:36 - 2013-11-11 01:36 - 00004194 _____ C:\WINDOWS\System32\Tasks\Email on remote connection
2013-11-11 01:11 - 2013-11-11 01:31 - 00003900 _____ C:\WINDOWS\System32\Tasks\Email on Login
2013-11-11 00:38 - 2013-11-11 00:45 - 00000000 ____D C:\Program Files (x86)\Yawcam
2013-11-09 17:55 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2013-11-09 17:55 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2013-11-09 17:55 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2013-11-09 17:55 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2013-11-09 17:55 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2013-11-09 17:55 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2013-11-08 15:01 - 2013-11-12 22:54 - 00001456 _____ C:\Users\marka_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-06 20:44 - 2013-11-26 12:12 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\foobar2000
2013-11-06 20:44 - 2013-11-06 20:44 - 00000000 ____D C:\Program Files (x86)\foobar2000
2013-11-06 20:32 - 2013-11-06 20:33 - 00000747 _____ C:\Users\marka_000\Desktop\Music.lnk
2013-11-05 23:46 - 2013-11-05 23:46 - 00000000 ____D C:\Users\marka_000\AppData\Local\Doist_Ltd
2013-11-05 22:37 - 2013-11-26 09:28 - 46233483 _____ C:\Users\marka_000\AppData\Local\cef.log
2013-11-05 22:37 - 2013-11-19 00:00 - 00000000 ____D C:\Users\marka_000\AppData\Local\TodoistCacheXl
2013-11-05 22:37 - 2013-11-05 22:39 - 00000000 ____D C:\Users\marka_000\AppData\Local\Todoist
2013-11-05 22:36 - 2013-11-25 20:44 - 00000000 ____D C:\Program Files (x86)\Todoist
2013-11-03 16:44 - 2013-11-03 16:44 - 00000833 _____ C:\Users\marka_000\Desktop\College Files.lnk
2013-11-03 16:27 - 2013-11-04 12:19 - 00001186 _____ C:\Users\marka_000\Desktop\Public Web Page Content.lnk
2013-11-02 20:47 - 2013-11-02 20:47 - 00000000 __SHD C:\ProgramData\DSS
2013-11-02 20:47 - 2013-11-02 20:47 - 00000000 ____D C:\ProgramData\Codemasters
2013-11-02 20:42 - 2013-11-02 20:42 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2013-11-02 20:42 - 2013-11-02 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-11-02 20:40 - 2013-11-02 20:40 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-11-02 20:40 - 2013-11-02 20:40 - 00000000 ____D C:\Program Files (x86)\BRS
2013-11-02 20:40 - 2011-03-19 15:16 - 01417216 _____ (Blue Ripple Sound Limited) C:\WINDOWS\SysWOW64\rapture3d_oal.dll
2013-11-02 20:40 - 2010-09-22 13:12 - 19087360 _____ (Intel Corporation / Blue Ripple Sound Limited) C:\WINDOWS\SysWOW64\mkl_blueripple.dll
2013-11-02 02:15 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2013-11-02 02:15 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2013-11-02 02:15 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2013-11-02 02:15 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2013-11-02 02:15 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2013-11-02 02:15 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2013-10-29 03:32 - 2013-10-29 03:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2013-10-29 03:30 - 2013-10-29 03:29 - 00450784 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131029-033010.backup
2013-10-29 03:29 - 2013-08-25 10:24 - 00449897 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131029-032926.backup
2013-10-29 00:49 - 2013-10-23 11:01 - 00872840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2013-10-29 00:49 - 2013-10-23 08:59 - 00698232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2013-10-29 00:46 - 2013-10-29 00:47 - 00000000 ____D C:\Program Files (x86)\stinger
2013-10-29 00:42 - 2013-10-29 00:45 - 00000000 ____D C:\Program Files (x86)\stinger.BackupByMcAfeeStingerPortable
2013-10-28 20:45 - 2013-10-28 20:45 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Opera
2013-10-28 20:45 - 2013-10-28 20:45 - 00000000 ____D C:\Users\marka_000\AppData\Local\Opera
2013-10-28 11:37 - 2013-10-28 11:37 - 00001346 _____ C:\Users\marka_000\Desktop\Proxy.lnk

