rondarohrer
-
Content Count
12 -
Joined
-
Last visited
Content Type
Profiles
Forums
Calendar
Posts posted by rondarohrer
-
-
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F78842A-3E7C-4085-AD9F-1285123912B1}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAD4627B-BE46-42FD-8231-ED58D1948378}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ not found.
Unable to set value : HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Ronda\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\extensions folder moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\extensions folder moved successfully.
C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflfgignhfidipfhophfcapmoalfkklg\1.161.0.0_0 folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Ronda
Total Java Files Cleaned = 0.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56466 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Public
User: Ronda
->Flash cache emptied: 61781 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: Ronda
->Temp folder emptied: 24534578 bytes
->Temporary Internet Files folder emptied: 346002749 bytes
->FireFox cache emptied: 23975393 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 45878 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 747 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43277516 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 418.00 mb
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 05012014_204833
Files\Folders moved on Reboot...
C:\Users\Ronda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ronda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot... -
ComboFix 14-04-30.01 - Ronda 05/01/2014 19:52:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.3903 [GMT -7:00]
Running from: c:\users\Ronda\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ronda\AppData\Local\Microsoft\Windows\Temporary Internet Files\PlurPush_iels
.
.
((((((((((((((((((((((((( Files Created from 2014-04-02 to 2014-05-02 )))))))))))))))))))))))))))))))
.
.
2014-05-02 02:56 . 2014-05-02 02:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-01 03:09 . 2014-05-01 03:39 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-01 03:08 . 2014-05-01 03:08 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-01 03:08 . 2014-05-01 03:08 -------- d-----w- c:\programdata\Malwarebytes
2014-05-01 03:08 . 2014-04-03 16:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-01 03:08 . 2014-04-03 16:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-01 03:08 . 2014-04-03 16:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-01 02:53 . 2014-05-01 02:53 -------- d-----w- c:\windows\ERUNT
2014-05-01 02:20 . 2014-05-01 02:20 -------- d-----w- c:\users\Ronda\AppData\Local\ElevatedDiagnostics
2014-05-01 01:33 . 2010-08-30 15:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-01 01:32 . 2014-05-01 02:14 -------- d-----w- C:\AdwCleaner
2014-05-01 00:25 . 2014-05-01 03:34 -------- d-----w- C:\temp
2014-04-29 23:25 . 2014-04-29 23:25 -------- d-----w- c:\users\Ronda\AppData\Local\WebBar
2014-04-29 23:25 . 2014-05-01 00:44 -------- d-----w- c:\programdata\InstallSightSDK
2014-04-29 23:25 . 2014-05-01 00:44 -------- d-----w- c:\program files\WebBar
2014-04-29 23:25 . 2014-04-29 23:25 -------- d-----w- c:\program files\pcreg
2014-04-29 23:24 . 2014-05-01 00:45 -------- d-----w- c:\programdata\Yahoo!
2014-04-29 23:14 . 2014-04-17 12:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{92249C3D-EF64-4DDB-85B7-298DB6E25FB1}\mpengine.dll
2014-04-28 23:51 . 2014-04-28 23:51 -------- d-sh--w- c:\users\Ronda\AppData\Local\EmieUserList
2014-04-28 23:51 . 2014-04-28 23:51 -------- d-sh--w- c:\users\Ronda\AppData\Local\EmieSiteList
2014-04-25 14:24 . 2014-04-24 19:29 61112 ----a-w- c:\windows\system32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
2014-04-23 18:51 . 2014-04-23 18:51 -------- d-----w- c:\windows\Migration
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 18:25 . 2014-03-26 23:48 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 18:25 . 2011-11-03 12:51 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 16:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-09 21:08 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-10 20:47 . 2014-02-10 20:47 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2014-02-10 20:47 . 2014-02-10 20:47 942592 ----a-w- c:\windows\system32\jsIntl.dll
2014-02-10 20:47 . 2014-02-10 20:47 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2014-02-10 20:47 . 2014-02-10 20:47 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2014-02-10 20:47 . 2014-02-10 20:47 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2014-02-10 20:47 . 2014-02-10 20:47 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-02-10 20:47 . 2014-02-10 20:47 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-02-10 20:47 . 2014-02-10 20:47 81408 ----a-w- c:\windows\system32\icardie.dll
2014-02-10 20:47 . 2014-02-10 20:47 774144 ----a-w- c:\windows\system32\jscript.dll
2014-02-10 20:47 . 2014-02-10 20:47 77312 ----a-w- c:\windows\system32\tdc.ocx
2014-02-10 20:47 . 2014-02-10 20:47 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-10 20:47 . 2014-02-10 20:47 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-10 20:47 . 2014-02-10 20:47 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2014-02-10 20:47 . 2014-02-10 20:47 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2014-02-10 20:47 . 2014-02-10 20:47 62464 ----a-w- c:\windows\system32\pngfilt.dll
2014-02-10 20:47 . 2014-02-10 20:47 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-02-10 20:47 . 2014-02-10 20:47 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2014-02-10 20:47 . 2014-02-10 20:47 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2014-02-10 20:47 . 2014-02-10 20:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2014-02-10 20:47 . 2014-02-10 20:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2014-02-10 20:47 . 2014-02-10 20:47 48128 ----a-w- c:\windows\system32\imgutil.dll
