Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Spigot virus on Google Chrome. DDS.com not running.


  • This topic is locked This topic is locked
10 replies to this topic

#1 MarkSosbe

MarkSosbe

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 19 January 2014 - 06:32 PM

Hello,

I've recently become infected with what I believe is a virus that is affecting IE and Chrome. Everytime I open one of the browsers, rather than google, it shows the following page: htxxtp://search.yahoo.com/?type=714647&fr=spigot-yhp-ch

I am not very experienced with problems like this, but I had a search and tried to set about fixing it. I used various programs including:
adwcleaner
ccleaner
malwarebytes anti-malware

I also followed a guide which had me change the DNS setting (I believe, 8.8.8.8 [I am a noob and this literally means nothing to me])
and delete out a part of a registry (I think) :-/

as the computer I am working on is fairly new and empty, I tried a system restore and that failed due to an unknown error. I tried a different restore point and the same thing happened.

I realise that through my desperation to get rid of this I may have done more harm than good. 

In preperation for posting here, I tried running the DDS.COM but I kept getting the following error "DDS is not meant to run in 'Compatibility Mode'. This program shall now exit."
 

I know I haven't given you much to go on, but I'm really hoping you can help.

Mark


edit: I have reinstalled Chrome, and the problem seems to have gone, but it is still affecting IE. My concern is that remnants of it remain on the computer, potentially causing harm in ways I can't forsee, so I'm still keen to clean it as much as possible.
 


Edited by MarkSosbe, 19 January 2014 - 07:15 PM.


BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 24 January 2014 - 04:21 PM

Hi Mark,

 

please run a FRST-Scan:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.



#3 MarkSosbe

MarkSosbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 24 January 2014 - 05:33 PM

Hello,

firstly, thank you very much for the reply.

Ok, I've downloaded the tool from the link you posted, though I had some difficulty. Everytime I tried to download it, my virus check gave me an alert about a trojan. Even when I allowed the program did not load correctly, so I downloaded from an external source.

Please find logs below:

FRST.TXT
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-11-2013 (ATTENTION: ====> FRST version is 61 days old and could be outdated)
Ran by Mark (administrator) on HAL9000 on 24-01-2014 22:28:19
Running from C:\Users\Mark\Desktop
Windows 8.1 (X64) OS Language: English(UK)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-04-24] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1702912 2013-02-05] (IDT, Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [AVG-Secure-Search-Update_1113a] - C:\Users\Mark\AppData\Roaming\AVG 1113a Campaign\AVG-Secure-Search-Update-1113a.exe /PROMPT /mid=28bbfecc486147d39dc1d18b80ebfe8a-a8d97d9a201ffa41bba037e49a59a13eaff4d616 /CMPID=1113a
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe [77088 2013-03-01] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HPMessageService] - C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-02-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe [624248 2007-05-10] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0EYTHM] - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [168616 2013-09-05] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll [141336 2013-09-05] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=599486&fr=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {B39AD58E-7FC5-4AF5-86C4-51C49FA090DA} URL = 
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
Tcpip\..\Interfaces\{C6A5BD80-CFB2-4206-819A-56696D84B549}: [NameServer]8.8.8.8
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1
CHR Extension: (YouTube) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1
CHR Extension: (Google Search) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1
CHR Extension: (Website Logon) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmbkhknacohfhbmmpnmbkgdffdbildof\6.0.100_1
CHR Extension: (Google Wallet) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: (Gmail) - C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [hmbkhknacohfhbmmpnmbkgdffdbildof] - C:\Program Files (x86)\HP SimplePass\tschrome.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
 