==================== One Month Modified Files and Folders =======

2013-11-26 13:42 - 2013-11-26 13:35 - 00038904 _____ C:\Users\marka_000\Desktop\FRST.txt
2013-11-26 13:42 - 2013-10-17 08:48 - 00000000 ____D C:\Program Files\Immunet
2013-11-26 13:41 - 2012-12-09 12:29 - 00000000 ____D C:\Users\marka_000\AppData\Local\Bvckup
2013-11-26 13:34 - 2013-11-26 13:34 - 00000000 ____D C:\FRST
2013-11-26 13:34 - 2013-10-18 00:43 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A67B9440-3352-4150-A03F-A7C7E749038E}
2013-11-26 13:33 - 2013-11-26 13:33 - 01958474 _____ (Farbar) C:\Users\marka_000\Desktop\FRST64.exe
2013-11-26 13:32 - 2012-12-09 21:53 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Dropbox
2013-11-26 13:23 - 2013-03-12 11:57 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-26 13:01 - 2013-05-23 15:36 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-26 13:00 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\sru
2013-11-26 12:45 - 2013-10-18 10:40 - 00000948 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4209119735-118288704-184786088-1004UA.job
2013-11-26 12:22 - 2012-12-09 13:17 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4209119735-118288704-184786088-1004
2013-11-26 12:12 - 2013-11-06 20:44 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\foobar2000
2013-11-26 11:45 - 2013-10-18 10:40 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4209119735-118288704-184786088-1004Core.job
2013-11-26 10:05 - 2013-10-17 23:41 - 01183475 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-26 10:01 - 2013-05-23 15:36 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-26 09:36 - 2012-12-09 22:23 - 00005002 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MARK-LAPTOP-marka_000 Mark-Laptop
2013-11-26 09:32 - 2013-09-30 04:12 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-26 09:28 - 2013-11-05 22:37 - 46233483 _____ C:\Users\marka_000\AppData\Local\cef.log
2013-11-26 09:28 - 2012-12-09 15:22 - 00000000 ____D C:\Users\marka_000\AppData\Local\Adobe
2013-11-26 09:26 - 2013-11-26 09:26 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\picpick
2013-11-26 09:26 - 2013-07-02 15:55 - 00000514 _____ C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job
2013-11-26 09:25 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-25 23:11 - 2012-12-11 15:15 - 00000000 ____D C:\Users\marka_000\AppData\Local\CrashDumps
2013-11-25 23:10 - 2013-09-29 20:03 - 00748668 _____ C:\WINDOWS\PFRO.log
2013-11-25 23:09 - 2013-08-22 13:25 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-11-25 22:32 - 2012-12-19 01:12 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\FileZilla
2013-11-25 21:40 - 2013-11-25 21:40 - 00000000 ____D C:\Users\marka_000\Documents\OneNote Notebooks
2013-11-25 21:40 - 2012-12-09 13:07 - 00000000 ___RD C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-25 21:34 - 2013-11-25 21:34 - 00001089 _____ C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PortableApps Launcher.lnk
2013-11-25 21:28 - 2013-11-25 21:28 - 00001544 _____ C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PicPick.lnk
2013-11-25 20:44 - 2013-11-05 22:36 - 00000000 ____D C:\Program Files (x86)\Todoist
2013-11-25 20:12 - 2013-11-25 20:12 - 00000970 _____ C:\Users\marka_000\Desktop\Photo Workspace.lnk
2013-11-25 18:36 - 2013-11-23 22:12 - 00000000 ____D C:\AdwCleaner
2013-11-25 18:21 - 2013-11-25 18:21 - 01091882 _____ C:\Users\marka_000\Desktop\adwcleaner.exe
2013-11-25 18:21 - 2013-11-25 18:21 - 01034531 _____ (Thisisu) C:\Users\marka_000\Desktop\JRT(1).exe
2013-11-25 12:54 - 2012-12-18 23:32 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\vlc
2013-11-24 23:30 - 2013-11-24 23:30 - 00000000 ____D C:\Users\marka_000\AppData\Local\Logitech
2013-11-24 23:30 - 2013-11-24 23:29 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2013-11-24 23:29 - 2013-11-24 23:29 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2013-11-24 23:29 - 2013-10-17 23:41 - 00018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2013-11-24 23:29 - 2013-10-17 23:41 - 00002734 _____ C:\WINDOWS\LkmdfCoInst.log
