Hi flashh4- popups driving me crazy!


Recommended Posts

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!
Do Not Remove anything or run any tools/programs until advised to do so !

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  


===================================


AdwCleaner
       
Please download adwcleaner by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the Clean button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.



NEXT

thisisujrt-1.gif
    Please download Junkware Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!



NEXT



Full System Scan with Malwarebytes Antimalware
 

    Please download http://www.malwarebytes.org/mbam-download.php Malwarebytes !

    Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    At the end, be sure a checkmark is placed next to the following:
        Launch Malwarebytes Anti-Malware
        A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    Click Finish.

    Run Malwarebytes Antimalware
    On the Dashboard, click the 'Update Now >>' link if it does not ask you to Update !
    After the update completes, click the 'Scan Now >>' button.
    Or, on the Dashboard, click the Scan Now >> button.
    If an update is available, click the Update Now button.
    A Threat Scan will begin.
    When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    In most cases, a restart will be required.
    Wait for the prompt to restart the computer to appear, then click on Yes.


    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply.
 

Post next:
1. AdwCleaner Log
2. Junkware Removal Log
3. Malwarebytes Log
Thanks
Chuck


 

Link to post
Share on other sites

This is for Rhonda because Paste isn't working for her !

 

# AdwCleaner v3.205 - Report created 30/04/2014 at 19:14:01 # Updated 28/04/2014 by Xplode # Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Ronda - RONDA-PC # Running from : C:\Users\Ronda\Downloads\adwcleaner.exe
# Option : Clean ***** [ Services ] *****
[#] Service Deleted : CltMngSvc ***** [ Files / Folders ] *****
 Folder Deleted : C:\Program Files (x86)\BrowserSafeguard
Folder Deleted : C:\Program Files (x86)\Re-Markable-soft
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\Program Files (x86)\Software Updater
Folder Deleted : C:\Program Files (x86)\TidyNetwork
Folder Deleted : C:\Users\Ronda\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Ronda\AppData\Local\TidyNetwork
 Folder Deleted : C:\Users\Ronda\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\Ronda\Documents\Optimizer Pro
Folder Deleted : C:\Users\Ronda\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
File Deleted : C:\END File Deleted : C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\user.js
File Deleted : C:\windows\Tasks\Re-Markable Update.job
File Deleted : C:\windows\System32\Tasks\Re-Markable Update
File Deleted : C:\windows\Tasks\Re-Markable_wd.job
File Deleted : C:\windows\System32\Tasks\Re-Markable_wd ***** [ Shortcuts ] ***** ***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\SearchProtectINT Key Deleted : HKCU\Software\SoftwareUpdater
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Software Updater_is1
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17041 -\\ Mozilla Firefox v29.0 (en-US) [ File : C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\prefs.js ]
 -\\ Google Chrome v [ File : C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\preferences ]




Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
************************* AdwCleaner[R0].txt - [5569 octets] - [30/04/2014 18:32:59] AdwCleaner[s0].txt - [5208 octets] - [30/04/2014 19:14:01]
 ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5268 octets] ##########

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Ronda on Wed 04/30/2014 at 19:53:15.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browsersafeguard



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Ronda\AppData\Roaming\mozilla\firefox\profiles\vx2lmpos.default\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 04/30/2014 at 20:00:31.10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/30/2014
Scan Time: 8:34:42 PM
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.01.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Ronda

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 256153
Time Elapsed: 24 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 10
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD, Quarantined, [5bdbcd7fe69575c1cc93b0f6d2311ae6],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TidyNetwork, Quarantined, [0036113b95e661d5302dccb123dff60a],
PUP.Optional.ReMarkable.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Re-Markable, Quarantined, [aa8c38144c2f43f3bfb49fdd788ae917],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\TidyNetwork, Quarantined, [c76f79d31467bf775aac1270986a4db3],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],
PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D8DED72E-6705-3D9A-E16F-5614187C59CD}, Quarantined, [ae88f15bbebdc4728d13d564a361dc24],

Registry Values: 1
PUP.Optional.BrowserSafeGuard.A, HKLM\SOFTWARE\WOW6432NODE\BROWSERSAFEGUARD|sourceid, browsersafeguard-rockettab-revenyou, Quarantined, [5bdbcd7fe69575c1cc93b0f6d2311ae6]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.BrowserSafeGuard, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard, Quarantined, [ae88aba19edddc5a664615950bf829d7],

