WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Vosteran Search infecting new PC [Solved]

Started by Marple , Dec 04 2014 12:18 PM

Vosteran Search

This topic is locked

21 replies to this topic

#16 Marple

New Member

Authentic Member
12 posts

Posted 09 December 2014 - 04:54 PM

No symptoms, but I'm not using this new computer for very much yet until I trust it.

New fixlog:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-12-2014 01
Ran by Margo at 2014-12-09 14:47:38 Run:2
Running from C:\Users\Margo\Desktop
Loaded Profiles: UpdatusUser & Margo (Available profiles: UpdatusUser & Margo)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1185181719-2152986513-939100032-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
C:\Users\Margo\AppData\Local\Temp\Quarantine.exe
C:\Users\Margo\AppData\Local\Temp\sqlite3.dll
EmptyTemp:
End
*****************

Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1185181719-2152986513-939100032-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\Users\Margo\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Margo\AppData\Local\Temp\sqlite3.dll => Moved successfully.
EmptyTemp: => Removed 114.1 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

Advertisements

Register to Remove

#17 OCD

SuperHelper

Malware Team
5,574 posts

Posted 09 December 2014 - 07:00 PM

Hi Marple,

No symptoms, but I'm not using this new computer for very much yet until I trust it.

Well, your logs are looking good. I think we are just abount finished. Please run this one last scan, if all is well we will clean up the tools we used and get you on your way.

Re-run Farbar Recovery Scan Tool it should be on your desktop.

- Windows XP : Double click on the icon to run it.
- Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#18 Marple

New Member

Authentic Member
12 posts

Posted 09 December 2014 - 08:24 PM

Thanks OCD! Output of FRST run:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-12-2014 01
Ran by Margo (administrator) on MARGO-PC on 09-12-2014 18:22:57
Running from C:\Users\Margo\Desktop
Loaded Profiles: UpdatusUser & Margo (Available profiles: UpdatusUser & Margo)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Softex Inc.) C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Lenovo\Fingerprint Manager Pro\opvapp.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Nitro PDF Software) C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
() C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlk.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\QuickControl\QuickControl.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
(Nok Nok Labs, Inc.) C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(SunplusIT, Inc.) C:\Program Files (x86)\Integrated Camera\Monitor.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicator.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Lenovo Corporation) C:\Program Files\Lenovo\QuickDisplay\QuickDisplayAgent.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Lenovo) C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_239_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184632 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Enhanced Performance Keyboard] => C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe [335360 2012-08-08] (LITE-ON TECHNOLOGY CORP.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-04-06] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [295768 2014-05-29] (Lenovo Group Limited)
HKLM\...\Run: [MFACApp] => C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\mfac.exe [5449544 2014-10-16] (Nok Nok Labs, Inc.)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-02] (Intel Corporation)
HKLM-x32\...\Run: [PWMTRV] => rundll32 "C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL",PwrMgrBkGndMonitor
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-08-14] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4315872 2011-06-01] (Lenovo, Inc.)
HKLM-x32\...\Run: [Integrated Camera_Monitor] => C:\Program Files (x86)\Integrated Camera\monitor.exe [1719968 2014-02-19] (SunplusIT, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1185181719-2152986513-939100032-1001\...\Run: [HP Photosmart 6520 series (NET)] => C:\Program Files\HP\HP Photosmart 6520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1185181719-2152986513-939100032-1001\...\MountPoints2: {50db97c8-4703-11e4-81e3-806e6f6e6963} - Q:\LenovoQDrive.exe
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [245872 2013-10-28] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [201576 2013-10-28] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1185181719-2152986513-939100032-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13-comm.msn.com/?pc=LNJB
HKU\S-1-5-21-1185181719-2152986513-939100032-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKU\S-1-5-21-1185181719-2152986513-939100032-1001 -> {33585E3E-55F2-41EB-90E3-104FADBC5CE4} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 184.16.33.54

FireFox:
========
FF ProfilePath: C:\Users\Margo\AppData\Roaming\Mozilla\Firefox\Profiles\PDVyxk.default
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 9\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=3 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
FF Plugin-x32: @update.noknok.com/Nok Nok Labs MFACUpdater;version=9 -> C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\1.3.27.0\npGoogleUpdate3.dll (Nok Nok Labs Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon
FF Extension: MFAC Extension - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon [2014-12-05]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\IPSFF [2014-11-28]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.3.0.12\coFFPlgn [2014-12-09]
FF HKLM-x32\...\Firefox\Extensions: [FIDOaddon@noknok.com] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\firefox\x86\FIDOaddon