==================== Services (Whitelisted) =================
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-04-16] (Intel)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-02-07] (HP)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-09] (WildTangent)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-02-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129848 2013-02-22] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [180200 2013-02-13] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-02-22] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-07] (AuthenTec, Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-11-25] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [252728 2013-10-21] (AVG Technologies CZ, s.r.o.)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [1524824 2013-11-14] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1345920 2012-11-06] (Motorola Solutions, Inc.)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-25] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\IPSDefs\20131128.001\IDSvia64.sys [521816 2013-11-22] (Symantec Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-02-13] ()
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131130.007\ENG64.SYS [126040 2013-11-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\Definitions\VirusDefs\20131130.007\EX64.SYS [2099288 2013-11-25] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\Netwew00.sys [3345376 2013-10-08] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [450632 2013-02-22] (RTS Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-04-24] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-25] (Microsoft Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-11-26] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [207768 2013-04-16] (Windows ® Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-24] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-24 22:28 - 2014-01-24 22:28 - 00022592 _____ C:\Users\Mark\Desktop\FRST.txt
2014-01-24 22:27 - 2014-01-24 22:27 - 01958440 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-01-24 22:27 - 2014-01-24 22:27 - 00000000 ____D C:\FRST
2014-01-24 22:20 - 2014-01-24 22:20 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-01-20 19:03 - 2014-01-20 19:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-20 19:03 - 2014-01-20 19:03 - 00001398 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:03 - 2014-01-20 19:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-20 19:03 - 2014-01-20 19:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-20 19:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2014-01-20 19:02 - 2014-01-20 19:02 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Mark\Downloads\spybot-2.2.exe
2014-01-20 18:52 - 2014-01-20 18:41 - 00001493 _____ C:\Users\Mark\Desktop\Adobe Illustrator CS3.lnk
2014-01-20 18:51 - 2014-01-20 18:51 - 00001717 _____ C:\Users\Mark\Desktop\Photoshop.lnk
2014-01-20 18:46 - 2014-01-20 18:46 - 00000000 ____D C:\Users\Mark\AppData\Local\HP Quick Start
2014-01-20 18:45 - 2014-01-20 18:45 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-20 18:41 - 2014-01-20 18:41 - 00000000 ____D C:\ProgramData\ALM
2014-01-20 18:36 - 2014-01-20 18:36 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-20 18:35 - 2014-01-20 18:53 - 00000000 ____D C:\Users\Mark\AppData\Local\Adobe
2014-01-20 18:35 - 2014-01-20 18:35 - 00002048 _____ C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-01-20 18:32 - 2007-02-20 16:04 - 02463976 _____ C:\WINDOWS\SysWOW64\NPSWF32.dll
2014-01-20 18:32 - 2007-02-20 16:04 - 00190696 _____ (Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\NPSWF32_FlashUtil.exe
2014-01-20 18:30 - 2014-01-20 18:45 - 00000000 ____D C:\ProgramData\Adobe
2014-01-20 18:29 - 2014-01-20 18:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2014-01-20 18:26 - 2014-01-20 18:42 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-20 17:32 - 2014-01-20 17:40 - 00000000 ____D C:\Users\Mark\Desktop\Adobe Master CS3
2014-01-19 23:36 - 2014-01-24 22:22 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 23:36 - 2014-01-24 22:20 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-19 23:36 - 2014-01-23 23:46 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-19 23:36 - 2014-01-19 23:41 - 00003882 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 23:36 - 2014-01-19 23:41 - 00003646 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-19 23:36 - 2014-01-19 23:36 - 00000000 ____D C:\Users\Mark\AppData\Local\Deployment
2014-01-19 23:01 - 2014-01-19 23:01 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 23:01 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-01-19 22:20 - 2014-01-19 22:20 - 00680328 _____ (                                                            ) C:\Users\Mark\Downloads\ZipOpenerSetup.exe
2014-01-19 21:48 - 2014-01-19 21:48 - 00000988 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-19 21:48 - 2014-01-19 21:48 - 00000000 ____D C:\Users\Mark\AppData\Roaming\AVG2014
2014-01-19 21:46 - 2014-01-19 21:52 - 00000000 ____D C:\Users\Mark\AppData\Local\Avg2014
2014-01-19 21:46 - 2014-01-19 21:46 - 04436944 _____ (AVG Technologies) C:\Users\Mark\Downloads\avg_free_stb_all_2014_4259_cnet.exe
2014-01-19 21:23 - 2014-01-24 22:20 - 00023576 _____ C:\WINDOWS\PFRO.log
2014-01-19 21:23 - 2014-01-19 07:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-19 21:22 - 2014-01-24 22:24 - 00504949 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-19 21:18 - 2014-01-19 21:18 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-01-19 21:17 - 2014-01-19 21:39 - 00000000 ____D C:\Program Files\CCleaner
2014-01-19 21:17 - 2014-01-19 21:18 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-19 21:17 - 2014-01-19 21:17 - 04645232 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup409 (2).exe
2014-01-19 21:17 - 2014-01-19 21:17 - 04645232 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup409 (1).exe
2014-01-19 20:58 - 2014-01-19 21:39 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-19 20:58 - 2014-01-19 20:58 - 01037068 _____ (Thisisu) C:\Users\Mark\Downloads\JRT.exe
2014-01-19 20:53 - 2014-01-19 20:55 - 00000000 ____D C:\AdwCleaner
2014-01-19 20:52 - 2014-01-19 20:52 - 01236282 _____ C:\Users\Mark\Downloads\adwcleaner.exe
2014-01-19 20:07 - 2014-01-19 20:07 - 04645232 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup409.exe
2014-01-19 20:01 - 2014-01-19 21:39 - 00000000 ____D C:\Program Files (x86)\Spigot Removal Tool
2014-01-19 20:01 - 2013-11-05 14:38 - 01122304 _____ (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2014-01-19 20:01 - 2013-11-05 14:38 - 00274432 _____ (The OpenSSL Project, http://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2014-01-19 20:01 - 2012-12-10 11:04 - 00356352 _____ (eSellerate Inc.) C:\WINDOWS\eSellerateEngine.dll
2014-01-19 20:01 - 2012-12-10 11:04 - 00081920 _____ (eSellerate Inc.) C:\WINDOWS\eSellerateControl350.dll
2014-01-19 19:30 - 2012-10-24 19:44 - 00656048 _____ (WildTangent, Inc.) C:\ProgramData\uninstall1854360.exe
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 ____D C:\Users\Mark\AppData\Local\cache
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 ____D C:\Users\Mark\.android
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 _____ C:\Users\Mark\daemonprocess.txt
2014-01-19 18:59 - 2014-01-19 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-19 18:55 - 2014-01-19 20:50 - 00000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent
2014-01-19 14:19 - 2014-01-19 14:19 - 06881776 _____ C:\Users\Mark\Downloads\Helmet photos 1.zip
2014-01-19 14:19 - 2014-01-19 14:19 - 01312541 _____ C:\Users\Mark\Downloads\Helmet photos 2.zip
2014-01-18 12:58 - 2014-01-18 12:58 - 00894380 _____ C:\Users\Mark\Downloads\Skada-1.4-15.zip
2014-01-15 21:48 - 2013-12-09 00:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 21:48 - 2013-11-27 15:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 21:48 - 2013-11-27 11:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 21:48 - 2013-11-27 10:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 21:48 - 2013-11-27 09:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 21:48 - 2013-11-27 08:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 21:48 - 2013-11-27 08:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 21:48 - 2013-11-27 08:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 21:48 - 2013-11-27 08:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 21:48 - 2013-11-27 08:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 21:48 - 2013-11-27 08:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-10 18:27 - 2014-01-10 21:52 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Awesomium
2014-01-10 18:18 - 2014-01-10 18:18 - 00000000 ____D C:\Users\Mark\Documents\Elder Scrolls Online
2014-01-10 18:18 - 2014-01-10 18:18 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-07 19:13 - 2014-01-07 19:17 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2014-01-07 19:13 - 2014-01-07 19:13 - 00001422 _____ C:\Users\Mark\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-07 19:12 - 2014-01-07 19:12 - 55903624 _____ (                                                            ) C:\Users\Mark\Downloads\Install_ESO_Beta.exe
2014-01-05 13:53 - 2014-01-05 13:53 - 73572252 _____ C:\Users\Mark\Downloads\Species 0.6.0 (Alpha).zip
2014-01-05 13:53 - 2014-01-05 13:53 - 00000000 ____D C:\Users\Mark\Downloads\Species 0.6.0 (Alpha)
2014-01-05 13:52 - 2014-01-05 13:52 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2014-01-05 13:51 - 2014-01-05 13:51 - 07671808 _____ C:\Users\Mark\Downloads\xnafx31_redist.msi
 