Files: 33
PUP.Optional.Conduit, C:\temp\embededstub_new2.exe, Quarantined, [9f97bf8db6c5ec4ae57b2c9f0df6ba46],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsgF742.exe, Quarantined, [d85e8cc072091323b682879f57aab24e],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsk9997.exe, Quarantined, [181ec587e596fa3cd16773b36e93ca36],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsq9746.exe, Quarantined, [0f2718341c5fd26487b182a42fd28080],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nswF9C3.exe, Quarantined, [979f88c4cfac2b0be553a086837e0cf4],
PUP.Optional.Addlyrics, C:\Users\Ronda\AppData\Local\Temp\airBB4C.exe, Quarantined, [d5615af2bbc02610ef385023a75a758b],
PUP.Optional.InstallIQ, C:\Users\Ronda\AppData\Local\Temp\airDD89.exe, Quarantined, [78be0b412d4ece682318f9332dd30ff1],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsa9253.exe, Quarantined, [1323fa52403ba492b48443e3e91841bf],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsf8FB3.exe, Quarantined, [b4822c20d3a8ec4a3afe68be9f62bc44],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsg187C.exe, Quarantined, [91a598b45d1e3501c5733ceab34ead53],
PUP.Optional.SearchProtect.A, C:\Users\Ronda\AppData\Local\Temp\nsg1AED.exe, Quarantined, [2a0c410b06754ee80f29ef37936eec14],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\SearchProtectINT.exe, Quarantined, [51e50844bcbf2115f56e60b906fb946c],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\AppData\Local\Temp\setup.exe, Quarantined, [71c5b29a1467ac8a40cca892de22d12f],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\SPSetup.exe, Quarantined, [e3537fcdc0bb6dc99e89e7342ad79868],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\nsgB2B3\SpSetup.exe, Quarantined, [f640e06c5c1f39fdad7a89924fb29769],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Temp\nsk52E1\SpSetup.exe, Quarantined, [fa3c15370f6c05310c1b998213ee33cd],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nseA012.exe, Quarantined, [4beb84c882f98aac7fb9f531986960a0],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsfE3DF.exe, Quarantined, [5dd909434a31bd79d6626fb79f620bf5],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsg8FB9.exe, Quarantined, [68ce63e9f28978beff39ae789e636d93],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsh14B.exe, Quarantined, [44f2db71e09bbf7739ffa77fd9289d63],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsj9D24.exe, Quarantined, [d75fb597d8a30a2c94a42006778a37c9],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsn3E0E.exe, Quarantined, [0234a8a44e2d52e4ce6a2600728fa25e],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsoA30F.exe, Quarantined, [42f437155625bd7939ff6bbbbb460af6],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nss5FB1.exe, Quarantined, [61d50c406d0e9a9ca1970f17fa07ab55],
PUP.Optional.Conduit, C:\Windows\Temp\verifier.exe, Quarantined, [2a0c2e1ed5a68da975ebfbd01de6bf41],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsx199.exe, Quarantined, [d16573d9e09bf83ef84096908d749e62],
PUP.Optional.SearchProtect.A, C:\Windows\Temp\nsz9A75.exe, Quarantined, [6ec882cab7c4c57189af11154bb616ea],
PUP.Optional.Conduit.A, C:\Windows\Temp\nsu6FFB\SpSetup.exe, Quarantined, [2b0b96b6116a42f486a1b16a0ef338c8],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\Downloads\setup.exe, Quarantined, [be7867e50f6c9d9940cc4feb748ce020],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\Downloads\updater(1).exe, Quarantined, [0a2c4309205beb4bc547fb3f956bd828],
PUP.Optional.AirAdInstaller, C:\Users\Ronda\Downloads\updater.exe, Quarantined, [979f7ad296e594a2d23a21199c64827e],
PUP.Optional.BrowserSafeGuard, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowserSafeguard\BrowserSafeguard.lnk, Quarantined, [ae88aba19edddc5a664615950bf829d7],
PUP.Optional.Conduit.A, C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\preferences, Good: (), Bad: (        "search_url": "http://search.conduit.com/Results.aspx?ctid=CT3323878&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=5&UP=SP35BC10EE-C775-49C5-9F42-B10F924A35CA&q={searchTerms}&SSPV=",), Replaced,[67cf57f55823b6807d229bc7bf458b75]

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi Rhonda, very good job following instructions ! We have cleaned a bunch but more to do so lets get at it !!

 

Do Not Remove any programs/tools we have used, we will do that when we have finished !!

 

Download DDS and save it to your Desktop.  >>> DDS


    Double click dds.scr to run the tool.
    If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
    DDS will now scan your computer.
    When the scan is complete, DDS will open two (2) logs:
        DDS.txt
        Attach.txt
    If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
    Please note it is important that you post BOTH logs in your topic.


Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.


Any problems downloading or running DDS.scr, try THIS alternate (DDS.com) version of DDS http://download.bleepingcomputer.com/sUBs/dds.com
 

 

 

 

 

NEXT


Download OldTimer to your desk top !
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

* Double click OTL.exe to launch the program.
* Check the following.

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs.

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL.

* Please post me both logs. This may have to be broken into more than one post !   



Post Next:

1. DDS logs

2. OTL logs

 

Thanks

Chuck

 

I will write up a fix for things that are bad in the OTL or DDS logs that i find and post it after i get your logs !!

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041
Run by Ronda at 16:59:10 on 2014-05-01
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6056.3842 [GMT -7:00]
.
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\pcreg\pcreg.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


uProxyServer = hxxp=127.0.0.1:14291;https=127.0.0.1:49168
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll
uRun: [pcreg] C:\Program Files\pcreg\service.exe
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [pcreg] C:\Program Files\pcreg\service.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SOFTWA~1.LNK - C:\Program Files (x86)\Software Updater\SoftwareUpdater.exe
uPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-Explorer: HideSCAHealth = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll



