Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ran Adware Cleaner & JRT Still Problems - Confused


  • This topic is locked This topic is locked
4 replies to this topic

#1 JDK1

JDK1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:48 AM

Posted 27 January 2014 - 06:34 PM

Windows 8, 64

I started getting popups in FF26, noticed my start page had changed, getting redirects, failure to connect to websites, slow system startup, and loss of WiFi.

Ran Adware Cleaner and it deleted 9 Reg Keys referencing "SearchScopes."

I didn't understand the log for FF. See attached log.

 

Attached File  AdwCleanerS0 - Personal Info Deleted for BC.txt   1.73KB   2 downloads

 

A Group Policy icon showed up on my desktop then went away.

 

Then ran JRT and it failed to delete more Reg Keys referencing "SearchScopes" and "caphyon", but successfully deleted some folders. See attached log.

 

Attached File  JRT - Personal Info Deleted for BC.txt   1.9KB   1 downloads

 

Why didn't JRT delete 5 Reg Keys called "SearchScopes and caphyon?"  I can't even find what those two names are on google besides other people's problems.  Do I have a virus?  What do I need to do, if anything?

 

Thank you,

JDK1


Edited by JDK1, 27 January 2014 - 07:27 PM.


BC AdBot (Login to Remove)

 


m

#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 29 January 2014 - 04:40 PM

Hello,

please run a FRST scan so we can analyze what is going on in your browser:


Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.


#3 JDK1

JDK1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:48 AM

Posted 30 January 2014 - 10:31 AM

FYI the day after I posted my problems, I tried to do a cleanup of my system.  Reset FF, Reset IE, Deleted Windows Temp Files, Ran HiJak This (but did not do anything it told me too).  I also found that the admin logs were gone and that the time on the computer was off by 20-30 minutes, but it was accurate time a week before. I fixed the time.  I hope I didn't delete anything that will help you tell me what is wrong.

Thanks in advance.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by XXX (administrator) on XXXX on 30-01-2014 10:01:07
Running from C:\Users\XXXXXX\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
( ) C:\Windows\System32\lxeccoms.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
() C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Farbar) C:\Users\XXXXXX\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [lxecmon.exe] - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [766632 2009-05-29] ()
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [139944 2009-05-29] ()
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-11-13] (IDT, Inc.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BtTray] - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe [371976 2012-09-19] (IVT Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-28] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Runonce: [Uninstall C:\Users\XXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\XXXXX\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
MountPoints2: {f726c429-795e-11e2-be75-a417312ba61a} - "F:\VZW_Software_upgrade_assistant_installer.exe"
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [88376 2013-07-24] (Zemana Ltd.)
AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [81160 2013-07-24] (Zemana Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {4DBE784C-8FDB-4379-8D7D-287749AFBFB2} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.13.1211.1\NativeBHO.dll (WhiteSky)
BHO-x32: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWow64\skype4com.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\3ro5d9q9.default-1390859805866
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin HKCU: hp.com/HPDetect - C:\Users\XXXXX\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-18]