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-04]
CHR Extension: (Google Docs) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-04]
CHR Extension: (Google Drive) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-04]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-04]
CHR Extension: (YouTube) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-04]
CHR Extension: (Google Search) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-04]
CHR Extension: (Blur (Formerly DoNotTrackMe)) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd [2014-12-04]
CHR Extension: (Google Sheets) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-04]
CHR Extension: (MFAC) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbgbpjganndfjjmlamggkkkjafblbahl [2014-12-04]
CHR Extension: (Google Wallet) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-04]
CHR Extension: (Gmail) - C:\Users\Margo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-04]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mbgbpjganndfjjmlamggkkkjafblbahl] - C:\Program Files\Nok Nok Labs\Multifactor Authentication Client\bin\Chrome\x86\FidoExtension.crx [2014-10-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9954096 2014-03-31] (DisplayLink Corp.)
S3 DozeSvc; C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [320560 2014-06-23] (Lenovo.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-02] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 LENOVO.TVTVCAM; C:\Program Files\Lenovo\Communications Utility\vcamsvc.exe [197464 2014-05-29] (Lenovo Group Limited)
R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [136288 2012-08-10] (Lenovo Group Limited)
R2 lnvDiscoveryWinSvc; C:\Program Files\Lenovo\Lenovo Peer Connect\LenovoDiscoverySvc.exe [21552 2014-02-21] (Lenovo)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 NitroDriverReadSpool9; C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe [230920 2014-05-15] (Nitro PDF Software)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe [417800 2014-05-15] ()
S2 omaha; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2014-12-05] (Nok Nok Labs Inc.)
S3 omaham; C:\Program Files (x86)\Nok Nok Labs\MFACUpdater\MFACUpdate.exe [148224 2014-12-05] (Nok Nok Labs Inc.)
R2 omniserv; C:\Program Files\Lenovo\Fingerprint Manager Pro\OmniServ.exe [94720 2014-09-25] (Softex Inc.) [File not signed]
S2 QuickControlMasterSvc; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlMasterSvc.exe [61936 2014-06-11] (Lenovo Group Limited)
R3 QuickControlService; C:\Program Files (x86)\Lenovo\QuickControl\QuickControlService.exe [316400 2014-06-11] (Lenovo Group Limited)
S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24560 2014-06-18] ()
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [49040 2014-09-01] (Synaptics Incorporated)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20141203.001\BHDrvx64.sys [1587416 2014-11-18] (Symantec Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1419576 2013-12-10] (Motorola Solutions, Inc.)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-03-04] (Intel Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-11-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-11-28] (Symantec Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-14] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [169680 2014-04-02] (Intel Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20141208.001\IDSvia64.sys [637656 2014-11-28] (Symantec Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-09] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100824 2013-12-02] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141209.004\ENG64.SYS [129752 2014-11-28] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.3.0.12\Definitions\VirusDefs\20141209.004\EX64.SYS [2137304 2014-11-28] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R1 OMNISMI; C:\Windows\SysWOW64\drivers\omnismi.sys [14776 2014-03-30] ()
R3 RTSPER; C:\Windows\System32\DRIVERS\RtsPer.sys [423128 2013-07-23] (Realsil Semiconductor Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-06] (Synaptics Incorporated)
R3 SPUVCbv; C:\Windows\System32\Drivers\SPUVCbv_x64.sys [1521312 2014-03-17] (Sunplus)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-10-29] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-09-28] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 18:23 - 2014-12-09 18:23 - 00000000 _____ () C:\Users\Margo\AppData\Local\{9BC7931A-F81E-461B-B5F0-F4A815EAE770}
2014-12-09 09:03 - 2014-12-09 09:03 - 00002322 _____ () C:\Users\Margo\Desktop\AdwCleaner[S1].txt
2014-12-09 08:58 - 2014-12-09 08:58 - 02166272 _____ () C:\Users\Margo\Desktop\adwcleaner_4.105.exe
2014-12-08 14:08 - 2014-12-09 15:05 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-08 14:08 - 2014-12-09 09:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-08 14:08 - 2014-12-08 14:08 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 14:08 - 2014-12-08 14:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 14:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-08 14:08 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-08 14:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-08 14:07 - 2014-12-08 14:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Margo\Desktop\mbam-setup-2.0.4.1028.exe
2014-12-06 22:41 - 2014-12-06 22:40 - 00000633 _____ () C:\Users\Margo\Desktop\JRT.txt
2014-12-06 22:38 - 2014-12-06 22:38 - 00000000 ____D () C:\Windows\ERUNT
2014-12-06 22:34 - 2014-12-06 22:34 - 01707646 _____ (Thisisu) C:\Users\Margo\Desktop\JRT.exe
2014-12-06 22:32 - 2014-12-06 22:32 - 00001171 _____ () C:\Users\Margo\Desktop\AdwCleaner[S0]_1.txt
2014-12-06 22:28 - 2014-12-09 09:00 - 00000000 ____D () C:\AdwCleaner
2014-12-06 22:28 - 2014-12-06 22:28 - 00000055 _____ () C:\AdwCleanerDebug.txt
2014-12-06 22:23 - 2014-12-06 22:23 - 00000000 ____D () C:\Users\Margo\Desktop\FRST-OlderVersion
2014-12-06 13:54 - 2014-12-06 13:54 - 00028562 _____ () C:\Users\Margo\Desktop\Addition.txt
2014-12-06 13:53 - 2014-12-09 18:22 - 00021960 _____ () C:\Users\Margo\Desktop\FRST.txt
2014-12-06 13:53 - 2014-12-09 18:22 - 00000000 ____D () C:\FRST