2013-11-24 23:28 - 2012-12-09 16:05 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Logishrd
2013-11-24 23:26 - 2013-11-24 23:25 - 00008397 _____ C:\WINDOWS\LDPINST.LOG
2013-11-24 23:26 - 2012-12-09 16:06 - 00000000 ____D C:\ProgramData\Logitech
2013-11-24 23:26 - 2012-12-09 16:06 - 00000000 ____D C:\ProgramData\Logishrd
2013-11-24 21:35 - 2013-11-24 21:35 - 00000000 ____D C:\WINDOWS\SysWOW64\N360_BACKUP
2013-11-23 22:39 - 2013-11-23 22:39 - 00564312 _____ (SurfRight) C:\WINDOWS\SysWOW64\hmpalert.dll
2013-11-23 22:39 - 2013-11-23 22:39 - 00518480 _____ (SurfRight) C:\WINDOWS\system32\hmpalert.dll
2013-11-23 22:39 - 2013-11-23 22:39 - 00017416 _____ C:\WINDOWS\system32\Drivers\hmpalert.sys
2013-11-23 22:39 - 2013-11-23 22:39 - 00000000 ____D C:\Program Files (x86)\HitmanPro.Alert
2013-11-23 22:34 - 2013-11-23 22:32 - 00000000 ____D C:\ProgramData\HitmanPro
2013-11-23 22:29 - 2013-11-23 22:29 - 10264904 _____ (SurfRight B.V.) C:\Users\marka_000\Desktop\HitmanPro_x64(1).exe
2013-11-23 22:19 - 2013-11-23 22:19 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-23 22:18 - 2013-11-23 22:18 - 01034531 _____ (Thisisu) C:\Users\marka_000\Desktop\JRT.exe
2013-11-23 21:57 - 2013-11-23 21:57 - 13946480 ____N (Symantec Corporation) C:\Users\marka_000\Desktop\NortonZone.exe
2013-11-23 21:28 - 2013-11-23 21:28 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-23 21:26 - 2013-11-23 21:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2013-11-23 21:22 - 2012-12-21 15:43 - 00000000 ____D C:\Users\marka_000\Documents\Symantec
2013-11-23 21:22 - 2012-12-09 14:48 - 00000000 ____D C:\ProgramData\Norton
2013-11-23 21:21 - 2013-11-23 21:21 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2013-11-23 21:21 - 2013-11-23 21:21 - 00008222 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2013-11-23 21:21 - 2013-11-23 21:21 - 00003206 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2013-11-23 21:21 - 2013-11-23 21:21 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-11-23 21:21 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2013-11-23 21:21 - 2012-07-26 08:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2013-11-23 21:19 - 2013-11-23 21:19 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2013-11-23 21:19 - 2013-11-23 21:19 - 00000000 ____D C:\Program Files (x86)\Norton 360
2013-11-23 21:11 - 2013-01-24 17:45 - 00000000 ____D C:\ProgramData\SecTaskMan
2013-11-23 21:01 - 2013-01-24 18:37 - 00000000 ____D C:\Program Files (x86)\SCM
2013-11-23 21:01 - 2012-12-17 22:00 - 00000000 ____D C:\Program Files (x86)\MSI
2013-11-23 21:01 - 2012-12-17 17:05 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-23 20:05 - 2012-12-09 14:48 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-11-23 17:56 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2013-11-22 12:30 - 2013-03-12 11:57 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-11-22 09:56 - 2013-05-23 15:36 - 00003900 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-22 09:56 - 2013-05-23 15:36 - 00003664 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-21 12:28 - 2012-12-27 02:18 - 00000600 _____ C:\Users\marka_000\AppData\Local\PUTTY.RND
2013-11-21 10:45 - 2013-11-17 20:08 - 00000755 _____ C:\Users\marka_000\Desktop\TO WATCH.lnk
2013-11-21 10:44 - 2012-12-09 12:29 - 00000000 ___RD C:\Users\marka_000\Desktop\ToDo
2013-11-21 10:05 - 2013-11-21 10:05 - 985064842 _____ C:\WINDOWS\MEMORY.DMP
2013-11-21 10:05 - 2013-11-21 10:05 - 00302624 _____ C:\WINDOWS\Minidump\112113-18406-01.dmp
2013-11-21 10:05 - 2013-11-21 10:05 - 00000000 ____D C:\WINDOWS\Minidump
2013-11-20 16:33 - 2013-06-24 08:27 - 00000000 ____D C:\Program Files\Futuremark
2013-11-20 11:27 - 2013-11-20 11:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\marka_000\Desktop\HijackThis.exe
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Users\marka_000\Documents\Stardock