TCP: NameServer = 192.168.0.1
TCP: Interfaces\{947F2CCB-CCA1-4DAA-902F-CE4EF6A5B8EE} : DHCPNameServer = 192.168.0.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [pcreg] C:\Program Files\pcreg\service.exe
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;C:\windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys [2014-4-25 61112]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2014-1-11 162824]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-30 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-30 857912]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2014-2-10 138272]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2014-1-11 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2014-1-11 126392]
R2 pcregservice;pcregservice Service;C:\Program Files\pcreg\pcreg.exe [2014-4-25 249024]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2014-1-11 2656280]
R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [2014-1-11 1151096]
R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2014-2-10 167072]
R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys [2014-1-11 488568]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-4-30 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-4-30 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-4-30 63192]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2014-1-11 38096]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-1-11 413800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2014-1-11 1103464]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2014-2-10 451192]
R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2014-2-10 1129120]
R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2014-2-10 190072]
R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2014-2-10 405624]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2014-1-11 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Re-Markable;Re-Markable;C:\Program Files (x86)\Re-Markable-soft\Re-MarkableRK161.exe --> C:\Program Files (x86)\Re-Markable-soft\Re-MarkableRK161.exe [?]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-4-28 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [2014-1-15 289256]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-1-11 250984]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-2-8 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-01 03:09:27    119512    ----a-w-    C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-05-01 03:08:17    88280    ----a-w-    C:\windows\System32\drivers\mbamchameleon.sys
2014-05-01 03:08:17    63192    ----a-w-    C:\windows\System32\drivers\mwac.sys
2014-05-01 03:08:17    25816    ----a-w-    C:\windows\System32\drivers\mbam.sys
2014-05-01 03:08:17    --------    d-----w-    C:\ProgramData\Malwarebytes
2014-05-01 03:08:17    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 02:53:12    --------    d-----w-    C:\windows\ERUNT
2014-05-01 02:20:00    --------    d-----w-    C:\Users\Ronda\AppData\Local\ElevatedDiagnostics
2014-05-01 01:33:12    536576    ----a-w-    C:\windows\SysWow64\sqlite3.dll
2014-05-01 01:32:43    --------    d-----w-    C:\AdwCleaner
2014-05-01 00:25:53    --------    d-----w-    C:\temp
2014-04-29 23:25:29    --------    d-----w-    C:\Users\Ronda\AppData\Local\WebBar
2014-04-29 23:25:28    --------    d-----w-    C:\ProgramData\InstallSightSDK
2014-04-29 23:25:25    --------    d-----w-    C:\Program Files\WebBar
2014-04-29 23:25:09    --------    d-----w-    C:\Program Files\pcreg
2014-04-29 23:14:23    10651704    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{92249C3D-EF64-4DDB-85B7-298DB6E25FB1}\mpengine.dll
2014-04-28 23:51:05    --------    d-sh--w-    C:\Users\Ronda\AppData\Local\EmieUserList
2014-04-28 23:51:05    --------    d-sh--w-    C:\Users\Ronda\AppData\Local\EmieSiteList
2014-04-25 14:24:34    61112    ----a-w-    C:\windows\System32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
2014-04-23 18:51:57    --------    d-----w-    C:\windows\Migration
.
==================== Find3M  ====================
.
2014-04-29 18:25:23    70832    ----a-w-    C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-29 18:25:23    692400    ----a-w-    C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-31 16:35:08    270496    ------w-    C:\windows\System32\MpSigStub.exe
2014-03-06 09:32:16    2724864    ----a-w-    C:\windows\System32\mshtml.tlb
2014-03-06 09:31:33    4096    ----a-w-    C:\windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07    2724864    ----a-w-    C:\windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40    139264    ----a-w-    C:\windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\windows\System32\win32k.sys
2014-02-05 01:30:30    175736    ----a-w-    C:\windows\System32\drivers\SYMEVENT64x86.SYS
2014-02-04 02:35:56    190912    ----a-w-    C:\windows\System32\drivers\storport.sys
2014-02-04 02:35:49    274880    ----a-w-    C:\windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35    27584    ----a-w-    C:\windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22    1424384    ----a-w-    C:\windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12    624128    ----a-w-    C:\windows\System32\qedit.dll
2014-02-04 02:28:36    2048    ----a-w-    C:\windows\System32\iologmsg.dll
2014-02-04 02:04:22    1230336    ----a-w-    C:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11    509440    ----a-w-    C:\windows\SysWow64\qedit.dll
2014-02-04 02:00:39    2048    ----a-w-    C:\windows\SysWow64\iologmsg.dll
.
============= FINISH: 17:00:10.73 ===============

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/11/2014 5:47:14 PM
System Uptime: 5/1/2014 4:42:32 PM (1 hours ago)
.
Motherboard: Intel Corporation |  | Oneonta Falls
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU 1 | 2401/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 682 GiB total, 637.055 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP15: 2/26/2014 5:41:35 PM - Windows Update
RP16: 3/2/2014 6:48:13 AM - Windows Update
RP17: 3/7/2014 8:23:51 PM - Windows Update
RP18: 3/13/2014 8:06:30 PM - Installed iTunes
RP19: 3/13/2014 8:08:55 PM - Windows Update
RP20: 3/14/2014 6:16:34 PM - Windows Update
RP21: 3/18/2014 10:25:14 AM - Windows Update
RP22: 3/22/2014 7:40:29 PM - Windows Update
RP23: 3/22/2014 9:39:32 PM - Removed Amazon Links
RP24: 3/25/2014 12:25:04 PM - Windows Update
RP25: 3/29/2014 7:20:08 AM - Windows Update
RP26: 4/1/2014 10:57:09 AM - Windows Update
RP27: 4/4/2014 6:25:00 PM - Windows Update
RP28: 4/9/2014 2:07:52 PM - Windows Update
RP29: 4/13/2014 7:26:29 PM - Windows Update
RP30: 4/20/2014 4:23:58 PM - Windows Update
RP31: 4/23/2014 11:49:55 AM - Windows Update
RP32: 4/28/2014 8:43:49 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader X MUI
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
BrowserSafeguard with Rockettab
D3DX10
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iTunes
Java Auto Updater
Java 6 Update 25
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 2.0.1.1004
McAfee Security Scan Plus
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Mozilla Firefox 29.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Norton Internet Security
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Re-Markable
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skype Launcher
Synaptics Pointing Device Driver
TidyNetwork
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== End Of File ===========================
 