2014-02-10 20:47 . 2014-02-10 20:47 413696 ----a-w- c:\windows\system32\html.iec
2014-02-10 20:47 . 2014-02-10 20:47 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2014-02-10 20:47 . 2014-02-10 20:47 337408 ----a-w- c:\windows\SysWow64\html.iec
2014-02-10 20:47 . 2014-02-10 20:47 30208 ----a-w- c:\windows\system32\licmgr10.dll
2014-02-10 20:47 . 2014-02-10 20:47 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2014-02-10 20:47 . 2014-02-10 20:47 247808 ----a-w- c:\windows\system32\msls31.dll
2014-02-10 20:47 . 2014-02-10 20:47 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2014-02-10 20:47 . 2014-02-10 20:47 243200 ----a-w- c:\windows\system32\webcheck.dll
2014-02-10 20:47 . 2014-02-10 20:47 235520 ----a-w- c:\windows\system32\url.dll
2014-02-10 20:47 . 2014-02-10 20:47 235008 ----a-w- c:\windows\system32\elshyph.dll
2014-02-10 20:47 . 2014-02-10 20:47 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2014-02-10 20:47 . 2014-02-10 20:47 167424 ----a-w- c:\windows\system32\iexpress.exe
2014-02-10 20:47 . 2014-02-10 20:47 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2014-02-10 20:47 . 2014-02-10 20:47 147968 ----a-w- c:\windows\system32\occache.dll
2014-02-10 20:47 . 2014-02-10 20:47 143872 ----a-w- c:\windows\system32\wextract.exe
2014-02-10 20:47 . 2014-02-10 20:47 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2014-02-10 20:47 . 2014-02-10 20:47 13824 ----a-w- c:\windows\system32\mshta.exe
2014-02-10 20:47 . 2014-02-10 20:47 135680 ----a-w- c:\windows\system32\iepeers.dll
2014-02-10 20:47 . 2014-02-10 20:47 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2014-02-10 20:47 . 2014-02-10 20:47 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2014-02-10 20:47 . 2014-02-10 20:47 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2014-02-10 20:47 . 2014-02-10 20:47 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-02-10 20:47 . 2014-02-10 20:47 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2014-02-10 20:47 . 2014-02-10 20:47 105984 ----a-w- c:\windows\system32\iesysprep.dll
2014-02-10 20:47 . 2014-02-10 20:47 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-02-10 20:47 . 2014-02-10 20:47 101376 ----a-w- c:\windows\system32\inseng.dll
2014-02-07 01:23 . 2014-03-14 03:12 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-06 04:09 . 2014-02-06 04:09 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2014-02-06 04:09 . 2014-02-06 04:09 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2014-02-06 04:09 . 2014-02-06 04:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2014-02-06 04:09 . 2014-02-06 04:09 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2014-02-06 04:09 . 2014-02-06 04:09 363008 ----a-w- c:\windows\system32\dxgi.dll
2014-02-06 04:09 . 2014-02-06 04:09 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2014-02-06 04:09 . 2014-02-06 04:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 296960 ----a-w- c:\windows\system32\d3d10core.dll
2014-02-06 04:09 . 2014-02-06 04:09 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2014-02-06 04:09 . 2014-02-06 04:09 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-02-06 04:09 . 2014-02-06 04:09 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2014-02-06 04:09 . 2014-02-06 04:09 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2014-02-06 04:09 . 2014-02-06 04:09 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-02-06 04:09 . 2014-02-06 04:09 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2014-02-06 04:09 . 2014-02-06 04:09 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2014-02-06 04:09 . 2014-02-06 04:09 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2014-02-06 04:09 . 2014-02-06 04:09 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2014-02-06 04:09 . 2014-02-06 04:09 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2014-02-06 04:09 . 2014-02-06 04:09 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
2014-02-06 04:09 . 2014-02-06 04:09 1643520 ----a-w- c:\windows\system32\DWrite.dll
2014-02-06 04:09 . 2014-02-06 04:09 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2014-02-06 04:09 . 2014-02-06 04:09 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2014-02-06 04:09 . 2014-02-06 04:09 1238528 ----a-w- c:\windows\system32\d3d10.dll
2014-02-06 04:09 . 2014-02-06 04:09 1175552 ----a-w- c:\windows\system32\FntCache.dll
2014-02-06 04:09 . 2014-02-06 04:09 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2014-02-06 04:09 . 2014-02-06 04:09 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll
2014-02-06 04:09 . 2014-02-06 04:09 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-05 01:30 . 2014-01-11 22:46 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-02-04 02:32 . 2014-03-14 03:08 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 03:08 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-14 03:08 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 03:08 509440 ----a-w- c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Re-Markable;Re-Markable;c:\program files (x86)\Re-Markable-soft\Re-MarkableRK161.exe;c:\program files (x86)\Re-Markable-soft\Re-MarkableRK161.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;c:\windows\system32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys;c:\windows\SYSNATIVE\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-26 18:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-07 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:14291;https=127.0.0.1:49168