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Stardock
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Users\marka_000\AppData\Local\Stardock
2013-11-20 11:03 - 2013-11-20 11:03 - 00000000 ____D C:\Program Files (x86)\Stardock
2013-11-20 11:03 - 2013-10-17 23:42 - 00000000 ____D C:\Users\marka_000
2013-11-20 10:53 - 2013-11-20 10:48 - 00000000 ____D C:\ProgramData\Stardock
2013-11-20 10:48 - 2013-11-20 10:47 - 00000000 ____D C:\Users\marka_000\Downloads\Stardock
2013-11-20 10:27 - 2013-01-02 12:39 - 00000000 ____D C:\Users\marka_000\AppData\Local\Screencast-O-Matic
2013-11-20 10:25 - 2013-11-20 10:25 - 00000000 ____D C:\ProgramData\SUPERSetup
2013-11-20 10:07 - 2013-11-20 10:07 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\SUPERAntiSpyware.com
2013-11-20 10:07 - 2013-11-20 10:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-11-20 10:06 - 2013-11-20 10:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-11-20 10:04 - 2012-12-09 16:37 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-20 09:59 - 2013-11-20 09:59 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirusTotal Uploader 2.0
2013-11-20 09:59 - 2013-11-20 09:59 - 00000000 ____D C:\Program Files (x86)\VirusTotalUploader2
2013-11-20 09:50 - 2013-11-20 00:41 - 00000000 ____D C:\Users\marka_000\AppData\Local\NPE
2013-11-20 00:28 - 2013-08-22 14:44 - 05104688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-11-19 13:47 - 2013-06-24 00:13 - 00001324 _____ C:\Users\marka_000\Desktop\Mail.lnk
2013-11-19 13:24 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
2013-11-19 00:00 - 2013-11-05 22:37 - 00000000 ____D C:\Users\marka_000\AppData\Local\TodoistCacheXl
2013-11-18 16:30 - 2013-11-18 16:29 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-18 16:30 - 2013-11-18 16:29 - 00000000 ____D C:\Program Files\iTunes
2013-11-18 16:30 - 2013-11-18 16:29 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-18 16:29 - 2013-11-18 16:29 - 00000000 ____D C:\Program Files\iPod
2013-11-18 15:00 - 2013-07-18 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-18 14:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\WinStore
2013-11-18 14:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2013-11-18 14:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\migwiz
2013-11-18 14:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\en-GB
2013-11-18 14:59 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2013-11-18 14:50 - 2013-06-02 22:56 - 00007615 _____ C:\Users\marka_000\AppData\Local\Resmon.ResmonCfg
2013-11-17 20:27 - 2012-12-09 13:07 - 00000000 ___RD C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-17 20:26 - 2013-08-22 15:36 - 00000000 ___RD C:\WINDOWS\ToastData
2013-11-17 08:45 - 2013-11-17 08:45 - 00000600 _____ C:\Users\marka_000\PUTTY.RND
2013-11-17 08:45 - 2013-11-17 08:45 - 00000600 _____ C:\Users\marka_000\AppData\Roaming\PUTTY.RND
2013-11-15 21:01 - 2013-11-15 21:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 15:48 - 2012-12-09 13:07 - 00000000 ____D C:\Users\marka_000\AppData\Local\Packages
2013-11-14 14:47 - 2013-01-06 04:00 - 00000132 _____ C:\Users\marka_000\AppData\Roaming\Adobe PNG Format CS6 Prefs
2013-11-14 09:28 - 2013-11-14 09:28 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-11-13 10:24 - 2013-07-18 09:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-11-13 10:23 - 2012-12-13 12:29 - 82896128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-11-13 09:58 - 2013-11-13 09:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-11-13 09:58 - 2013-11-13 09:58 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-11-12 22:54 - 2013-11-08 15:01 - 00001456 _____ C:\Users\marka_000\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-11-11 02:20 - 2013-11-11 02:20 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Overlook
2013-11-11 02:18 - 2013-11-11 02:18 - 00000000 ____D C:\ProgramData\Overlook