2014-12-06 13:53 - 2014-12-06 22:23 - 02119680 _____ (Farbar) C:\Users\Margo\Desktop\FRST64.exe
2014-12-06 13:34 - 2014-12-06 13:34 - 00000567 _____ () C:\Users\Margo\Desktop\MBR.zip
2014-12-06 13:33 - 2014-12-06 13:33 - 00000774 _____ () C:\Users\Margo\Desktop\checkup.txt
2014-12-06 13:33 - 2014-12-06 13:33 - 00000512 _____ () C:\Users\Margo\Desktop\MBR.dat
2014-12-06 08:00 - 2014-12-06 08:00 - 05198336 _____ (AVAST Software) C:\Users\Margo\Desktop\aswMBR.exe
2014-12-06 08:00 - 2014-12-06 08:00 - 00852487 _____ () C:\Users\Margo\Desktop\SecurityCheck.exe
2014-12-05 18:18 - 2014-12-05 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nok Nok Labs
2014-12-05 18:18 - 2014-12-05 18:18 - 00000000 ____D () C:\Program Files\Nok Nok Labs
2014-12-05 16:08 - 2014-12-05 16:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-05 16:08 - 2014-12-05 16:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-05 16:08 - 2014-12-05 16:08 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2014-12-05 16:08 - 2014-12-05 16:08 - 00000000 ____D () C:\Windows\system32\Macromed
2014-12-04 12:28 - 2014-12-04 12:28 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Nitro
2014-12-04 09:38 - 2014-12-04 09:38 - 00002266 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-04 09:38 - 2014-12-04 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-04 09:37 - 2014-12-09 18:14 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-04 09:37 - 2014-12-09 14:48 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 09:37 - 2014-12-04 09:37 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-04 09:37 - 2014-12-04 09:37 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-03 15:29 - 2014-12-03 15:29 - 00002259 _____ () C:\Users\Public\Desktop\HP Photosmart 6520 series.lnk
2014-12-03 15:29 - 2014-12-03 15:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-03 15:29 - 2014-12-03 15:29 - 00000000 ____D () C:\ProgramData\HP
2014-12-03 15:29 - 2014-12-03 15:29 - 00000000 ____D () C:\Program Files\HP
2014-12-03 15:29 - 2012-10-17 04:31 - 00741480 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMAF11.dll
2014-12-03 15:27 - 2014-12-03 15:34 - 00000000 ____D () C:\Users\Margo\AppData\Local\HP
2014-12-03 14:53 - 2014-12-03 15:29 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-12-03 14:53 - 2014-12-03 14:53 - 00000000 ____D () C:\Users\Margo\AppData\Local\Hewlett-Packard
2014-12-03 14:53 - 2014-12-03 14:53 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-02 08:23 - 2014-12-02 08:23 - 00000000 ____D () C:\Users\Margo\Downloads\Autoruns
2014-12-02 08:22 - 2014-12-02 08:22 - 00511633 _____ () C:\Users\Margo\Downloads\Autoruns.zip
2014-12-01 20:52 - 2014-12-01 20:52 - 00000512 _____ () C:\Users\Margo\Documents\MBR.dat
2014-12-01 20:46 - 2014-12-01 20:46 - 875036229 _____ () C:\Windows\MEMORY.DMP
2014-12-01 20:46 - 2014-12-01 20:46 - 00291408 _____ () C:\Windows\Minidump\120114-8907-01.dmp
2014-12-01 20:46 - 2014-12-01 20:46 - 00000000 ____D () C:\Windows\Minidump
2014-12-01 20:45 - 2014-12-01 20:52 - 00003759 _____ () C:\Users\Margo\Documents\aswMBR.txt
2014-12-01 20:40 - 2014-12-01 20:40 - 05198336 _____ (AVAST Software) C:\Users\Margo\Downloads\aswMBR.exe
2014-12-01 20:27 - 2014-12-01 20:26 - 00020844 _____ () C:\Users\Margo\Documents\Report - HW check.html
2014-12-01 20:21 - 2014-12-05 16:08 - 00000000 ____D () C:\Users\Margo\AppData\Local\Adobe
2014-12-01 17:19 - 2014-12-01 17:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage
2014-12-01 10:38 - 2014-12-04 19:39 - 00000000 ____D () C:\Users\Margo\AppData\Local\CrashDumps
2014-12-01 10:31 - 2014-12-01 10:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-01 10:06 - 2014-12-01 10:06 - 00000000 __SHD () C:\Users\Margo\AppData\Local\EmieBrowserModeList
2014-12-01 10:06 - 2014-12-01 10:06 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Internet Security
2014-12-01 10:05 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-12-01 10:05 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-12-01 10:05 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-12-01 10:05 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-12-01 10:05 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-12-01 10:05 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-01 10:05 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-01 10:05 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-01 10:05 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-12-01 10:05 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-01 10:05 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-12-01 10:05 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-12-01 09:58 - 2014-12-01 09:58 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-12-01 09:57 - 2014-12-01 09:57 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\PwrMgr
2014-12-01 09:33 - 2014-12-01 09:34 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-01 09:33 - 2014-10-31 23:26 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-01 09:33 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-01 09:33 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-01 09:30 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-12-01 09:30 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-01 09:30 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-12-01 09:30 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-12-01 09:30 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-01 09:30 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-01 09:29 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-01 09:29 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-01 09:29 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-01 09:29 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-01 09:29 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-01 09:29 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-01 09:29 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-01 09:29 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-01 09:29 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-01 09:29 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-01 09:29 