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk - c:\program files (x86)\Software Updater\SoftwareUpdater.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-BC81280F-F047-C5E3-27B5-D6AF61072A5F - c:\program files (x86)\Re-Markable-soft\Uninstall.exe
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe
AddRemove-TidyNetwork - c:\users\Ronda\AppData\Local\TidyNetwork\TidyNetwork.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-01 19:58:25
ComboFix-quarantined-files.txt 2014-05-02 02:58
.
Pre-Run: 685,587,488,768 bytes free
Post-Run: 685,638,160,384 bytes free
.
- - End Of File - - 4E698A20B3A6F9431EB50C08563D741E -
Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java 6 Update 25
Java version out of Date!
Adobe Flash Player 13.0.0.206
Mozilla Firefox (29.0)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 8%
````````````````````End of Log`````````````````````` -
OTL logfile created on: 5/1/2014 5:06:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ronda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
5.91 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 64.08% Memory free
11.83 Gb Paging File | 9.43 Gb Available in Paging File | 79.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.06 Gb Total Space | 637.06 Gb Free Space | 93.40% Space Free | Partition Type: NTFS
Computer Name: RONDA-PC | User Name: Ronda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/05/01 17:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronda\Downloads\OTL.scr
PRC - [2014/04/30 06:34:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\mozilla firefox\firefox.exe
PRC - [2014/04/29 11:25:23 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014/04/25 01:13:10 | 000,249,024 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/06/04 17:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
========== Modules (No Company Name) ==========
MOD - [2014/04/30 06:34:47 | 003,845,232 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\mozjs.dll
MOD - [2014/04/29 11:25:22 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
========== Services (SafeList) ==========
SRV:64bit: - [2014/04/25 01:13:10 | 000,249,024 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 22:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 10:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 15:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 18:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2014/04/30 06:34:47 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/29 11:25:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 18:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2014/04/30 20:39:54 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/24 12:29:30 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys -- ({552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/02/04 18:30:30 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/31 13:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 11:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 20:58:30 | 000,413,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/02 17:48:38 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/10/29 17:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/08/19 02:00:00 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/09 18:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS -- (NAVEX15)
DRV - [2011/08/09 18:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS -- (NAVENG)
DRV - [2011/07/20 10:43:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}
IE:64bit: - HKLM\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140418,19669,0,FF28,7635
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS573
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14291;https=127.0.0.1:49168
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140418,19669,0,FF28,7635
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS573
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14291;https=127.0.0.1:49168
========== FireFox ==========
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2014/01/11 18:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/04/30 20:38:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\program files (x86)\mozilla firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\program files (x86)\mozilla firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{90CA2A0F-E849-2B65-0592-F0E266A350C4}: C:\Program Files (x86)\Re-Markable-soft\161.xpi
[2014/03/25 12:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronda\AppData\Roaming\Mozilla\Extensions
[2014/04/30 19:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\extensions
[2014/04/30 06:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/04/30 06:34:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========== Chrome ==========
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - plugin: First user (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflfgignhfidipfhophfcapmoalfkklg\1.161.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947F2CCB-CCA1-4DAA-902F-CE4EF6A5B8EE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/30 20:09:27 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/30 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/30 20:08:17 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/30 20:08:17 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/30 20:08:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/30 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/30 20:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/30 19:53:12 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/04/30 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Ronda\AppData\Local\ElevatedDiagnostics
[2014/04/30 18:33:12 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/04/30 18:32:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/30 17:25:53 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/30 06:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mozilla firefox