2013-11-11 01:36 - 2013-11-11 01:36 - 00004194 _____ C:\WINDOWS\System32\Tasks\Email on remote connection
2013-11-11 01:31 - 2013-11-11 01:11 - 00003900 _____ C:\WINDOWS\System32\Tasks\Email on Login
2013-11-11 00:45 - 2013-11-11 00:38 - 00000000 ____D C:\Program Files (x86)\Yawcam
2013-11-09 17:55 - 2013-06-24 08:27 - 00036020 _____ C:\WINDOWS\DirectX.log
2013-11-08 15:00 - 2012-12-09 13:07 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Adobe
2013-11-07 11:01 - 2013-07-23 16:53 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Samsung
2013-11-07 11:01 - 2013-07-23 16:53 - 00000000 ____D C:\Users\marka_000\AppData\Local\Samsung
2013-11-07 11:01 - 2013-07-23 16:52 - 00000000 ____D C:\ProgramData\Samsung
2013-11-06 20:44 - 2013-11-06 20:44 - 00000000 ____D C:\Program Files (x86)\foobar2000
2013-11-06 20:33 - 2013-11-06 20:32 - 00000747 _____ C:\Users\marka_000\Desktop\Music.lnk
2013-11-05 23:46 - 2013-11-05 23:46 - 00000000 ____D C:\Users\marka_000\AppData\Local\Doist_Ltd
2013-11-05 23:31 - 2013-08-22 15:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-11-05 23:31 - 2013-08-22 15:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-05 22:39 - 2013-11-05 22:37 - 00000000 ____D C:\Users\marka_000\AppData\Local\Todoist
2013-11-05 20:21 - 2013-11-15 20:53 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-11-05 18:51 - 2013-11-15 20:53 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-11-05 16:20 - 2013-11-15 20:53 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2013-11-05 16:11 - 2013-11-15 20:53 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2013-11-05 14:30 - 2013-11-15 20:53 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-11-05 14:29 - 2013-11-15 20:53 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-11-04 12:19 - 2013-11-03 16:27 - 00001186 _____ C:\Users\marka_000\Desktop\Public Web Page Content.lnk
2013-11-04 10:54 - 2013-05-22 10:13 - 00000132 _____ C:\Users\marka_000\AppData\Roaming\Adobe GIF Format CS6 Prefs
2013-11-03 16:44 - 2013-11-03 16:44 - 00000833 _____ C:\Users\marka_000\Desktop\College Files.lnk
2013-11-02 20:47 - 2013-11-02 20:47 - 00000000 __SHD C:\ProgramData\DSS
2013-11-02 20:47 - 2013-11-02 20:47 - 00000000 ____D C:\ProgramData\Codemasters
2013-11-02 20:47 - 2013-01-06 16:25 - 00000000 ____D C:\Users\marka_000\Documents\My Games
2013-11-02 20:42 - 2013-11-02 20:42 - 00000000 ____D C:\WINDOWS\SysWOW64\xlive
2013-11-02 20:42 - 2013-11-02 20:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-11-02 20:40 - 2013-11-02 20:40 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2013-11-02 20:40 - 2013-11-02 20:40 - 00000000 ____D C:\Program Files (x86)\OpenAL
2013-11-02 20:40 - 2013-11-02 20:40 - 00000000 ____D C:\Program Files (x86)\BRS
2013-11-02 20:37 - 2013-10-18 14:22 - 00000000 ____D C:\ProgramData\Origin
2013-11-02 14:14 - 2013-08-22 14:46 - 00381586 _____ C:\WINDOWS\setupact.log
2013-11-02 01:01 - 2012-12-09 21:54 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-30 22:17 - 2013-01-04 01:57 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-10-30 22:17 - 2013-01-04 01:57 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2013-10-30 15:33 - 2013-05-23 11:39 - 00000000 ____D C:\Users\marka_000\AppData\Local\Microsoft Help
2013-10-29 03:32 - 2013-10-29 03:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2013-10-29 03:29 - 2013-10-29 03:30 - 00450784 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20131029-033010.backup
2013-10-29 00:47 - 2013-10-29 00:46 - 00000000 ____D C:\Program Files (x86)\stinger
2013-10-29 00:45 - 2013-10-29 00:42 - 00000000 ____D C:\Program Files (x86)\stinger.BackupByMcAfeeStingerPortable
2013-10-28 20:45 - 2013-10-28 20:45 - 00000000 ____D C:\Users\marka_000\AppData\Roaming\Opera
2013-10-28 20:45 - 2013-10-28 20:45 - 00000000 ____D C:\Users\marka_000\AppData\Local\Opera
2013-10-28 11:37 - 2013-10-28 11:37 - 00001346 _____ C:\Users\marka_000\Desktop\Proxy.lnk
2013-10-27 16:45 - 2013-06-25 09:18 - 00015512 _____ C:\WINDOWS\DPINST.LOG