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-01 09:29 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-01 09:29 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-01 09:29 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-01 09:29 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-01 09:29 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-01 09:29 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-01 09:29 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-01 09:29 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-01 09:29 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-01 09:29 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-01 09:29 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-01 09:29 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-01 09:29 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-01 09:29 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-01 09:29 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-01 09:29 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-01 09:29 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-01 09:29 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-01 09:29 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-01 09:29 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-01 09:29 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-01 09:29 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-01 09:29 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-01 09:29 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-01 09:29 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-01 09:29 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-01 09:29 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-01 09:29 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-01 09:29 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-01 09:29 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-01 09:29 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-01 09:29 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-01 09:29 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-01 09:29 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-01 09:29 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-01 09:29 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-01 09:29 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-01 09:29 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-01 09:29 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-01 09:29 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-01 09:29 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-01 09:29 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-01 09:29 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-01 09:29 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-01 09:29 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-01 09:29 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-01 09:29 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-01 09:28 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-01 09:28 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-01 09:28 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-01 09:28 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-01 09:28 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-01 09:28 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-01 09:28 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-01 09:28 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-01 09:28 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-01 09:28 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-01 09:28 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-01 09:28 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-01 09:28 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-01 09:28 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-01 09:28 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-01 09:28 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-01 09:28 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-01 09:28 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-01 09:28 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-01 09:28 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-01 09:28 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-01 09:28 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-01 09:28 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-01 09:28 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-01 09:28 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-01 09:28 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-01 09:28 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-01 09:28 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-01 09:28 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-01 09:28 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-01 09:28 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-01 09:28 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-01 09:28 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-01 09:28 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-01 09:28 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-01 09:28 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-01 09:28 - 2014-07-16 18:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-01 09:28 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-01 09:28 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-01 09:28 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-01 09:28 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-01 09:28 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-01 09:28 - 2014-07-16 17:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-01 09:28 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-01 09:28 - 2014-07-16 17:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-01 09:28 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-01 09:28 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-01 09:28 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-01 09:28 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-01 09:28 