[2014/04/29 16:25:29 | 000,000,000 | ---D | C] -- C:\Users\Ronda\AppData\Local\WebBar
[2014/04/29 16:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallSightSDK
[2014/04/29 16:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\WebBar
[2014/04/29 16:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
[2014/04/29 16:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/04/29 16:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
[2014/04/28 16:51:05 | 000,000,000 | -HSD | C] -- C:\Users\Ronda\AppData\Local\EmieUserList
[2014/04/28 16:51:05 | 000,000,000 | -HSD | C] -- C:\Users\Ronda\AppData\Local\EmieSiteList
[2014/04/28 08:49:30 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/04/28 08:49:30 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/04/28 08:49:29 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/04/28 08:49:22 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/04/28 08:49:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/28 08:49:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/04/28 08:49:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/04/28 08:49:20 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/04/28 08:49:20 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/04/28 08:49:19 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/04/28 08:49:19 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/04/28 08:49:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/04/28 08:49:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/04/28 08:49:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/04/28 08:49:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/04/28 08:49:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/04/28 08:49:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/04/28 08:49:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/04/28 08:49:18 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/28 08:49:16 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/28 08:49:16 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/04/28 08:49:16 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/04/28 08:49:16 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/04/28 08:49:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/04/28 08:49:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/04/28 08:49:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/04/28 08:49:14 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/04/28 08:49:14 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/04/28 08:49:12 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/04/25 07:24:34 | 000,061,112 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/23 11:51:57 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/04/14 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ronda\Desktop\misc pics
[2014/04/09 14:08:51 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2014/04/09 14:08:51 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2014/04/09 14:08:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
[2014/04/09 14:08:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
[2014/04/09 14:08:48 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/09 14:08:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/09 14:08:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/09 14:08:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/09 14:08:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/09 14:08:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/09 14:08:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/09 14:08:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/09 14:08:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/09 14:08:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2014/05/01 16:53:31 | 000,782,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/01 16:53:31 | 000,662,338 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/01 16:53:31 | 000,121,916 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/01 16:50:50 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 16:50:50 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 16:50:30 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 16:50:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/30 20:39:54 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/30 20:35:56 | 467,644,415 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/30 20:08:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 16:24:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/29 16:23:53 | 000,001,127 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/04/29 11:25:23 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/04/29 11:25:23 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/28 08:45:25 | 000,774,870 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/04/24 12:29:30 | 000,061,112 | ---- | M] (StdLib) -- C:\windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
========== Files Created - No Company Name ==========
[2014/04/30 20:08:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 16:24:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/29 16:23:53 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/02/26 19:41:57 | 000,774,870 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/01/11 15:27:33 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2014/01/11 15:22:32 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
========== ZeroAccess Check ==========
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== Purity Check ==========
< End of report >
-
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2014 5:47:14 PM
System Uptime: 5/1/2014 4:42:32 PM (1 hours ago)
.