==================== Services (Whitelisted) =================

U2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
U3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
U2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
U2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
U2 lxecCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [33960 2009-05-07] (Lexmark International, Inc.)
U2 lxec_device; C:\Windows\system32\lxeccoms.exe [1054888 2009-05-07] ( )
U2 lxec_device; C:\Windows\SysWOW64\lxeccoms.exe [602792 2009-05-07] ( )
U2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
U2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2014-01-09] (Zemana Ltd.)
U1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
U3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
U4 BthAvrcpTg;
U4 BthHFEnum;
U4 bthhfhid;
U3 BthL2caScoIfSrv; C:\Windows\System32\Drivers\BtL2caScoIf.sys [56904 2012-07-19] (Ralink Corporation)
U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
U3 btUrbFilterDrv; C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [48608 2012-10-02] (Ralink Corporation)
U1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
U1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-11] (Symantec Corporation)
U3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
U1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140129.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
U3 iscFlash; C:\swsetup\sp63746\iscflashx64.sys [75016 2013-11-13] (Insyde Software)
U3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.)
U3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140129.035\ENG64.SYS [126040 2013-12-11] (Symantec Corporation)
U3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140129.035\EX64.SYS [2099288 2013-12-11] (Symantec Corporation)
U3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
U3 rtbth; C:\Windows\System32\drivers\rtbth.sys [692832 2012-10-02] (Ralink Technology, Corp.)
U3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-15] (Synaptics Incorporated)
U1 SRTSP; C:\Windows\System32\Drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
U1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
U0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
U0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
U0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
U3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-18] (Symantec Corporation)
U1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
U1 SymNetS; C:\Windows\System32\Drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)
U3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-30 10:01 - 2014-01-30 10:01 - 00019387 _____ C:\Users\XXXXXX\Desktop\FRST.txt
2014-01-30 10:00 - 2014-01-30 10:01 - 00000000 ____D C:\FRST
2014-01-30 09:59 - 2014-01-30 09:59 - 02079744 _____ (Farbar) C:\Users\XXXXXXX\Desktop\FRST64(1).exe
2014-01-28 19:45 - 2014-01-28 19:45 - 00003554 _____ C:\Users\XXXXXXX\Desktop\FDLE.txt
2014-01-28 18:29 - 2014-01-28 18:29 - 00000000 ____D C:\Users\XXXXXXX\AppData\Roaming\JGoodies
2014-01-28 18:27 - 2014-01-28 18:27 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 18:27 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-28 18:27 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-28 18:27 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-28 18:27 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-28 18:25 - 2014-01-28 18:25 - 00921000 _____ (Oracle Corporation) C:\Users\XXXXX\Downloads\jxpiinstall.exe
2014-01-28 18:24 - 2014-01-28 18:24 - 00627040 _____ C:\Users\XXXXXXX\Downloads\jdiskreport-1_4_0-win(1).exe