==================== One Month Modified Files and Folders =======
 
2014-01-24 22:28 - 2014-01-24 22:28 - 00022592 _____ C:\Users\Mark\Desktop\FRST.txt
2014-01-24 22:27 - 2014-01-24 22:27 - 01958440 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2014-01-24 22:27 - 2014-01-24 22:27 - 00000000 ____D C:\FRST
2014-01-24 22:25 - 2013-11-25 18:27 - 00000000 ____D C:\ProgramData\MFAData
2014-01-24 22:25 - 2013-11-25 18:17 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-613740120-3202132578-1678166787-1002
2014-01-24 22:24 - 2014-01-19 21:22 - 00504949 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-24 22:24 - 2013-11-25 18:10 - 00003918 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F260F973-7A06-4468-BEE9-E9FBD28EF9F9}
2014-01-24 22:22 - 2014-01-19 23:36 - 00002210 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-24 22:20 - 2014-01-24 22:20 - 00094656 _____ (CACE Technologies) C:\WINDOWS\system32\WPRO_41_2001woem.tmp
2014-01-24 22:20 - 2014-01-19 23:36 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-24 22:20 - 2014-01-19 21:23 - 00023576 _____ C:\WINDOWS\PFRO.log
2014-01-24 22:20 - 2013-11-25 22:59 - 00000000 __RDO C:\Users\Mark\SkyDrive
2014-01-24 22:20 - 2013-11-10 22:48 - 00034752 _____ C:\WINDOWS\system32\Drivers\WPRO_41_2001.sys
2014-01-24 22:20 - 2013-08-22 14:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-23 23:58 - 2013-08-22 13:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2014-01-23 23:46 - 2014-01-19 23:36 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-23 23:00 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-23 22:34 - 2013-08-22 13:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-23 20:28 - 2013-11-27 20:28 - 00003156 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMark
2014-01-23 20:28 - 2013-11-27 20:28 - 00000344 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMark.job
2014-01-23 18:56 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-20 19:05 - 2014-01-20 19:03 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-20 19:03 - 2014-01-20 19:03 - 00001398 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-20 19:03 - 2014-01-20 19:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2014-01-20 19:03 - 2014-01-20 19:03 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-20 19:02 - 2014-01-20 19:02 - 40658208 _____ (Safer-Networking Ltd.                                       ) C:\Users\Mark\Downloads\spybot-2.2.exe
2014-01-20 18:53 - 2014-01-20 18:35 - 00000000 ____D C:\Users\Mark\AppData\Local\Adobe
2014-01-20 18:53 - 2013-11-25 18:10 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Adobe
2014-01-20 18:51 - 2014-01-20 18:51 - 00001717 _____ C:\Users\Mark\Desktop\Photoshop.lnk
2014-01-20 18:46 - 2014-01-20 18:46 - 00000000 ____D C:\Users\Mark\AppData\Local\HP Quick Start
2014-01-20 18:45 - 2014-01-20 18:45 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-20 18:45 - 2014-01-20 18:30 - 00000000 ____D C:\ProgramData\Adobe
2014-01-20 18:45 - 2013-11-25 18:08 - 00000000 ____D C:\Users\Mark\AppData\Local\VirtualStore
2014-01-20 18:44 - 2013-08-22 14:44 - 02272344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-20 18:42 - 2014-01-20 18:26 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-20 18:41 - 2014-01-20 18:52 - 00001493 _____ C:\Users\Mark\Desktop\Adobe Illustrator CS3.lnk
2014-01-20 18:41 - 2014-01-20 18:41 - 00000000 ____D C:\ProgramData\ALM
2014-01-20 18:36 - 2014-01-20 18:36 - 00000000 ____D C:\Program Files (x86)\QuickTime
2014-01-20 18:35 - 2014-01-20 18:35 - 00002048 _____ C:\Users\Public\Desktop\Adobe Acrobat 8 Professional.lnk
2014-01-20 18:29 - 2014-01-20 18:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2014-01-20 17:40 - 2014-01-20 17:32 - 00000000 ____D C:\Users\Mark\Desktop\Adobe Master CS3
2014-01-19 23:41 - 2014-01-19 23:36 - 00003882 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-01-19 23:41 - 2014-01-19 23:36 - 00003646 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-01-19 23:36 - 2014-01-19 23:36 - 00000000 ____D C:\Users\Mark\AppData\Local\Deployment
2014-01-19 23:36 - 2013-11-25 18:20 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-19 23:01 - 2014-01-19 23:01 - 00001128 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Malwarebytes
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-19 23:01 - 2014-01-19 23:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-19 22:21 - 2013-09-27 03:18 - 00000000 ___HD C:\HP
2014-01-19 22:20 - 2014-01-19 22:20 - 00680328 _____ (                                                            ) C:\Users\Mark\Downloads\ZipOpenerSetup.exe
2014-01-19 21:52 - 2014-01-19 21:46 - 00000000 ____D C:\Users\Mark\AppData\Local\Avg2014
2014-01-19 21:48 - 2014-01-19 21:48 - 00000988 _____ C:\Users\Public\Desktop\AVG 2014.lnk