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-12-01 09:28 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-12-01 09:28 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-01 09:28 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-01 09:28 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-01 09:28 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-01 09:28 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-01 09:28 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-01 09:28 - 2011-11-16 22:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-12-01 09:28 - 2011-11-16 21:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-12-01 09:27 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-12-01 09:27 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-12-01 09:27 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-12-01 09:27 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-01 09:27 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-01 09:27 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-01 09:27 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-01 09:27 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-01 09:27 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-01 09:27 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-01 09:27 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-01 09:27 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-01 09:27 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-01 09:27 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-01 09:27 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-01 09:27 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-01 09:27 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-01 09:27 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-01 09:27 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-01 09:27 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-01 09:27 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-01 09:27 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-01 09:27 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-01 09:27 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-01 09:27 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-01 09:27 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-01 09:27 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-01 09:27 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-01 09:27 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-01 09:27 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-01 09:27 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-12-01 09:27 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-12-01 09:27 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-01 09:27 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-12-01 09:27 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-12-01 09:27 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-12-01 09:27 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-12-01 09:27 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-12-01 09:27 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-01 09:27 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-01 09:27 - 2011-04-08 22:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-01 09:27 - 2011-04-08 21:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-01 09:27 - 2011-02-22 20:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-12-01 09:26 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-01 09:26 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-01 09:24 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-01 09:24 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-01 09:24 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-01 09:24 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-11-28 21:09 - 2014-12-06 23:31 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\LSC
2014-11-28 21:09 - 2014-11-28 21:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2014-11-28 20:25 - 2014-11-28 20:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-11-28 20:20 - 2014-11-28 20:20 - 04750945 _____ () C:\Users\Margo\Downloads\txpeng73032.zip
2014-11-28 20:19 - 2014-11-28 20:57 - 00000000 ____D () C:\Users\Margo\AppData\Local\WinZip
2014-11-28 20:19 - 2014-11-28 20:57 - 00000000 ____D () C:\Program Files\WinZip
2014-11-28 20:19 - 2014-11-28 20:19 - 00000000 ____D () C:\ProgramData\WinZip
2014-11-28 20:14 - 2014-12-04 09:38 - 00000000 ____D () C:\Users\Margo\AppData\Local\Google
2014-11-28 20:14 - 2014-12-04 09:38 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-28 20:13 - 2014-12-04 09:37 - 00000000 ____D () C:\Users\Margo\AppData\Local\Deployment
2014-11-28 20:13 - 2014-12-01 10:07 - 00000000 ____D () C:\Users\Margo\AppData\Local\Apps\2.0
2014-11-28 20:01 - 2014-11-28 20:01 - 00000000 __SHD () C:\Users\Margo\AppData\Local\EmieUserList
2014-11-28 20:01 - 2014-11-28 20:01 - 00000000 __SHD () C:\Users\Margo\AppData\Local\EmieSiteList
2014-11-28 19:59 - 2014-11-28 20:57 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-11-28 19:58 - 2014-11-28 20:57 - 00000000 ____D () C:\3256293e5e9749f0a35a19
2014-11-28 19:58 - 2014-11-28 19:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_dc3d_01011.Wdf
2014-11-28 19:54 - 2014-11-28 19:54 - 00002076 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REACHit.lnk
2014-11-28 19:54 - 2014-11-28 19:54 - 00002002 _____ () C:\Users\Public\Desktop\Lenovo Solution Center.lnk
2014-11-28 19:54 - 2014-11-28 19:54 - 00001831 _____ () C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\REACHit Drive.lnk
2014-11-28 19:54 - 2014-11-28 19:54 - 00000000 ____D () C:\Users\Margo\REACHit
2014-11-28 19:52 - 2014-11-28 19:52 - 00000000 ____D () C:\Users\Margo\AppData\Local\Downloaded Installations
2014-11-28 19:51 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-11-28 19:51 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-11-28 19:51 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-11-28 19:48 - 2014-11-28 19:48 - 00000000 ____D () C:\Users\Margo\AppData\Local\Power2Go