2014-01-28 18:22 - 2014-01-28 18:22 - 00000000 ____D C:\Users\XXXXXXX\AppData\Roaming\WildTangent
2014-01-28 18:17 - 2014-01-28 18:28 - 00001848 _____ C:\Users\XXXXXXX\Desktop\JDiskReport.lnk
2014-01-28 18:17 - 2014-01-28 18:17 - 00627040 _____ C:\Users\XXXXXXX\Downloads\jdiskreport-1_4_0-win.exe
2014-01-28 18:17 - 2014-01-28 18:17 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
2014-01-28 18:17 - 2014-01-28 18:17 - 00000000 ____D C:\Program Files (x86)\JGoodies
2014-01-28 14:22 - 2014-01-28 14:22 - 00003596 _____ C:\Users\XXXXXX\Desktop\Ipconfig.txt
2014-01-28 11:12 - 2014-01-28 11:12 - 00000000 ____D C:\Users\XXXXXX\Downloads\Autoruns
2014-01-28 10:58 - 2014-01-28 11:02 - 00003795 _____ C:\Windows\system32\ipconfig.txt
2014-01-28 09:04 - 2014-01-28 09:04 - 00000846 _____ C:\Users\XXXXX\Desktop\JRT.txt
2014-01-27 17:26 - 2014-01-27 17:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 17:24 - 2014-01-27 17:25 - 01037068 _____ (Thisisu) C:\Users\XXXXXX\Desktop\JRT.exe
2014-01-27 17:15 - 2014-01-27 17:15 - 00023928 _____ C:\Users\XXXXXX\Documents\bookmarks-2014-01-27.json
2014-01-27 12:29 - 2014-01-28 13:55 - 00000000 ____D C:\Users\XXXXXXXX\Desktop\Virus Stuff
2014-01-27 12:24 - 2014-01-27 17:06 - 00000000 ____D C:\AdwCleaner
2014-01-26 13:39 - 2014-01-26 13:47 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\NPE
2014-01-26 09:18 - 2014-01-26 09:18 - 00000000 ____D C:\Users\XXXXXX\Downloads\mboxview-1.0.0.7-bin
2014-01-25 10:07 - 2014-01-25 13:19 - 00000000 ____D C:\Users\XXXXXX\Desktop\Nana's BD
2014-01-25 09:44 - 2014-01-27 17:03 - 00084480 ___SH C:\Users\XXXXX\Documents\Thumbs.db
2014-01-16 17:07 - 2014-01-16 17:07 - 00000437 _____ C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD RW Drive (E) Feb 21 2010.lnk
2014-01-16 12:53 - 2014-01-16 12:53 - 00000000 ____D C:\Users\XXXXXXXX\Desktop\Pictures from CD
2014-01-15 11:05 - 2013-12-07 01:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-01-15 11:05 - 2013-12-07 01:37 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:05 - 2013-12-07 00:15 - 00562688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-01-15 11:05 - 2013-12-07 00:15 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 11:05 - 2013-10-31 00:56 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2014-01-15 11:05 - 2013-10-31 00:56 - 00758784 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll
2014-01-15 11:05 - 2013-10-30 23:01 - 00550400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2014-01-15 11:05 - 2013-10-30 22:42 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys
2014-01-15 11:05 - 2013-10-28 00:50 - 00588288 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-01-15 11:05 - 2013-10-27 23:05 - 00452608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-01-15 11:05 - 2013-10-13 15:49 - 00100696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2014-01-15 11:05 - 2013-08-27 00:21 - 00227840 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-01-15 11:05 - 2013-08-27 00:19 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-01-15 11:05 - 2013-08-26 17:29 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-01-15 11:05 - 2013-08-26 17:28 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-01-14 11:29 - 2014-01-14 12:53 - 00000000 ____D C:\Users\XXXXXXX\Documents\Credit
2014-01-13 13:15 - 2014-01-13 13:15 - 04427776 _____ C:\Users\XXXXXXX\Downloads\HPSupportSolutionsFramework.msi
2014-01-10 12:40 - 2014-01-26 11:39 - 00000000 ____D C:\Users\XXXXXXX\Documents\Phone Contacts Backups
2014-01-09 16:21 - 2014-01-09 16:21 - 00325488 _____ C:\Windows\system32\FNTCACHE.DAT