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-11-15 20:52] - [2013-10-22 07:55] - 2328872 ____A (Microsoft Corporation) 63DC38C3E4564B2405D562855643ABA2

C:\Windows\SysWOW64\explorer.exe
[2013-11-15 20:52] - [2013-10-22 06:03] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58

C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2013-11-15 20:52] - [2013-10-22 02:38] - 1362944 ____A (Microsoft Corporation) C72456BFFE941714CF05B0AA0BEE5B45

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-26 12:11

==================== End Of Log ============================

Attached Files



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 PM

Posted 26 November 2013 - 11:08 AM

The log is clean.

There is a policy restriction on Google.

If you wish to remove it run this script. Your call.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
Windows 8 - http://www.eightforums.com/tutorials/4690-restore-point-create-windows-8-a.html

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

end
Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

===

You may be interested in reading this topic.
http://en.community.dell.com/support-forums/virus-spyware/f/3522/t/19331160.aspx

This may be relevent with your situation.

One feature I like is the History and Summary tabs. The resident IP was monitoring all executable files (literally hundreds, most of them in tmp folders) I downloaded in the last month, and declared them all as "known legitimate programs".



#12 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 26 November 2013 - 12:39 PM

Thank you for your reply.

 

Firstly, what does this Google policy restriction mean and what am I doing by lifting it?

 

Here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-11-2013 01
Ran by marka_000 at 2013-11-26 17:31:38 Run:1
Running from C:\Users\marka_000\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

end
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

==== End of Fixlog ====

 

 

Secondly, are you suggesting that they may be false positives that are being generated by Immunet?  Those posts are over 3 years old, when Immunet was still a largely unknown/untested infant. Do you think I should reconsider using it?

 

Also, I run a handful of portable apps from http://portableapps.com/ on a regular/daily basis.  These are all located on my D: drive and have not shown up on any of the scans I performed for you.  Could there be a problem here?

 

Thank you for your time and help so far, it is appreciated.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 PM

Posted 27 November 2013 - 08:10 AM


Firstly, what does this Google policy restriction mean and what am I doing by lifting it?


I do not know. This is why I asked if you had set it.

Looking at this topic it should be safe to remove it as I suggested in my fix.

https://forums.malwarebytes.org/index.php?showtopic=135873

If you create a System Restore point as I suggested then you can reverse if it's needed.
===

Secondly, are you suggesting that they may be false positives that are being generated by Immunet? Those posts are over 3 years old, when Immunet was still a largely unknown/untested infant. Do you think I should reconsider using it?


In the article I suggested you will find this comment.

One feature I like is the History and Summary tabs. The resident IP was monitoring all executable files (literally hundreds, most of them in tmp folders) I downloaded in the last month, and declared them all as "known legitimate programs".

Is there a feature on this program where you can declare them as safe?
I'm not familiar with it so check in their Forum.

One think you can do is clean all your \temp folders.
===

Also, I run a handful of portable apps from http://portableapps.com/ on a regular/daily basis. These are all located on my D: drive and have not shown up on any of the scans I performed for you. Could there be a problem here?

If the apps are released from mmemory after having done what you expect pf them, then nothing will be shown as running.

#14 hophop000

hophop000
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:04:51 AM

Posted 27 November 2013 - 08:43 AM

Ah OK, thank you.

 

How do I know if they are safe?  I restored one from quarantine and uploaded it to Virus Total and it got 10 hits out of 48 different scanners, see here:

 

https://www.virustotal.com/en/file/49ac2093eb5774a345417d2a02f7cff00731f1f185fd80b71e994d749bf25026/analysis/1385558920/

 

Does that not mean the file is a threat?  Or are 10 of the 48 throwing out false positives? 

 

I really don't know what to think, I don't know if I can trust these files enough to let them through my security scanner.   I don't know what to do.  To be fair, I have scanned my system with a multitude of security programs over the past 8 days and have not really found anything and the *.tmp files are still getting quarantined.

 

What do you recommend I do?

 

Thanks



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,456 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:51 PM

Posted 27 November 2013 - 09:22 AM

.Tmp files are working files created by an application.

The rule of thumb is that they are garbage and should be deleted.

If you know what application is creating these files then they may be a way in that application to save the file in an other location then a \temp folder.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users