2014-01-19 21:48 - 2014-01-19 21:48 - 00000000 ____D C:\Users\Mark\AppData\Roaming\AVG2014
2014-01-19 21:48 - 2013-11-25 18:48 - 00000000 ____D C:\ProgramData\AVG2014
2014-01-19 21:48 - 2012-07-26 08:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2014-01-19 21:47 - 2013-11-25 18:48 - 00000000 ___HD C:\$AVG
2014-01-19 21:46 - 2014-01-19 21:46 - 04436944 _____ (AVG Technologies) C:\Users\Mark\Downloads\avg_free_stb_all_2014_4259_cnet.exe
2014-01-19 21:39 - 2014-01-19 21:17 - 00000000 ____D C:\Program Files\CCleaner
2014-01-19 21:39 - 2014-01-19 20:58 - 00000000 ____D C:\WINDOWS\ERUNT
2014-01-19 21:39 - 2014-01-19 20:01 - 00000000 ____D C:\Program Files (x86)\Spigot Removal Tool
2014-01-19 21:39 - 2013-11-30 18:11 - 00000000 ____D C:\Program Files (x86)\World of Warcraft
2014-01-19 21:39 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-19 21:39 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2014-01-19 21:39 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\Macromed
2014-01-19 21:39 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\rescache
2014-01-19 21:39 - 2013-08-22 15:36 - 00000000 ____D C:\Program Files\Windows Defender
2014-01-19 21:39 - 2013-08-22 13:36 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2014-01-19 21:32 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\registration
2014-01-19 21:19 - 2013-12-09 17:27 - 00072704 ___SH C:\Users\Mark\Desktop\Thumbs.db
2014-01-19 21:18 - 2014-01-19 21:18 - 00002770 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-01-19 21:18 - 2014-01-19 21:17 - 00000841 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-19 21:17 - 2014-01-19 21:17 - 04645232 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup409 (2).exe
2014-01-19 21:17 - 2014-01-19 21:17 - 04645232 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup409 (1).exe
2014-01-19 20:58 - 2014-01-19 20:58 - 01037068 _____ (Thisisu) C:\Users\Mark\Downloads\JRT.exe
2014-01-19 20:55 - 2014-01-19 20:53 - 00000000 ____D C:\AdwCleaner
2014-01-19 20:52 - 2014-01-19 20:52 - 01236282 _____ C:\Users\Mark\Downloads\adwcleaner.exe
2014-01-19 20:50 - 2014-01-19 18:55 - 00000000 ____D C:\Users\Mark\AppData\Roaming\uTorrent
2014-01-19 20:44 - 2013-11-10 23:07 - 00000000 ____D C:\ProgramData\Norton
2014-01-19 20:10 - 2013-11-25 19:09 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-19 20:09 - 2013-11-28 19:12 - 00000000 ____D C:\WINDOWS\Minidump
2014-01-19 20:09 - 2013-11-25 22:16 - 00000000 ___DC C:\WINDOWS\Panther
2014-01-19 20:07 - 2014-01-19 20:07 - 04645232 _____ (Piriform Ltd) C:\Users\Mark\Downloads\ccsetup409.exe
2014-01-19 19:29 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 ____D C:\Users\Mark\AppData\Local\cache
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 ____D C:\Users\Mark\.android
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 _____ C:\Users\Mark\daemonprocess.txt
2014-01-19 19:00 - 2013-11-25 22:24 - 00000000 ____D C:\Users\Mark
2014-01-19 18:59 - 2014-01-19 18:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-19 14:19 - 2014-01-19 14:19 - 06881776 _____ C:\Users\Mark\Downloads\Helmet photos 1.zip
2014-01-19 14:19 - 2014-01-19 14:19 - 01312541 _____ C:\Users\Mark\Downloads\Helmet photos 2.zip
2014-01-19 07:38 - 2014-01-19 21:23 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-01-18 12:58 - 2014-01-18 12:58 - 00894380 _____ C:\Users\Mark\Downloads\Skada-1.4-15.zip
2014-01-17 19:22 - 2013-11-25 21:00 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-17 19:20 - 2013-11-25 21:00 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-10 21:52 - 2014-01-10 18:27 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Awesomium
2014-01-10 18:18 - 2014-01-10 18:18 - 00000000 ____D C:\Users\Mark\Documents\Elder Scrolls Online
2014-01-10 18:18 - 2014-01-10 18:18 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-09 18:31 - 2013-09-30 04:11 - 00958356 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-07 19:17 - 2014-01-07 19:13 - 00000000 ____D C:\Program Files (x86)\Zenimax Online
2014-01-07 19:13 - 2014-01-07 19:13 - 00001422 _____ C:\Users\Mark\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-07 19:12 - 2014-01-07 19:12 - 55903624 _____ (                                                            ) C:\Users\Mark\Downloads\Install_ESO_Beta.exe
2014-01-06 22:31 - 2013-08-22 15:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 22:31 - 2013-08-22 15:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-05 13:53 - 2014-01-05 13:53 - 73572252 _____ C:\Users\Mark\Downloads\Species 0.6.0 (Alpha).zip
2014-01-05 13:53 - 2014-01-05 13:53 - 00000000 ____D C:\Users\Mark\Downloads\Species 0.6.0 (Alpha)
2014-01-05 13:52 - 2014-01-05 13:52 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2014-01-05 13:51 - 2014-01-05 13:51 - 07671808 _____ C:\Users\Mark\Downloads\xnafx31_redist.msi
 