Motherboard: Intel Corporation | | Oneonta Falls
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 682 GiB total, 637.055 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP15: 2/26/2014 5:41:35 PM - Windows Update
RP16: 3/2/2014 6:48:13 AM - Windows Update
RP17: 3/7/2014 8:23:51 PM - Windows Update
RP18: 3/13/2014 8:06:30 PM - Installed iTunes
RP19: 3/13/2014 8:08:55 PM - Windows Update
RP20: 3/14/2014 6:16:34 PM - Windows Update
RP21: 3/18/2014 10:25:14 AM - Windows Update
RP22: 3/22/2014 7:40:29 PM - Windows Update
RP23: 3/22/2014 9:39:32 PM - Removed Amazon Links
RP24: 3/25/2014 12:25:04 PM - Windows Update
RP25: 3/29/2014 7:20:08 AM - Windows Update
RP26: 4/1/2014 10:57:09 AM - Windows Update
RP27: 4/4/2014 6:25:00 PM - Windows Update
RP28: 4/9/2014 2:07:52 PM - Windows Update
RP29: 4/13/2014 7:26:29 PM - Windows Update
RP30: 4/20/2014 4:23:58 PM - Windows Update
RP31: 4/23/2014 11:49:55 AM - Windows Update
RP32: 4/28/2014 8:43:49 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BrowserSafeguard with Rockettab
D3DX10
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java 6 Update 25
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mozilla Firefox 29.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Norton Internet Security
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Re-Markable
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype Launcher
Synaptics Pointing Device Driver
TidyNetwork
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
-
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Ronda at 16:59:10 on 2014-05-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6056.3842 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyServer = hxxp=127.0.0.1:14291;https=127.0.0.1:49168
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
uRun: [pcreg] C:\Program Files\pcreg\service.exe
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [pcreg] C:\Program Files\pcreg\service.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTWA~1.LNK - C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{947F2CCB-CCA1-4DAA-902F-CE4EF6A5B8EE} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;C:\windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys [2014-4-25 61112]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2014-1-11 162824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-30 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-30 857912]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2014-2-10 138272]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2014-1-11 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2014-1-11 126392]
R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-4-25 249024]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-1-11 2656280]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [2014-1-11 1151096]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2014-2-10 167072]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys [2014-1-11 488568]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-4-30 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-30 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-30 63192]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2014-1-11 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-1-11 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2014-1-11 1103464]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2014-2-10 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2014-2-10 1129120]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2014-2-10 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2014-2-10 405624]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2014-1-11 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Re-Markable;Re-Markable;C:\Program Files (x86)\Re-Markable-soft\Re-MarkableRK161.exe --> C:\Program Files (x86)\Re-Markable-soft\Re-MarkableRK161.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-28 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-1-11 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-2-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-01 03:09:27 119512 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-01 03:08:17 88280 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-05-01 03:08:17 63192 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-05-01 03:08:17 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-05-01 03:08:17 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-01 03:08:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 02:53:12 -------- d-----w- C:\windows\ERUNT
2014-05-01 02:20:00 -------- d-----w- C:\Users\Ronda\AppData\Local\ElevatedDiagnostics
2014-05-01 01:33:12 536576 ----a-w- C:\windows\SysWow64\sqlite3.dll
2014-05-01 01:32:43 -------- d-----w- C:\AdwCleaner
2014-05-01 00:25:53 -------- d-----w- C:\temp
2014-04-29 23:25:29 -------- d-----w- C:\Users\Ronda\AppData\Local\WebBar
2014-04-29 23:25:28 -------- d-----w- C:\ProgramData\InstallSightSDK
2014-04-29 23:25:25 -------- d-----w- C:\Program Files\WebBar
2014-04-29 23:25:09 -------- d-----w- C:\Program Files\pcreg
2014-04-29 23:14:23 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92249C3D-EF64-4DDB-85B7-298DB6E25FB1}\mpengine.dll
2014-04-28 23:51:05 -------- d-sh--w- C:\Users\Ronda\AppData\Local\EmieUserList
2014-04-28 23:51:05 -------- d-sh--w- C:\Users\Ronda\AppData\Local\EmieSiteList
2014-04-25 14:24:34 61112 ----a-w- C:\windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
2014-04-23 18:51:57 -------- d-----w- C:\windows\Migration
.
==================== Find3M ====================
.
2014-04-29 18:25:23 70832 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 18:25:23 692400 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 16:35:08 270496 ------w- C:\windows\System32\MpSigStub.exe
2014-03-06 09:32:16 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-04 09:44:21 362496 ----a-w- C:\windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:03 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2014-03-04 09:17:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2014-03-04 09:16:54 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2014-03-04 08:09:30 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\windows\SysWow64\user.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-02-05 01:30:30 175736 ----a-w- C:\windows\System32\drivers\SYMEVENT64x86.SYS
2014-02-04 02:35:56 190912 ----a-w- C:\windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\windows\SysWow64\iologmsg.dll
.
============= FINISH: 17:00:10.73 =============== -
hi chuck, i'm ready to finish up. let me know what to do!