==================== One Month Modified Files and Folders =======

2014-01-30 10:01 - 2014-01-30 10:01 - 00019387 _____ C:\Users\XXXXXXX\Desktop\FRST.txt
2014-01-30 10:01 - 2014-01-30 10:00 - 00000000 ____D C:\FRST
2014-01-30 10:00 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\sru
2014-01-30 09:59 - 2014-01-30 09:59 - 02079744 _____ (Farbar) C:\Users\XXXXXX\Desktop\FRST64(1).exe
2014-01-30 09:56 - 2013-12-08 08:55 - 00000000 ____D C:\Users\XXXXXX\Documents\Medical
2014-01-30 09:56 - 2013-02-19 20:16 - 00000000 ____D C:\Users\XXXXXX\Documents\Employment
2014-01-30 09:36 - 2013-12-20 21:53 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForXXXXX
2014-01-30 09:36 - 2013-12-20 21:53 - 00000358 _____ C:\Windows\Tasks\HPCeeScheduleForXXXXX.job
2014-01-30 09:36 - 2013-02-18 01:59 - 00000000 ____D C:\Users\XXXXX
2014-01-30 09:03 - 2013-02-17 19:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 08:26 - 2013-02-18 01:59 - 01335474 _____ C:\Windows\WindowsUpdate.log
2014-01-30 07:39 - 2013-02-18 02:03 - 00003926 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{B95873B6-5A01-4F13-B895-6897A79F9998}
2014-01-30 07:37 - 2013-02-18 02:52 - 00000000 ____D C:\Users\XXXXXXXX\AppData\Roaming\ID Vault
2014-01-30 07:36 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\AUInstallAgent
2014-01-29 11:01 - 2012-07-26 02:28 - 00941050 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 10:57 - 2012-07-26 02:21 - 00183505 _____ C:\Windows\setupact.log
2014-01-29 06:41 - 2013-02-18 02:00 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\Packages
2014-01-28 19:47 - 2013-02-18 02:11 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-841995595-4222516757-306469403-1001
2014-01-28 19:45 - 2014-01-28 19:45 - 00003554 _____ C:\Users\XXXXXXXX\Desktop\FDLE.txt
2014-01-28 19:23 - 2013-09-05 09:52 - 00002823 _____ C:\ProgramData\lxecscan.log
2014-01-28 19:22 - 2012-09-26 09:53 - 00000950 _____ C:\Windows\SysWOW64\bscs.ini
2014-01-28 19:22 - 2012-08-03 17:23 - 00228742 _____ C:\Windows\PFRO.log
2014-01-28 19:22 - 2012-07-26 02:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-28 19:21 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\BBI
2014-01-28 18:41 - 2013-03-14 19:08 - 00000000 ____D C:\Users\XXXXX\AppData\Local\CrashDumps
2014-01-28 18:29 - 2014-01-28 18:29 - 00000000 ____D C:\Users\XXXXX\AppData\Roaming\JGoodies
2014-01-28 18:28 - 2014-01-28 18:17 - 00001848 _____ C:\Users\XXXXXXX\Desktop\JDiskReport.lnk
2014-01-28 18:27 - 2014-01-28 18:27 - 00005175 _____ C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-28 18:27 - 2013-12-11 11:04 - 00000000 ____D C:\ProgramData\Oracle
2014-01-28 18:27 - 2013-06-23 12:40 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-28 18:25 - 2014-01-28 18:25 - 00921000 _____ (Oracle Corporation) C:\Users\XXXXXX\Downloads\jxpiinstall.exe
2014-01-28 18:24 - 2014-01-28 18:24 - 00627040 _____ C:\Users\XXXXXX\Downloads\jdiskreport-1_4_0-win(1).exe
2014-01-28 18:22 - 2014-01-28 18:22 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\WildTangent
2014-01-28 18:22 - 2012-09-01 13:27 - 00000000 ____D C:\ProgramData\WildTangent
2014-01-28 18:19 - 2013-02-19 20:11 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2014-01-28 18:19 - 2013-02-19 20:11 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-28 18:17 - 2014-01-28 18:17 - 00627040 _____ C:\Users\jXXXXXX\Downloads\jdiskreport-1_4_0-win.exe
2014-01-28 18:17 - 2014-01-28 18:17 - 00000000 ____D C:\Users\XXXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDiskReport 1.4.0
2014-01-28 18:17 - 2014-01-28 18:17 - 00000000 ____D C:\Program Files (x86)\JGoodies
2014-01-28 14:22 - 2014-01-28 14:22 - 00003596 _____ C:\Users\XXXXXXX\Desktop\Ipconfig.txt