Files to move or delete:
====================
C:\ProgramData\uninstall1854360.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2013-11-25 22:13] - [2013-11-25 22:13] - 2328872 ____A (Microsoft Corporation) 63DC38C3E4564B2405D562855643ABA2
 
C:\Windows\SysWOW64\explorer.exe
[2013-11-25 22:13] - [2013-11-25 22:13] - 2065448 ____A (Microsoft Corporation) 1A0BC9598E4A58FC84570FFF5A108E58
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll
[2013-11-25 22:13] - [2013-11-25 22:13] - 1362944 ____A (Microsoft Corporation) C72456BFFE941714CF05B0AA0BEE5B45
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-22 21:05
 
==================== End Of Log ============================


ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-11-2013
Ran by Mark at 2014-01-24 22:28:59
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Add or Remove Adobe Creative Suite 3 Master Collection (x32 Version: 1.0)
Adobe Acrobat 8 Professional (x32 Version: 8.1.0)
Adobe After Effects CS3 (x32 Version: 8)
Adobe After Effects CS3 Presets (x32 Version: 8)
Adobe Anchor Service CS3 (x32 Version: 1.0)
Adobe Asset Services CS3 (x32 Version: 3)
Adobe Bridge CS3 (x32 Version: 2)
Adobe Bridge Start Meeting (x32 Version: 1.0)
Adobe BridgeTalk Plugin CS3 (x32 Version: 1.0)
Adobe Camera Raw 4.0 (x32 Version: 4.0)
Adobe CMaps (x32 Version: 1.0)
Adobe Color - Photoshop Specific (x32 Version: 1.0)
Adobe Color Common Settings (x32 Version: 1.0)
Adobe Color EU Recommended Settings (x32 Version: 1.0)
Adobe Color JA Extra Settings (x32 Version: 1.0)
Adobe Color NA Extra Settings (x32 Version: 1.0)
Adobe Contribute CS3 (x32 Version: 4.1)
Adobe Default Language CS3 (x32 Version: 1.0)
Adobe Device Central CS3 (x32 Version: 1.0)
Adobe Dreamweaver CS3 (x32 Version: 9)
Adobe Encore CS3 (x32 Version: 3)
Adobe Encore CS3 Codecs (x32 Version: 3)
Adobe ExtendScript Toolkit 2 (x32 Version: 2.0)
Adobe Extension Manager CS3 (x32 Version: 1.8)
Adobe Fireworks CS3 (x32 Version: 9.0)
Adobe Flash CS3 (x32 Version: 9.0)
Adobe Flash Player 9 ActiveX (x32 Version: 9.0.45.0)
Adobe Flash Player 9 Plugin (x32 Version: 9.0.45.0)
Adobe Flash Video Encoder (x32 Version: 2.0)
Adobe Fonts All (x32 Version: 1.0)
Adobe Help Viewer CS3 (x32 Version: 1)
Adobe Illustrator CS3 (x32 Version: 13.0)
Adobe InDesign CS3 (x32 Version: 5.0)
Adobe InDesign CS3 Icon Handler (x32 Version: 5.0)
Adobe Linguistics CS3 (x32 Version: 3.0.0)
Adobe MotionPicture Color Files (x32 Version: 1.0)
Adobe PDF Library Files (x32 Version: 8.0)
Adobe Photoshop CS3 (x32 Version: 10)
Adobe Premiere Pro CS3 (x32 Version: 3)
Adobe Premiere Pro CS3 Functional Content (x32 Version: 8)
Adobe Premiere Pro CS3 Third Party Content (x32 Version: 3)
Adobe Setup (x32 Version: 1.0)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.6.636)
Adobe SING CS3 (x32 Version: 0.1)
Adobe Soundbooth CS3 (x32 Version: 1)
Adobe Soundbooth CS3 Codecs (x32 Version: 3)
Adobe Stock Photos CS3 (x32 Version: 1.5)
Adobe Type Support (x32 Version: 1.0)
Adobe Update Manager CS3 (x32 Version: 5.1.0)
Adobe Version Cue CS3 Client (x32 Version: 3)
Adobe Version Cue CS3 Server (x32 Version: 3.0)
Adobe Video Profiles (x32 Version: 1.0)
Adobe WAS CS3 (x32 Version: 1.0)
Adobe WinSoft Linguistics Plugin (x32 Version: 1.0)
Adobe XMP DVA Panels CS3 (x32 Version: 1.0)
Adobe XMP Panels CS3 (x32 Version: 1.0)
AHV content for Acrobat and Flash (x32 Version: 1)
Aloha TriPeaks (x32 Version: 2.2.0.98)
AuthenTec TrueAPI 64-bit (Version: 1.6.0.87)
AVG 2014 (Version: 14.0.3681)
AVG 2014 (Version: 14.0.4259)
AVG 2014 (Version: 2014.0.4259)
Bejeweled 3 (x32 Version: 2.2.0.98)
Blood Bowl: Legendary Edition (x32)
Bonjour (Version: 3.0.0.10)
Build-a-lot (x32 Version: 2.2.0.98)
CCleaner (Version: 4.09)
Cradle of Rome 2 (x32 Version: 2.2.0.98)
Crazy Chicken Soccer (x32 Version: 2.2.0.110)
CyberLink LabelPrint (x32 Version: 2.5.3.5901)
CyberLink Media Suite 10 (x32 Version: 10.0.3.2608)
Cyberlink PhotoDirector (x32 Version: 3.0.1.3919)
CyberLink Power2Go 8 (x32 Version: 8.0.3.2527)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606)