Link to post
Share on other sites

OTL logfile created on: 5/1/2014 5:06:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ronda\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17041)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.91 Gb Total Physical Memory | 3.79 Gb Available Physical Memory | 64.08% Memory free
11.83 Gb Paging File | 9.43 Gb Available in Paging File | 79.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 682.06 Gb Total Space | 637.06 Gb Free Space | 93.40% Space Free | Partition Type: NTFS
 
Computer Name: RONDA-PC | User Name: Ronda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/05/01 17:05:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ronda\Downloads\OTL.scr
PRC - [2014/04/30 06:34:48 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\mozilla firefox\firefox.exe
PRC - [2014/04/29 11:25:23 | 001,864,368 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
PRC - [2014/04/25 01:13:10 | 000,249,024 | ---- | M] () -- C:\Program Files\pcreg\pcreg.exe
PRC - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/04/03 09:49:06 | 006,963,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
PRC - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
PRC - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/06/04 17:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/04/30 06:34:47 | 003,845,232 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\mozjs.dll
MOD - [2014/04/29 11:25:22 | 016,351,920 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
MOD - [2014/02/12 20:58:32 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2014/02/12 20:58:10 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2014/04/25 01:13:10 | 000,249,024 | ---- | M] () [Auto | Running] -- C:\Program Files\pcreg\pcreg.exe -- (pcregservice)
SRV:64bit: - [2014/03/06 01:29:14 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2014/01/15 17:42:12 | 000,289,256 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe -- (McComponentHostService)
SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/07/01 12:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)
SRV:64bit: - [2011/06/09 22:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2011/05/24 10:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)
SRV:64bit: - [2011/05/17 15:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/10/20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/09 18:26:34 | 000,162,824 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\GFNEXSrv.exe -- (GFNEXSrv)
SRV - [2014/04/30 06:34:47 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/04/29 11:25:23 | 000,257,712 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/04/03 09:49:12 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2014/04/03 09:49:12 | 000,857,912 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/06/26 20:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 20:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2012/06/15 19:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2011/07/19 08:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2011/07/19 08:48:25 | 000,123,320 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2011/07/11 18:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/12/20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014/04/30 20:39:54 | 000,119,512 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2014/04/24 12:29:30 | 000,061,112 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys -- ({552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64)
DRV:64bit: - [2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2014/02/04 18:30:30 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/06/26 20:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 20:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 20:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 20:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 19:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 19:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 21:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 18:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 19:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 18:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/31 13:53:20 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/25 11:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/02/03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/01/13 20:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/02 17:48:38 | 001,103,464 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/10/29 17:11:42 | 000,250,984 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009/07/30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 16:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 16:36:48 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)
DRV:64bit: - [2009/06/19 20:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/08/19 02:00:00 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/09 18:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS -- (NAVEX15)
DRV - [2011/08/09 18:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS -- (NAVENG)
DRV - [2011/07/20 10:43:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}
IE:64bit: - HKLM\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140418,19669,0,FF28,7635
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS573
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14291;https=127.0.0.1:49168
 
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}: "URL" = http://us.yhs4.search.yahoo.com/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140418,19669,0,FF28,7635
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS573
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:14291;https=127.0.0.1:49168
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.order.2: ""
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:29.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2014/01/11 18:47:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2014/04/30 20:38:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Components: C:\program files (x86)\mozilla firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0\extensions\\Plugins: C:\program files (x86)\mozilla firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{90CA2A0F-E849-2B65-0592-F0E266A350C4}: C:\Program Files (x86)\Re-Markable-soft\161.xpi
 