2014-01-28 13:55 - 2014-01-27 12:29 - 00000000 ____D C:\Users\XXXXXX\Desktop\Virus Stuff
2014-01-28 11:12 - 2014-01-28 11:12 - 00000000 ____D C:\Users\jXXXXXX\Downloads\Autoruns
2014-01-28 11:02 - 2014-01-28 10:58 - 00003795 _____ C:\Windows\system32\ipconfig.txt
2014-01-28 10:47 - 2013-02-17 18:57 - 00104448 ___SH C:\Users\XXXXXX\Desktop\Thumbs.db
2014-01-28 09:36 - 2013-02-18 02:52 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2014-01-28 09:04 - 2014-01-28 09:04 - 00000846 _____ C:\Users\XXXXXXX\Desktop\JRT.txt
2014-01-27 17:26 - 2014-01-27 17:26 - 00000000 ____D C:\Windows\ERUNT
2014-01-27 17:25 - 2014-01-27 17:24 - 01037068 _____ (Thisisu) C:\Users\XXXXX\Desktop\JRT.exe
2014-01-27 17:15 - 2014-01-27 17:15 - 00023928 _____ C:\Users\XXXXXX\Documents\bookmarks-2014-01-27.json
2014-01-27 17:06 - 2014-01-27 12:24 - 00000000 ____D C:\AdwCleaner
2014-01-27 17:03 - 2014-01-25 09:44 - 00084480 ___SH C:\Users\XXXXXX\Documents\Thumbs.db
2014-01-27 11:01 - 2013-03-29 13:50 - 01555968 ___SH C:\Users\jXXXXX\Downloads\Thumbs.db
2014-01-26 13:47 - 2014-01-26 13:39 - 00000000 ____D C:\Users\XXXXXX\AppData\Local\NPE
2014-01-26 13:39 - 2012-11-12 19:10 - 00000000 ____D C:\ProgramData\Norton
2014-01-26 13:29 - 2012-07-26 00:26 - 00262144 ___SH C:\Windows\system32\config\ELAM
2014-01-26 12:30 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\system32\NDF
2014-01-26 11:39 - 2014-01-10 12:40 - 00000000 ____D C:\Users\XXXXXX\Documents\Phone Contacts Backups
2014-01-26 09:18 - 2014-01-26 09:18 - 00000000 ____D C:\Users\XXXXXXX\Downloads\mboxview-1.0.0.7-bin
2014-01-25 13:19 - 2014-01-25 10:07 - 00000000 ____D C:\Users\XXXXXXX\Desktop\Nana's BD
2014-01-19 15:15 - 2013-02-17 19:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-19 15:02 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\rescache
2014-01-19 15:01 - 2013-12-04 12:15 - 00000000 ____D C:\Users\XXXXXXX\AppData\Local\Adobe
2014-01-19 15:01 - 2013-02-17 19:21 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-01-16 17:07 - 2014-01-16 17:07 - 00000437 _____ C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DVD RW Drive (E) Feb 21 2010.lnk
2014-01-16 12:53 - 2014-01-16 12:53 - 00000000 ____D C:\Users\XXXXXX\Desktop\Pictures from CD
2014-01-15 11:31 - 2013-09-04 05:13 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 11:26 - 2013-02-22 02:15 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 11:24 - 2012-07-26 03:12 - 00000000 ____D C:\Windows\WinStore
2014-01-14 12:53 - 2014-01-14 11:29 - 00000000 ____D C:\Users\XXXXXXX\Documents\Credit
2014-01-13 13:15 - 2014-01-13 13:15 - 04427776 _____ C:\Users\XXXXXXX\Downloads\HPSupportSolutionsFramework.msi
2014-01-09 21:22 - 2013-02-17 18:53 - 00000000 ____D C:\Users\XXXXXXX\AppData\Local\ID Vault
2014-01-09 21:21 - 2013-02-18 02:52 - 00049240 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2014-01-09 21:21 - 2013-02-18 02:52 - 00002189 _____ C:\Users\Public\Desktop\Constant Guard.lnk
2014-01-09 21:21 - 2013-02-18 02:52 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2014-01-09 16:21 - 2014-01-09 16:21 - 00325488 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-09 16:20 - 2013-09-05 09:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-09 03:02 - 2013-03-08 19:54 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 03:02 - 2013-03-08 19:54 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-02 12:28 - 2013-11-27 08:02 - 00010025 _____ C:\Users\XXXXXXX\Documents\ExpensePlan2013.xlsx
2014-01-02 12:16 - 2013-11-25 11:14 - 00000000 ____D C:\Users\XXXXXXX\AppData\Roaming\HpUpdate
2014-01-01 08:40 - 2013-09-05 09:54 - 00002105 _____ C:\ProgramData\lxec.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-27 06:29