CyberLink PowerDVD (x32 Version: 10.0.8.5004)
CyberLink YouCam (x32 Version: 3.5.6.6117)
D3DX10 (x32 Version: 15.4.2368.0902)
Deadlight (x32)
Energy Star (x32 Version: 1.0.9)
Farm Frenzy (x32 Version: 2.2.0.98)
Google Chrome (x32 Version: 32.0.1700.76)
Google Update Helper (x32 Version: 1.3.22.3)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP 3D DriveGuard (x32 Version: 6.0.9.1)
HP Connected Music (Meridian - installer) (x32 Version: 1.0)
HP Connected Music (Meridian - player) (HKCU Version: 1.1 (build 77) hp)
HP CoolSense (x32 Version: 2.10.51)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Documentation (x32 Version: 1.3.0.0)
HP Postscript Converter (Version: 4.0.4100)
HP Quick Start (x32 Version: 1.0.4660.30220)
HP Recovery Manager (x32 Version: 9.00)
HP Registration Service (Version: 1.2.6317.4309)
HP SimplePass (x32 Version: 6.0.100.272)
HP Support Assistant (x32 Version: 7.0.39.15)
HP System Event Utility (x32 Version: 1.0.4)
HP Utility Center (Version: 2.1.5)
HP Wireless Button Driver (x32 Version: 1.0.6.1)
IDT Audio (x32 Version: 1.0.6454.0)
Intel® Management Engine Components (x32 Version: 9.0.0.1310)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577)
Intel® Processor Graphics (x32 Version: 10.18.10.3316)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.6.1211.0294)
Intel® Rapid Storage Technology (Version: 12.0.7.1002)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463)
Intel® Smart Connect Technology 4.0 x64 (Version: 4.0.41.2072)
Intel® Update Manager (x32 Version: 1.6.0.56)
Intel® WiDi (Version: 4.1.17.0)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269)
Intel® Trusted Connect Service Client (Version: 1.27.757.1)
Jewel Match 3 (x32 Version: 2.2.0.98)
Jewel Quest II (x32 Version: 2.2.0.97)
Mahjongg Artifacts (x32 Version: 2.2.0.110)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.67.0)
Microsoft Office (x32 Version: 15.0.4454.1510)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727)
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0)
Movie Maker (x32 Version: 16.4.3505.0912)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Norton Internet Security (x32 Version: 20.4.0.40)
NVIDIA Control Panel 327.02 (Version: 327.02)
NVIDIA Graphics Driver 327.02 (Version: 327.02)
NVIDIA Install Application (Version: 2.1002.133.889)
NVIDIA Optimus 1.14.17 (Version: 1.14.17)
NVIDIA PhysX (x32 Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.14.17 (Version: 1.14.17)
NVIDIA Update Components (Version: 1.14.17)
Outlast (x32)
PDF Settings (x32 Version: 1.0)
Photo Common (x32 Version: 16.4.3505.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98)
Polar Bowler (x32 Version: 2.2.0.97)
Portal 2 (x32)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98)
Realtek Ethernet Controller Driver (x32 Version: 8.10.1226.2012)
Realtek PCIE Card Reader (x32 Version: 6.2.9200.21220)
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32)
Spybot - Search & Destroy (x32 Version: 2.2.25)
Steam (x32)
swMSM (x32 Version: 12.0.0.1)
Synaptics ClickPad Driver (Version: 16.5.3.3)
The Elder Scrolls Online Beta (x32 Version: 0.3.4)
The Elder Scrolls V: Skyrim (x32)
The Walking Dead (x32)
Trinklit Supreme (x32 Version: 2.2.0.98)
Update Installer for WildTangent Games App (x32)
Vacation Quest™ - Australia (x32 Version: 3.0.2.32)
Virtual Families (x32 Version: 2.2.0.98)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (x32 Version: 14.0.0.1)
Warhammer® 40,000™: Dawn of War® II (x32)
Wedding Dash (x32 Version: 2.2.0.95)
WildTangent Games (x32 Version: 1.0.4.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)
World of Warcraft (x32)
Youda Jewel Shop (x32 Version: 3.0.2.32)
Zuma's Revenge (x32 Version: 2.2.0.98)
 
==================== Restore Points  =========================
 
05-01-2014 13:52:21 Installed Microsoft XNA Framework Redistributable 3.1
07-01-2014 19:13:20 Installed DirectX
17-01-2014 19:19:34 Windows Update
19-01-2014 19:28:54 Removed Validity WBF DDK
19-01-2014 20:15:38 Restore Operation
 