[2014/03/25 12:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronda\AppData\Roaming\Mozilla\Extensions
[2014/04/30 19:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\extensions
[2014/04/30 06:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014/04/30 06:34:53 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Conduit Search (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url = http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms},
CHR - plugin: First user (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflfgignhfidipfhophfcapmoalfkklg\1.161.0.0_0\
CHR - Extension: Google Wallet = C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
CHR - Extension: Google Wallet = C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\Run: [pcreg] C:\Program Files\pcreg\service.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{947F2CCB-CCA1-4DAA-902F-CE4EF6A5B8EE}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/04/30 20:09:27 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/30 20:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/30 20:08:17 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/30 20:08:17 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/30 20:08:17 | 000,025,816 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2014/04/30 20:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes Anti-Malware
[2014/04/30 20:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/04/30 19:53:12 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/04/30 19:20:00 | 000,000,000 | ---D | C] -- C:\Users\Ronda\AppData\Local\ElevatedDiagnostics
[2014/04/30 18:33:12 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/04/30 18:32:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/04/30 17:25:53 | 000,000,000 | ---D | C] -- C:\temp
[2014/04/30 06:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mozilla firefox
[2014/04/29 16:25:29 | 000,000,000 | ---D | C] -- C:\Users\Ronda\AppData\Local\WebBar
[2014/04/29 16:25:28 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallSightSDK
[2014/04/29 16:25:25 | 000,000,000 | ---D | C] -- C:\Program Files\WebBar
[2014/04/29 16:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\pcreg
[2014/04/29 16:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo!
[2014/04/29 16:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software Updater
[2014/04/28 16:51:05 | 000,000,000 | -HSD | C] -- C:\Users\Ronda\AppData\Local\EmieUserList
[2014/04/28 16:51:05 | 000,000,000 | -HSD | C] -- C:\Users\Ronda\AppData\Local\EmieSiteList
[2014/04/28 08:49:30 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
[2014/04/28 08:49:30 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
[2014/04/28 08:49:29 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2014/04/28 08:49:22 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2014/04/28 08:49:22 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\JavaScriptCollectionAgent.dll
[2014/04/28 08:49:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll
[2014/04/28 08:49:22 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollectorres.dll
[2014/04/28 08:49:20 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9diag.dll
[2014/04/28 08:49:20 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll
[2014/04/28 08:49:19 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2014/04/28 08:49:19 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll
[2014/04/28 08:49:19 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll
[2014/04/28 08:49:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll
[2014/04/28 08:49:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
[2014/04/28 08:49:18 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
[2014/04/28 08:49:18 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll
[2014/04/28 08:49:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll
[2014/04/28 08:49:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll
[2014/04/28 08:49:18 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
[2014/04/28 08:49:16 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsSpellCheckingFacility.exe
[2014/04/28 08:49:16 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieapfltr.dll
[2014/04/28 08:49:16 | 000,704,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieapfltr.dll
[2014/04/28 08:49:16 | 000,592,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript9diag.dll
[2014/04/28 08:49:16 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwcollector.exe
[2014/04/28 08:49:16 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieetwproxystub.dll
[2014/04/28 08:49:16 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieetwproxystub.dll
[2014/04/28 08:49:14 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2014/04/28 08:49:14 | 001,967,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2014/04/28 08:49:12 | 005,784,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2014/04/25 07:24:34 | 000,061,112 | ---- | C] (StdLib) -- C:\windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/23 11:51:57 | 000,000,000 | ---D | C] -- C:\windows\Migration
[2014/04/14 19:34:35 | 000,000,000 | ---D | C] -- C:\Users\Ronda\Desktop\misc pics
[2014/04/09 14:08:51 | 000,190,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2014/04/09 14:08:51 | 000,027,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2014/04/09 14:08:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iologmsg.dll
[2014/04/09 14:08:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iologmsg.dll
[2014/04/09 14:08:48 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\kernel32.dll
[2014/04/09 14:08:48 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2014/04/09 14:08:48 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64.dll
[2014/04/09 14:08:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\setup16.exe
[2014/04/09 14:08:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntvdm64.dll
[2014/04/09 14:08:48 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntvdm64.dll
[2014/04/09 14:08:48 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64cpu.dll
[2014/04/09 14:08:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\instnm.exe
[2014/04/09 14:08:48 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wow32.dll
[2014/04/09 14:08:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\user.exe
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/05/01 16:53:31 | 000,782,164 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/05/01 16:53:31 | 000,662,338 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/05/01 16:53:31 | 000,121,916 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/05/01 16:50:50 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 16:50:50 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/05/01 16:50:30 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/05/01 16:50:20 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/04/30 20:39:54 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/04/30 20:35:56 | 467,644,415 | -HS- | M] () -- C:\hiberfil.sys
[2014/04/30 20:08:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 16:24:48 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2014/04/29 16:23:53 | 000,001,127 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/04/29 11:25:23 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2014/04/29 11:25:23 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2014/04/28 08:45:25 | 000,774,870 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/04/24 12:29:30 | 000,061,112 | ---- | M] (StdLib) -- C:\windows\SysNative\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
[2014/04/03 09:51:16 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2014/04/03 09:51:04 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/04/03 09:50:58 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/04/30 20:08:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/04/29 16:24:48 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2014/04/29 16:23:53 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk
[2014/02/26 19:41:57 | 000,774,870 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2014/01/11 15:27:33 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2014/01/11 15:22:32 | 000,128,312 | ---- | C] () -- C:\windows\SysWow64\GFNEX.dll
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Purity Check ==========
 
 

< End of report >
 

Link to post
Share on other sites

Ok Rhonda while i am reading threw this stuff run these 2 programs next ! Copy & paste logs !

 

Thanks

Chuck

 

 

===========================

 

 

Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.

We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.

Download >>> http://support.kaspersky.com/downloads/utils/tdsskiller.zip <<< and save it to your Desktop.
* Extract its contents to your desktop.
* Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

    * Windows XP : Double click on the icon to run it.
    * Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

 Press Start Scan

    * Only if Malicious objects are found then ensure Cure is selected
    * Then click Continue > Reboot now

Copy and paste the log in your next reply !
A copy of the log will be saved automatically to the root of the drive (typically C:\)

=======================


Security Check

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1 >>> http://screen317.spywareinfoforum.org/SecurityCheck.exe.

Link 2 >>> http://screen317.changelog.fr/SecurityCheck.exe

    * Double click SecurityCheck.exe and follow the onscreen instructions inside the black box.
    * A Notepad document should open automatically called checkup.txt
    * Please post the contents of that document in your next reply.
 