2014-11-28 19:47 - 2014-12-03 14:53 - 00064232 _____ () C:\Users\Margo\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-28 19:47 - 2014-11-28 20:59 - 00000000 ____D () C:\Users\Margo
2014-11-28 19:47 - 2014-11-28 19:54 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Adobe
2014-11-28 19:47 - 2014-11-28 19:54 - 00000000 ____D () C:\Users\Margo\AppData\Local\Lenovo
2014-11-28 19:47 - 2014-11-28 19:47 - 00002836 _____ () C:\Windows\System32\Tasks\DiskUpdate
2014-11-28 19:47 - 2014-11-28 19:47 - 00001424 _____ () C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-28 19:47 - 2014-11-28 19:47 - 00000020 ___SH () C:\Users\Margo\ntuser.ini
2014-11-28 19:47 - 2014-11-28 19:47 - 00000010 _____ () C:\Windows\getvol.scp
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 ____D () C:\Users\Margo\Documents\My Received Files
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Mozilla
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Leadertech
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Intel
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 ____D () C:\Users\Margo\AppData\Local\VirtualStore
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 ____D () C:\Users\Margo\AppData\Local\Packages
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 ____D () C:\Users\Margo\AppData\Local\Nok Nok Labs
2014-11-28 19:47 - 2014-11-28 19:47 - 00000000 _____ () C:\Windows\firstboot.dat
2014-11-28 19:47 - 2014-09-28 03:53 - 00002111 _____ () C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2014-11-28 19:47 - 2014-09-28 03:49 - 00000000 ____D () C:\Users\Margo\AppData\Roaming\Macromedia
2014-11-28 19:47 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-28 19:47 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-28 19:47 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-28 19:47 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-28 19:47 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-28 19:47 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-28 19:47 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-28 19:47 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-28 19:47 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-28 19:47 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-28 19:47 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-28 19:47 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-28 19:47 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-28 19:47 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-28 19:47 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-28 19:47 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Margo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-09 18:23 - 2014-09-28 03:51 - 00000952 _____ () C:\Windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA.job
2014-12-09 18:23 - 2014-09-28 03:51 - 00000948 _____ () C:\Windows\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore.job
2014-12-09 18:15 - 2014-09-28 03:38 - 01586436 _____ () C:\Windows\WindowsUpdate.log
2014-12-09 14:58 - 2009-07-13 20:51 - 00052927 _____ () C:\Windows\setupact.log
2014-12-09 14:55 - 2009-07-13 20:45 - 00032128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-09 14:55 - 2009-07-13 20:45 - 00032128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-09 14:52 - 2009-07-13 21:13 - 00781782 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-09 14:48 - 2014-09-28 03:50 - 00000000 ____D () C:\ProgramData\Validity
2014-12-09 14:48 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-09 09:01 - 2010-11-20 19:47 - 00011982 _____ () C:\Windows\PFRO.log
2014-12-06 07:56 - 2009-07-13 20:45 - 00282184 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-05 18:18 - 2014-09-28 03:51 - 00003948 _____ () C:\Windows\System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineUA
2014-12-05 18:18 - 2014-09-28 03:51 - 00003696 _____ () C:\Windows\System32\Tasks\Nok Nok LabsMFACUpdaterTaskMachineCore
2014-12-05 18:18 - 2014-09-28 03:51 - 00000000 ____D () C:\ProgramData\Nok Nok Labs
2014-12-02 09:04 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-12-01 20:22 - 2014-09-27 11:07 - 00000000 ____D () C:\ProgramData\Lenovo
2014-12-01 17:19 - 2014-09-28 03:49 - 00000000 ____D () C:\Windows\System32\Tasks\Lenovo
2014-12-01 17:19 - 2014-09-28 03:48 - 00000000 ___HD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2014-12-01 17:19 - 2014-09-28 03:42 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-12-01 17:19 - 2014-09-28 03:37 - 00000000 ____D () C:\Program Files\Lenovo
2014-12-01 17:18 - 2014-09-28 03:48 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-01 10:01 - 2014-09-28 03:54 - 00003234 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-12-01 10:01 - 2014-09-28 03:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-12-01 10:01 - 2014-09-28 03:53 - 00000000 ____D () C:\Windows\system32\Drivers\NISx64
2014-12-01 09:58 - 2014-02-03 06:34 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-01 09:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-01 09:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-01 09:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-01 09:58 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-01 09:53 - 2014-01-30 13:46 - 00774028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-29 11:39 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-28 20:57 - 2014-09-28 03:53 - 00000000 ____D () C:\ProgramData\Norton
2014-11-28 20:57 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-11-28 19:56 - 2014-09-28 03:49 - 00000000 ____D () C:\Windows\System32\Tasks\TVT
2014-11-28 19:55 - 2014-09-28 03:35 - 00000000 ____D () C:\Program Files\Synaptics
2014-11-28 19:55 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-11-28 19:53 - 2014-09-28 03:36 - 00000000 ____D () C:\ProgramData\Intel
2014-11-28 19:52 - 2014-09-28 03:38 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-28 19:47 - 2014-09-28 03:37 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_T540p_20BE0085US.MRK
2014-11-28 19:47 - 2014-01-30 11:47 - 00000000 ____D () C:\Windows\Panther
2014-11-28 19:47 - 2014-01-30 11:47 - 00000000 ____D () C:\SWTOOLS
2014-11-28 19:47 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-02 08:57