-
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 4/30/2014
Scan Time: 8:34:42 PM
Logfile:
Administrator: Yes
Version: 2.00.1.1004
Malware Database: v2014.05.01.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ronda
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 256153
Time Elapsed: 24 min, 16 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 10
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, Quarantined, [5bdbcd7fe69575c1cc93b0f6d2311ae6],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork, Quarantined, [0036113b95e661d5302dccb123dff60a],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re-Markable, Quarantined, [aa8c38144c2f43f3bfb49fdd788ae917],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [c76f79d31467bf775aac1270986a4db3],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, browsersafeguard-rockettab-revenyou, Quarantined, [5bdbcd7fe69575c1cc93b0f6d2311ae6]
Registry Data: 0
(No malicious items detected)
Folders: 1
PUP.Optional.BrowserSafeGuard, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard, Quarantined, [ae88aba19edddc5a664615950bf829d7],
Files: 33
PUP.Optional.Conduit, C:\temp\embededstub_new2.exe, Quarantined, [9f97bf8db6c5ec4ae57b2c9f0df6ba46],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsgF742.exe, Quarantined, [d85e8cc072091323b682879f57aab24e],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsk9997.exe, Quarantined, [181ec587e596fa3cd16773b36e93ca36],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsq9746.exe, Quarantined, [0f2718341c5fd26487b182a42fd28080],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nswF9C3.exe, Quarantined, [979f88c4cfac2b0be553a086837e0cf4],
PUP.Optional.Addlyrics, C:\Users\Ronda\AppData\Local\Temp\airBB4C.exe, Quarantined, [d5615af2bbc02610ef385023a75a758b],
PUP.Optional.InstallIQ, C:\Users\Ronda\AppData\Local\Temp\airDD89.exe, Quarantined, [78be0b412d4ece682318f9332dd30ff1],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsa9253.exe, Quarantined, [1323fa52403ba492b48443e3e91841bf],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsf8FB3.exe, Quarantined, [b4822c20d3a8ec4a3afe68be9f62bc44],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsg187C.exe, Quarantined, [91a598b45d1e3501c5733ceab34ead53],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsg1AED.exe, Quarantined, [2a0c410b06754ee80f29ef37936eec14],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\SearchProtectINT.exe, Quarantined, [51e50844bcbf2115f56e60b906fb946c],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\AppData\Local\Temp\setup.exe, Quarantined, [71c5b29a1467ac8a40cca892de22d12f],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\SPSetup.exe, Quarantined, [e3537fcdc0bb6dc99e89e7342ad79868],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\nsgB2B3\SpSetup.exe, Quarantined, [f640e06c5c1f39fdad7a89924fb29769],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\nsk52E1\SpSetup.exe, Quarantined, [fa3c15370f6c05310c1b998213ee33cd],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nseA012.exe, Quarantined, [4beb84c882f98aac7fb9f531986960a0],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsfE3DF.exe, Quarantined, [5dd909434a31bd79d6626fb79f620bf5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg8FB9.exe, Quarantined, [68ce63e9f28978beff39ae789e636d93],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh14B.exe, Quarantined, [44f2db71e09bbf7739ffa77fd9289d63],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj9D24.exe, Quarantined, [d75fb597d8a30a2c94a42006778a37c9],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn3E0E.exe, Quarantined, [0234a8a44e2d52e4ce6a2600728fa25e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoA30F.exe, Quarantined, [42f437155625bd7939ff6bbbbb460af6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss5FB1.exe, Quarantined, [61d50c406d0e9a9ca1970f17fa07ab55],
PUP.Optional.Conduit, C:\Windows\Temp\verifier.exe, Quarantined, [2a0c2e1ed5a68da975ebfbd01de6bf41],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx199.exe, Quarantined, [d16573d9e09bf83ef84096908d749e62],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz9A75.exe, Quarantined, [6ec882cab7c4c57189af11154bb616ea],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsu6FFB\SpSetup.exe, Quarantined, [2b0b96b6116a42f486a1b16a0ef338c8],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\Downloads\setup.exe, Quarantined, [be7867e50f6c9d9940cc4feb748ce020],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\Downloads\updater(1).exe, Quarantined, [0a2c4309205beb4bc547fb3f956bd828],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\Downloads\updater.exe, Quarantined, [979f7ad296e594a2d23a21199c64827e],
PUP.Optional.BrowserSafeGuard, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk, Quarantined, [ae88aba19edddc5a664615950bf829d7],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: ( "search_url": "http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP35BC10EE-C775-49C5-9F42-B10F924A35CA&q={searchTerms}&SSPV=",), Replaced,[67cf57f55823b6807d229bc7bf458b75]
Physical Sectors: 0
(No malicious items detected)
(end) -
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ronda on Wed 04/30/2014 at 19:53:15.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Ronda\AppData\Roaming\mozilla\firefox\profiles\vx2lmpos.default\minidumps [6 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/30/2014 at 20:00:31.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-
there are so many pop ups i can't get anywhere and it keeps downloading crap so it just gets worse everyday! i've got weird tool bars and junk everywhere. ready to throw it!
Hi flashh4- popups driving me crazy!
in Malware Removal
Posted
chuck- i finished. i'll touch base a bit later after i use it for awhile. Thanks again!