 

Thanks

Chuck

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 6 Update 25  
 Java version out of Date!
 Adobe Flash Player 13.0.0.206  
 Mozilla Firefox (29.0)
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 8%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Rhonda run this insted of the TDSS Killer !!

 

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them
2. With Admin Rights (Right click, choose "Run as Administrator")


Download ComboFix from this location:

Link 1
 http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Link 2
http://www.infospyware.net/antimalware/combofix


* IMPORTANT !!! Save ComboFix.exe to your Desktop



  * Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

    *  See this Link >>> http://www.bleepingcomputer.com/forums/topic114351.html <<<  for programs that need to be disabled and instruction on how to disable them.
   
    *  Remember to re-enable them when we're done.

    *  Double click on ComboFix.exe & follow the prompts.

    *  As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    *  Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.



**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

 Notes:   

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of  ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4.  CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.   

Give it atleast 20-30 minutes to finish if needed.

 Please do not attach the scan results from Combofix. Use copy/paste.   



Post the log !

Thanks

Chuck

Link to post
Share on other sites

Rhonda ..... after you post the Combofix log !!

 

Do these steps next !

 

Step 1.  In your add/remove program panel remove this below if present :
Javaâ„¢ 6 Update 25

 

Step 2. Go here & run the Norton removal tool >>> Norton Removal <<<<  For removal all products of Norton >> http://www.majorgeeks.com/mg/get/norton_removal_tool,1.html


Step 3. Run an OTL Fix below, watch where to start the copying !!!

 

We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the customFix.png.  text box of the OTL tool/program ! Start with and include the colon plus  :OTL

:OTLIE:64bit: - HKLM\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}IE:64bit: - HKLM\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.co...sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKLM\..\SearchScopes,DefaultScope =IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCIE - HKLM\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.co...sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope =IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}: "URL" = http://www.google.co...sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}: "URL" = http://us.yhs4.searc...m/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140418,19669,0,FF28,7635IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.co...sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS573IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes,DefaultScope = {FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}: "URL" = http://www.google.co...sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNPIE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}: "URL" = http://us.yhs4.searc...m/yhs/search?p={searchTerms}&ei=UTF-8&hspart=w3i&hsimp=yhs-synd1&type=W3i_DS,221,0_0,Search,20140418,19669,0,FF28,7635IE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}: "URL" = http://www.google.co...sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS573FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not foundFF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found[2014/03/25 12:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronda\AppData\Roaming\Mozilla\Extensions[2014/04/30 19:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\extensions[2014/04/30 06:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensionsCHR - Extension: No name found = C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflfgignhfidipfhophfcapmoalfkklg\1.161.0.0_0\O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O3 - HKU\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.O4:64bit: - HKLM..\Run: []  File not foundO4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO4 - HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not foundO1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.:Commands[emptyjava][emptyflash][EMPTYTEMP][RESETHOSTS][CREATERESTOREPOINT][Reboot]

# Then click the Run Fix button at the top.
# Click btnOK.png
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

 

 

Post the OTL Fix Log next !

 

Thanks

Chuck

 

 