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by XXXXXX at 2014-01-30 10:01:36
Running from C:\Users\XXXXXX\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Security Suite (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security Suite (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
AntiLogger SDK version 1.6.6.296 (x32 Version: 1.6.6.296 - Zemana Ltd.)
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Belarc Advisor 8.3 (x32 Version: 8.3.2.0 - Belarc Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
CCleaner (Version: 3.28 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Constant Guard Protection Suite (x32 Version: 1.13.1211.1 - Comcast)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crystal Reports v11 Runtime (x32 Version: 4.0.0002 - TriGeo Network Security, Inc.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.4.6515 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.2.3317 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.3.2606 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (Version: 1.0.8 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE: The Cursed King (x32 Version: 2.2.0.97 - WildTangent) Hidden
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
FlatOut 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP 3D DriveGuard (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (x32 Version: v1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU Version: 1.1 (build 37) hp - Meridian Audio Ltd)
HP CoolSense (x32 Version: 2.10.62 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Deskjet 3050 J610 series Basic Device Software (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (x32 Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Games (x32 Version: 1.0.3.0 - WildTangent)
HP MyRoom (x32 Version: 9.0.0.0 - Hewlett-Packard Company)
HP Photo Creations (x32 Version: 1.0.0.7702 - HP)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (x32 Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.32.44 - Hewlett-Packard Company)
HP Support Solutions Framework (x32 Version: 11.50.0000 - Hewlett-Packard Company)
HP Update (x32 Version: 5.005.000.002 - Hewlett-Packard)
HP Utility Center (x32 Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (x32 Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (x32 Version: 1.0.0.0 - HP)
IDT Audio (x32 Version: 1.0.6425.0 - IDT)
Intel® Management Engine Components (x32 Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (x32 Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDiskReport 1.4.0 (x32 Version: 1.4.0 (2012-01-20 11:38:43) - JGoodies Karsten Lentzsch)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Lexmark Printable Web (x32 Version: 1.0.0.0 - )
Lexmark Pro800-Pro900 Series (Version:  - Lexmark International, Inc.)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2013 - en-us (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mortimer Beckett and the Crimson Thief Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
NirSoft WirelessNetView (x32 Version:  - )
Norton Security Suite (x32 Version: 21.1.0.18 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Ralink Bluetooth Stack64 (Version: 9.0.725.0 - Ralink Corporation)
Ralink RT3290 802.11bgn Wi-Fi Adapter (x32 Version: 5.0.2.0 - Ralink)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.5.3.3 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 2.2.0.98 - WildTangent) Hidden
WildTangent Games (x32 Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================