==================== Hosts content: ==========================
 
2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {030DBA4F-C79D-4F20-8432-B9217EEA505F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0675F7A6-428E-41AF-8ACF-3D4EDE5D8C6B} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\symerr.exe [2013-06-04] (Symantec Corporation)
Task: {16049508-89C7-4911-9F04-F185C6AE073B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {18D9B3B1-4363-4D0F-8D25-9B43D692903C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {1E3DB014-E08D-46C1-9106-95F6E4C32523} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2014-01-17] (Microsoft Corporation)
Task: {1F51FC13-1660-4B66-93D3-02AE16B8D357} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {2B9451D1-13F8-46FA-B1DF-70E36B64CF6F} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4E6A17DF-3C22-461C-8F84-50D875343F9C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {53357935-7493-4424-852D-F9F69CCB963B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {5B6C25BA-4006-433F-A56C-F82EDFD114DC} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {5E0FA885-1C91-4A8F-BA0E-AA000BBD8AEA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wscstub.exe [2013-06-04] (Symantec Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73F0F505-26FC-4719-9F90-E6B395452391} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2013-01-17] (CyberLink)
Task: {7648C52A-8FC9-4F9E-B829-8A6E571B0991} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {7DE4D1DC-AE75-49D5-BB58-22F89CF2EA2E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-04-24] (Synaptics Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {883FE600-7E9F-4141-B2E3-1E28333E6FB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {8A4B9BA2-0C52-4947-BBB5-2A3AA7D915CB} - System32\Tasks\HPCeeScheduleForMark => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\System32\AppXDeploymentClient.dll [2013-11-08] (Microsoft Corporation)
Task: {98F9B787-C79E-49E6-9108-DCFC49F98625} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A1C9575E-6B07-4306-A029-26E96C6DD149} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C7F7E3FA-712E-49A8-944D-A33DBB5D7E91} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {CB8BC8B2-3D34-4408-93E6-938DEA3C7D3A} - \GoforFilesUpdate No Task File
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D740D970-C329-460B-8E7A-55138609E542} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {D9A45BE9-611A-4C53-A234-5296D44D10BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-19] (Google Inc.)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EA84EFD7-3793-41F0-83EA-5B5467FDAF96} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {EBA30B83-BCF1-416F-A0F4-1890EF315BB6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {FC78CD9C-41FE-4FAA-B7D8-98F36297636E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForMark.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-20 19:03 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-20 19:03 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-20 19:03 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-20 19:03 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-20 19:03 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-11-10 22:56 - 2012-06-08 03:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-01-19 23:36 - 2014-01-11 10:28 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-19 23:36 - 2014-01-11 10:28 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-19 23:36 - 2014-01-11 10:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-19 23:36 - 2014-01-11 10:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-19 23:36 - 2014-01-11 10:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2013-11-10 22:37 - 2013-02-16 00:17 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-11-26 18:33 - 2012-05-30 06:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\Users\Mark\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Mark\SkyDrive.old:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2014 11:20:45 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (01/21/2014 01:00:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HAL9000)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/21/2014 01:00:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HAL9000)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/21/2014 01:00:05 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: HAL9000)
Description: Activation of application microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/20/2014 06:35:28 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (01/20/2014 06:32:39 PM) (Source: MsiInstaller) (User: HAL9000)
Description: Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS\SysWOW64\Macromed\Flash\FlDbg9c.ocx failed to register.  HRESULT -2147220473.  Contact your support personnel.
 
Error: (01/20/2014 05:29:41 PM) (Source: Application Error) (User: )
Description: Faulting application name: BrcmSetSecurity.exe, version: 1.0.0.1, time stamp: 0x516df51d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process ID: 0xb2c
Faulting application start time: 0xBrcmSetSecurity.exe0
Faulting application path: BrcmSetSecurity.exe1
Faulting module path: BrcmSetSecurity.exe2
Report ID: BrcmSetSecurity.exe3
Faulting package full name: BrcmSetSecurity.exe4
Faulting package-relative application ID: BrcmSetSecurity.exe5
 
Error: (01/20/2014 00:03:42 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (01/19/2014 11:37:56 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (01/19/2014 09:42:41 PM) (Source: System Restore) (User: )
Description: An unspecified error occurred during System Restore: (Installed DirectX). Additional information: 0x80070005.
 
 
System errors:
=============
Error: (01/24/2014 10:23:55 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/23/2014 10:37:46 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/23/2014 06:39:40 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/22/2014 08:19:25 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/21/2014 06:47:38 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/21/2014 01:00:00 AM) (Source: DCOM) (User: HAL9000)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (01/21/2014 01:00:00 AM) (Source: DCOM) (User: HAL9000)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (01/21/2014 01:00:00 AM) (Source: DCOM) (User: HAL9000)
Description: Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mca
 
Error: (01/20/2014 10:41:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/20/2014 06:47:57 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2014 11:20:45 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (01/21/2014 01:00:05 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HAL9000)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (01/21/2014 01:00:05 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HAL9000)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (01/21/2014 01:00:05 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: HAL9000)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
Error: (01/20/2014 06:35:28 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (01/20/2014 06:32:39 PM) (Source: MsiInstaller)(User: HAL9000)
Description: Product: Adobe Flash Player 9 ActiveX -- Error 1904.Module C:\WINDOWS\SysWOW64\Macromed\Flash\FlDbg9c.ocx failed to register.  HRESULT -2147220473.  Contact your support personnel.(NULL)(NULL)(NULL)(NULL)(NULL)
 
Error: (01/20/2014 05:29:41 PM) (Source: Application Error)(User: )
Description: BrcmSetSecurity.exe1.0.0.1516df51dunknown0.0.0.000000000c00000050000000000000000b2c01cf16052e3de05eC:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exeunknown715f91ad-81f8-11e3-bef3-00c2c60f1779
 