Link to post
Share on other sites

ComboFix 14-04-30.01 - Ronda 05/01/2014  19:52:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6056.3903 [GMT -7:00]
Running from: c:\users\Ronda\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ronda\AppData\Local\Microsoft\Windows\Temporary Internet Files\PlurPush_iels
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-02 to 2014-05-02  )))))))))))))))))))))))))))))))
.
.
2014-05-02 02:56 . 2014-05-02 02:56    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-05-01 03:09 . 2014-05-01 03:39    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-01 03:08 . 2014-05-01 03:08    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-01 03:08 . 2014-05-01 03:08    --------    d-----w-    c:\programdata\Malwarebytes
2014-05-01 03:08 . 2014-04-03 16:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-01 03:08 . 2014-04-03 16:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-01 03:08 . 2014-04-03 16:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-01 02:53 . 2014-05-01 02:53    --------    d-----w-    c:\windows\ERUNT
2014-05-01 02:20 . 2014-05-01 02:20    --------    d-----w-    c:\users\Ronda\AppData\Local\ElevatedDiagnostics
2014-05-01 01:33 . 2010-08-30 15:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-05-01 01:32 . 2014-05-01 02:14    --------    d-----w-    C:\AdwCleaner
2014-05-01 00:25 . 2014-05-01 03:34    --------    d-----w-    C:\temp
2014-04-29 23:25 . 2014-04-29 23:25    --------    d-----w-    c:\users\Ronda\AppData\Local\WebBar
2014-04-29 23:25 . 2014-05-01 00:44    --------    d-----w-    c:\programdata\InstallSightSDK
2014-04-29 23:25 . 2014-05-01 00:44    --------    d-----w-    c:\program files\WebBar
2014-04-29 23:25 . 2014-04-29 23:25    --------    d-----w-    c:\program files\pcreg
2014-04-29 23:24 . 2014-05-01 00:45    --------    d-----w-    c:\programdata\Yahoo!
2014-04-29 23:14 . 2014-04-17 12:31    10651704    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{92249C3D-EF64-4DDB-85B7-298DB6E25FB1}\mpengine.dll
2014-04-28 23:51 . 2014-04-28 23:51    --------    d-sh--w-    c:\users\Ronda\AppData\Local\EmieUserList
2014-04-28 23:51 . 2014-04-28 23:51    --------    d-sh--w-    c:\users\Ronda\AppData\Local\EmieSiteList
2014-04-25 14:24 . 2014-04-24 19:29    61112    ----a-w-    c:\windows\system32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys
2014-04-23 18:51 . 2014-04-23 18:51    --------    d-----w-    c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 18:25 . 2014-03-26 23:48    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-29 18:25 . 2011-11-03 12:51    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-31 16:35 . 2010-11-21 03:27    270496    ------w-    c:\windows\system32\MpSigStub.exe
2014-03-04 09:17 . 2014-04-09 21:08    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-02-10 20:47 . 2014-02-10 20:47    194048    ----a-w-    c:\windows\SysWow64\elshyph.dll
2014-02-10 20:47 . 2014-02-10 20:47    942592    ----a-w-    c:\windows\system32\jsIntl.dll
2014-02-10 20:47 . 2014-02-10 20:47    90112    ----a-w-    c:\windows\system32\SetIEInstalledDate.exe
2014-02-10 20:47 . 2014-02-10 20:47    86016    ----a-w-    c:\windows\SysWow64\iesysprep.dll
2014-02-10 20:47 . 2014-02-10 20:47    86016    ----a-w-    c:\windows\system32\RegisterIEPKEYs.exe
2014-02-10 20:47 . 2014-02-10 20:47    84992    ----a-w-    c:\windows\system32\mshtmled.dll
2014-02-10 20:47 . 2014-02-10 20:47    83968    ----a-w-    c:\windows\system32\MshtmlDac.dll
2014-02-10 20:47 . 2014-02-10 20:47    81408    ----a-w-    c:\windows\system32\icardie.dll
2014-02-10 20:47 . 2014-02-10 20:47    774144    ----a-w-    c:\windows\system32\jscript.dll
2014-02-10 20:47 . 2014-02-10 20:47    77312    ----a-w-    c:\windows\system32\tdc.ocx
2014-02-10 20:47 . 2014-02-10 20:47    74240    ----a-w-    c:\windows\SysWow64\SetIEInstalledDate.exe
2014-02-10 20:47 . 2014-02-10 20:47    71680    ----a-w-    c:\windows\SysWow64\RegisterIEPKEYs.exe
2014-02-10 20:47 . 2014-02-10 20:47    645120    ----a-w-    c:\windows\SysWow64\jsIntl.dll
2014-02-10 20:47 . 2014-02-10 20:47    62464    ----a-w-    c:\windows\SysWow64\tdc.ocx
2014-02-10 20:47 . 2014-02-10 20:47    62464    ----a-w-    c:\windows\system32\pngfilt.dll
2014-02-10 20:47 . 2014-02-10 20:47    61952    ----a-w-    c:\windows\SysWow64\MshtmlDac.dll
2014-02-10 20:47 . 2014-02-10 20:47    616104    ----a-w-    c:\windows\system32\ieapfltr.dat
2014-02-10 20:47 . 2014-02-10 20:47    52224    ----a-w-    c:\windows\system32\msfeedsbs.dll
2014-02-10 20:47 . 2014-02-10 20:47    48640    ----a-w-    c:\windows\SysWow64\mshtmler.dll
2014-02-10 20:47 . 2014-02-10 20:47    48640    ----a-w-    c:\windows\system32\mshtmler.dll
2014-02-10 20:47 . 2014-02-10 20:47    48128    ----a-w-    c:\windows\system32\imgutil.dll
2014-02-10 20:47 . 2014-02-10 20:47    413696    ----a-w-    c:\windows\system32\html.iec
2014-02-10 20:47 . 2014-02-10 20:47    36352    ----a-w-    c:\windows\SysWow64\imgutil.dll
2014-02-10 20:47 . 2014-02-10 20:47    337408    ----a-w-    c:\windows\SysWow64\html.iec
2014-02-10 20:47 . 2014-02-10 20:47    30208    ----a-w-    c:\windows\system32\licmgr10.dll
2014-02-10 20:47 . 2014-02-10 20:47    263376    ----a-w-    c:\windows\system32\iedkcs32.dll
2014-02-10 20:47 . 2014-02-10 20:47    247808    ----a-w-    c:\windows\system32\msls31.dll
2014-02-10 20:47 . 2014-02-10 20:47    24576    ----a-w-    c:\windows\SysWow64\licmgr10.dll
2014-02-10 20:47 . 2014-02-10 20:47    243200    ----a-w-    c:\windows\system32\webcheck.dll
2014-02-10 20:47 . 2014-02-10 20:47    235520    ----a-w-    c:\windows\system32\url.dll