13-01-2014 18:16:00 Installed HP Support Solutions Framework
21-01-2014 18:34:46 Windows Update
28-01-2014 17:12:01 Installed HiJackThis

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0EDCCB32-C1E1-43B3-B78D-7A70636FD781} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2371F6F7-F8D5-466A-B946-CB581F817B77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3A0D576F-3968-4EE8-9EE3-B1B68DAF870D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {3E15D184-6565-4940-8F5A-6ED32B39EEAB} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-05-15] (Synaptics Incorporated)
Task: {3EB70EDD-EF8E-4DC7-AE51-A7F42ADA2968} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {43406B98-2083-4FBB-8151-6F8CBDE95456} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {448CD84B-DA82-41F4-BFF6-0FE2521EA462} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4B288986-D9EC-45AD-9E24-81C9364E26D5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-19] (Adobe Systems Incorporated)
Task: {4D3EAFC8-1AA2-4F94-94D7-7B34F5207E8E} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {59B249DC-AFEC-4F08-95BC-65A3FF4A8CAA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {5F11E9A2-4EAF-4A9A-A5FE-AF164212A781} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {8F8B5F6B-98B6-4C74-AF8B-B49D1CDD685D} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {A6DD09FD-7B46-4F4F-B4C6-CA56BC74A20B} - System32\Tasks\HPCeeScheduleForXXXXXX => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {AA92F3A0-1D08-4061-B041-BE06EB3D2D4B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {BC8A056C-01C8-4B56-9112-CC5429928E05} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CC75BE1C-7C66-4AE8-9A06-1990D4B7BC9F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {D5EDD098-FE7A-413A-ABCF-5931C4B7F36B} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-06-07] (Hewlett-Packard Development Company, L.P.)
Task: {E33F2E98-EA14-41D3-BA1C-2F394A831CB7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E9079CDD-E119-4C9A-819A-31C855D4C91B} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F78ED7CE-F379-4CB8-A5C3-261E015678B9} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {FAE44598-587B-4A93-B12F-B8C4AE2913A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForXXXXXX.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2014-01-17 08:08 - 2014-01-17 08:08 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\system32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\system32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\system32\BlueSoleilCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\Windows\system32\BsExtendFunc.dll
2012-08-08 00:17 - 2012-08-08 00:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00029960 _____ () C:\Windows\SYSTEM32\BsTrace.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00017160 _____ () C:\Windows\SYSTEM32\BsHelpCSps.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00062216 _____ () C:\Windows\SYSTEM32\BlueSoleilCSps.dll
2013-09-05 09:49 - 2009-04-29 09:28 - 00389120 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecscw.dll
2013-09-05 09:49 - 2009-03-25 10:10 - 00192512 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecdatr.dll
2013-09-05 09:49 - 2009-04-29 09:29 - 01159168 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecDRS.dll
2013-09-05 09:49 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxeccaps.dll
2013-09-05 09:47 - 2009-02-20 03:48 - 00381440 _____ () C:\Windows\SYSTEM32\lxecsm.dll
2013-09-05 09:48 - 2009-02-20 03:48 - 00023552 _____ () C:\Windows\system32\lxecsmr.dll
2013-09-05 09:49 - 2009-03-30 07:37 - 00708608 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epwizard.DLL
2013-09-05 09:49 - 2009-03-30 07:35 - 00159744 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\customui.dll
2013-09-05 09:49 - 2009-03-30 07:35 - 00118784 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Eputil.DLL
2013-09-05 09:49 - 2009-03-30 07:35 - 00061440 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Epfunct.DLL
2013-09-05 09:49 - 2009-03-30 07:35 - 00139264 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\Imagutil.DLL
2013-09-05 09:49 - 2009-03-30 07:37 - 02203648 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPWizRes.dll
2013-09-05 09:49 - 2009-03-30 07:37 - 00045056 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\epstring.dll
2013-09-05 09:49 - 2009-03-30 07:37 - 00094208 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\EPOEMDll.dll
2013-09-05 09:49 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\iptk.dll
2013-09-05 09:49 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecptp.dll
2014-01-25 14:21 - 2014-01-25 14:21 - 02856960 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\6cbd6ec6ef8013d08e3f069ee02f1d50\Windows.UI.Xaml.ni.dll
2012-09-19 18:37 - 2012-09-19 18:37 - 00363784 _____ () C:\Windows\SYSTEM32\BsExtendFunc.dll
2013-12-11 14:57 - 2013-12-11 14:57 - 00549272 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2012-09-19 18:37 - 2012-09-19 18:37 - 00079624 _____ () C:\Windows\SYSTEM32\BsProfilefunc.dll
2012-11-12 18:35 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows:{4B9A1497-0817-47C4-9612-D6A1C53ACF57}

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

The requested service has already been started.

More help is available by typing NET HELPMSG 2182.


==================== Memory info ===========================

Percentage of memory in use: 31%
Total physical RAM: 6036.27 MB
Available physical RAM: 4110.46 MB
Total Pagefile: 6996.27 MB
Available Pagefile: 5015.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:672.22 GB) (Free:551.14 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:25.65 GB) (Free:3.05 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 4C7F4374)

Partition: GPT Partition Type
==================== End Of Log ============================



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 31 January 2014 - 06:14 PM

Hi,

I tried to do a cleanup of my system.  Reset FF, Reset IE, Deleted Windows Temp Files,

Which of your initial problems are still existent now after your cleanup?

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:48 AM

Posted 04 March 2014 - 11:26 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users