==================== End Of Log ============================

#19 OCD

SuperHelper

Malware Team
5,574 posts

Posted 09 December 2014 - 08:56 PM

Hi Marple,

Your log appears to be clean. :thumbup:
We have a few items to take care of before we get to the All Clean Speech.

= = = = = = = = = = = = = = = = = = = =

Uninstall via Programs and Features

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

Adobe Reader 10.1.7

=========================

Adobe Reader:

Go to http://get.adobe.com.../otherversions/

Use the drop down menu's to select your operating system
Select your language > Select The current version of Adobe Reader for your language
Remove the check mark from the box "Free! McAfee Security Scan Plus"
Click the Download button, and follow the onscreen directions to complete the installation.

Please note, depending on your settings, you may have to temporarily disable your antivirus software for the Adobe Reader update.

=========================

Your hard drive is 5% fragmented. You may want to defrag at this time or schedule a run in the near future.

Disk Defragmenter in Windows 7

Click on the Start button, and type in "disk defragmenter" in the search window at the bottom.
"Disk Defragmenter" should appear at the top of the search results, click to open.

(a window similar to the one below will open)

Locate your primary hard drive (usually C:), and select it.

Next select the Defragment Disk button. Monitor the progress if you choose.

Close when the defrag process has been completed.

= = = = = = = = = =

You can also Schedule the Disk Defragmenter to run on a predetermined schedule.

From the main Disk Defragmenter window

Select the Configure / Schedule button

Select a date and time that best suits your needs.
Close when finished.

=========================

Remove Disinfection Tools

Download Delfix
Tick the following boxes:
- Remove disinfection tools
- Create registry backup
- Purge system restore
Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate windows and frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

= = = = = = = = = = = = = = = = = = = =

Be prepared for CryptoLocker:

Cryptolocker Ransomware: What You Need To Know
CryptoLocker Ransomware Information Guide and FAQ

to help protect your computer in the future I recommend that you get the following free program:

CryptoPrevent install this program to lock down and prevent crypto-ransomeware

= = = = = = = = = = = = = = = = = = = =

COMPUTER SECURITY - a short guide to staying safer online

= = = = = = = = = = = = = = = = = = = =

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

Green should be good to go
Yellow for caution
Red to stop

= = = = = = = = = = = = = = = = = = = =

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

= = = = = = = = = = = = = = = = = = = =

Make sure you keep your Windows OS current.

Windows XP:
Microsoft will no longer offer support for Windows XP beginning on April 8, 2014
If you are running Windows XP, please take the time to read the information provided at these links.
- Windows XP - The Elephant In The Room
- Windows XP - The end of the road
Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.
Window 8 Open Windows Update by swiping in from the right edge of the screen (or, if you're using a mouse, pointing to the lower-right corner of the screen and moving the mouse pointer up), tapping or clicking Settings, tapping or clicking Change PC settings, and then tapping or clicking Update and recovery.

Without these you are leaving the back door open.

= = = = = = = = = = = = = = = = = = = =

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

= = = = = = = = = = = = = = = = = = = =

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#20 Marple

New Member

Authentic Member
12 posts

Posted 10 December 2014 - 03:15 PM

Thank you so much OCD! I am very satisfied with your assistance; once again my PC seems just fine.

#21 OCD

SuperHelper

Malware Team
5,574 posts

Posted 10 December 2014 - 10:08 PM

You're very welcome. Glad I was able to help. :thumbup:

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

#22 OCD

SuperHelper

Malware Team
5,574 posts

Posted 10 December 2014 - 10:08 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days

If you are satisfied with the help you have received, please consider making a donation.

Body Background

skin color theme