Error: (01/20/2014 00:03:42 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (01/19/2014 11:37:56 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (01/19/2014 09:42:41 PM) (Source: System Restore)(User: )
Description: Installed DirectX0x80070005
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 21%
Total physical RAM: 12220.02 MB
Available physical RAM: 9652.66 MB
Total Pagefile: 14076.02 MB
Available Pagefile: 11109.69 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:906.59 GB) (Free:732.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:23.8 GB) (Free:2.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 1E1F4777)
 
Partition: GPT Partition Type
==================== End Of Log ============================




many thanks

Mark

 



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 25 January 2014 - 06:43 PM

Hello,
 
please run the following fix:
 
 
Please download this attached Attached File  fixlist.txt   367bytes   32 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to same location the tool was run from.
    Please copy and paste its contents in your next reply.

Are the symtoms now gone? Is there still anything bothersome (like startpages you don't like) or is everything all right?



#5 MarkSosbe

MarkSosbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 26 January 2014 - 05:48 AM

Hello there,

I've done as you asked, FIXLOG.TXT below:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-11-2013
Ran by Mark at 2014-01-26 10:45:41 Run:1
Running from C:\Users\Mark\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.search.yahoo.com/?type=599486&fr=spigot-yhp-ie
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 ____D C:\Users\Mark\AppData\Local\cache
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 ____D C:\Users\Mark\.android
2014-01-19 19:00 - 2014-01-19 19:00 - 00000000 _____ C:\Users\Mark\daemonprocess.txt
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
C:\Users\Mark\AppData\Local\cache => Moved successfully.
C:\Users\Mark\.android => Moved successfully.
C:\Users\Mark\daemonprocess.txt => Moved successfully.
 
==== End of Fixlog ====


the symptoms now appear gone! IE now loads correct startpage rather than bogus yahoo page.

Thank you so much for your help.

Mark


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 28 January 2014 - 01:22 PM

Hello,

 

that is good to hear. :)

You have two antivirus products installed on your computer (AVG 2014 and Norton Internet Security). It is highly recommended to run only one antivirus program because two or more might interfere with each other and slow down the machine. Choose one of those two and uninstall the other.

 

We can end with the following routine check:

 

 

Please download the ESET Online Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start esetsmartinstaller_enu.exe with administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log file is created at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    Copy and paste the content of this log file in your next reply.

Note: Do not forget to re-enable your antivirus application after running the above scan!

 



#7 MarkSosbe

MarkSosbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 30 January 2014 - 03:08 PM

hello again, sorry it took me so long to reply.

I've uninstalled Norton software.

please find blow the requested log, thanks:

=========
 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6ef9cc5affcbe340aec5972ed3f92086
# engine=16859
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-30 12:52:51
# local_time=2014-01-30 12:52:51 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 875590 13876873 0 0
# scanned=197122
# found=3
# cleaned=0
# scan_time=2381
sh=34917E02D65184226EE2CC202E3709B0EEAC5BB6 ft=1 fh=fbf6e5c583aa20cd vn="multiple threats" ac=I fn="C:\$Recycle.Bin\S-1-5-21-613740120-3202132578-1678166787-1002\$R76GY00.exe"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Local\genienext\nengine.dll.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Roaming\newnext.me\nengine.dll.vir"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=6ef9cc5affcbe340aec5972ed3f92086
# engine=16868
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-01-30 08:05:04
# local_time=2014-01-30 08:05:04 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=5893 16776574 100 94 948323 13946006 0 0
# scanned=326772
# found=8
# cleaned=0
# scan_time=6797
sh=34917E02D65184226EE2CC202E3709B0EEAC5BB6 ft=1 fh=fbf6e5c583aa20cd vn="multiple threats" ac=I fn="C:\$Recycle.Bin\S-1-5-21-613740120-3202132578-1678166787-1002\$R76GY00.exe"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Local\genienext\nengine.dll.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Mark\AppData\Roaming\newnext.me\nengine.dll.vir"
sh=B9D5735883B8CAF76E808D3565684F89991DB257 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.BR application" ac=I fn="C:\Users\Mark\Desktop\Adobe Master CS3\Crack\XF-AdobeMasterCS3-KG.rar"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Users\Mark\Downloads\ccsetup409 (1).exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Users\Mark\Downloads\ccsetup409 (2).exe"
sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D application" ac=I fn="C:\Users\Mark\Downloads\ccsetup409.exe"
sh=EDF5298D6522F5102F82232EAD0EC12EEF4773E4 ft=1 fh=c71c0011a69fb8e7 vn="a variant of Win32/InstallCore.IT application" ac=I fn="C:\Users\Mark\Downloads\ZipOpenerSetup.exe"


#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 01 February 2014 - 02:17 PM

Great. These are just some inactive remnants that ESET has found.


That's it! Your logs look clean to me at the moment.
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.

My help is free for everybody.
If you want to support me fighting against malware or offer me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!



Clean Up

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download DelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

 

 

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefor it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:


Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin




Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.



#9 MarkSosbe

MarkSosbe
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:35 AM

Posted 02 February 2014 - 01:11 PM

Many thanks for all your help, I have followed your last few bits of advice.

I have donated, so please do have a beer on me :)

Kind regards,

Mark



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 02 February 2014 - 03:28 PM

Thanks a lot for the beer, Mark. :)



#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:35 AM

Posted 02 February 2014 - 03:28 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users