2014-02-10 20:47 . 2014-02-10 20:47    235008    ----a-w-    c:\windows\system32\elshyph.dll
2014-02-10 20:47 . 2014-02-10 20:47    182272    ----a-w-    c:\windows\SysWow64\msls31.dll
2014-02-10 20:47 . 2014-02-10 20:47    167424    ----a-w-    c:\windows\system32\iexpress.exe
2014-02-10 20:47 . 2014-02-10 20:47    151552    ----a-w-    c:\windows\SysWow64\iexpress.exe
2014-02-10 20:47 . 2014-02-10 20:47    147968    ----a-w-    c:\windows\system32\occache.dll
2014-02-10 20:47 . 2014-02-10 20:47    143872    ----a-w-    c:\windows\system32\wextract.exe
2014-02-10 20:47 . 2014-02-10 20:47    139264    ----a-w-    c:\windows\SysWow64\wextract.exe
2014-02-10 20:47 . 2014-02-10 20:47    13824    ----a-w-    c:\windows\system32\mshta.exe
2014-02-10 20:47 . 2014-02-10 20:47    135680    ----a-w-    c:\windows\system32\iepeers.dll
2014-02-10 20:47 . 2014-02-10 20:47    13312    ----a-w-    c:\windows\SysWow64\mshta.exe
2014-02-10 20:47 . 2014-02-10 20:47    13312    ----a-w-    c:\windows\system32\msfeedssync.exe
2014-02-10 20:47 . 2014-02-10 20:47    131072    ----a-w-    c:\windows\system32\IEAdvpack.dll
2014-02-10 20:47 . 2014-02-10 20:47    1228800    ----a-w-    c:\windows\system32\mshtmlmedia.dll
2014-02-10 20:47 . 2014-02-10 20:47    111616    ----a-w-    c:\windows\SysWow64\IEAdvpack.dll
2014-02-10 20:47 . 2014-02-10 20:47    105984    ----a-w-    c:\windows\system32\iesysprep.dll
2014-02-10 20:47 . 2014-02-10 20:47    1051136    ----a-w-    c:\windows\SysWow64\mshtmlmedia.dll
2014-02-10 20:47 . 2014-02-10 20:47    101376    ----a-w-    c:\windows\system32\inseng.dll
2014-02-07 01:23 . 2014-03-14 03:12    3156480    ----a-w-    c:\windows\system32\win32k.sys
2014-02-06 04:09 . 2014-02-06 04:09    9728    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    9728    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    648192    ----a-w-    c:\windows\system32\d3d10level9.dll
2014-02-06 04:09 . 2014-02-06 04:09    604160    ----a-w-    c:\windows\SysWow64\d3d10level9.dll
2014-02-06 04:09 . 2014-02-06 04:09    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    5632    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    5632    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    522752    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2014-02-06 04:09 . 2014-02-06 04:09    4096    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    4096    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    364544    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2014-02-06 04:09 . 2014-02-06 04:09    363008    ----a-w-    c:\windows\system32\dxgi.dll
2014-02-06 04:09 . 2014-02-06 04:09    3584    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    3584    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    333312    ----a-w-    c:\windows\system32\d3d10_1core.dll
2014-02-06 04:09 . 2014-02-06 04:09    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    3072    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    3072    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    296960    ----a-w-    c:\windows\system32\d3d10core.dll
2014-02-06 04:09 . 2014-02-06 04:09    293376    ----a-w-    c:\windows\SysWow64\dxgi.dll
2014-02-06 04:09 . 2014-02-06 04:09    2776576    ----a-w-    c:\windows\system32\msmpeg2vdec.dll
2014-02-06 04:09 . 2014-02-06 04:09    2560    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    2560    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    249856    ----a-w-    c:\windows\SysWow64\d3d10_1core.dll
2014-02-06 04:09 . 2014-02-06 04:09    245248    ----a-w-    c:\windows\system32\WindowsCodecsExt.dll
2014-02-06 04:09 . 2014-02-06 04:09    2284544    ----a-w-    c:\windows\SysWow64\msmpeg2vdec.dll
2014-02-06 04:09 . 2014-02-06 04:09    221184    ----a-w-    c:\windows\system32\UIAnimation.dll
2014-02-06 04:09 . 2014-02-06 04:09    220160    ----a-w-    c:\windows\SysWow64\d3d10core.dll
2014-02-06 04:09 . 2014-02-06 04:09    207872    ----a-w-    c:\windows\SysWow64\WindowsCodecsExt.dll
2014-02-06 04:09 . 2014-02-06 04:09    194560    ----a-w-    c:\windows\system32\d3d10_1.dll
2014-02-06 04:09 . 2014-02-06 04:09    187392    ----a-w-    c:\windows\SysWow64\UIAnimation.dll
2014-02-06 04:09 . 2014-02-06 04:09    1682432    ----a-w-    c:\windows\system32\XpsPrint.dll
2014-02-06 04:09 . 2014-02-06 04:09    1643520    ----a-w-    c:\windows\system32\DWrite.dll
2014-02-06 04:09 . 2014-02-06 04:09    161792    ----a-w-    c:\windows\SysWow64\d3d10_1.dll
2014-02-06 04:09 . 2014-02-06 04:09    1247744    ----a-w-    c:\windows\SysWow64\DWrite.dll
2014-02-06 04:09 . 2014-02-06 04:09    1238528    ----a-w-    c:\windows\system32\d3d10.dll
2014-02-06 04:09 . 2014-02-06 04:09    1175552    ----a-w-    c:\windows\system32\FntCache.dll
2014-02-06 04:09 . 2014-02-06 04:09    1158144    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2014-02-06 04:09 . 2014-02-06 04:09    1080832    ----a-w-    c:\windows\SysWow64\d3d10.dll
2014-02-06 04:09 . 2014-02-06 04:09    10752    ---ha-w-    c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-06 04:09 . 2014-02-06 04:09    10752    ---ha-w-    c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-02-05 01:30 . 2014-01-11 22:46    175736    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-02-04 02:32 . 2014-03-14 03:08    1424384    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-14 03:08    624128    ----a-w-    c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-14 03:08    1230336    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-14 03:08    509440    ----a-w-    c:\windows\SysWow64\qedit.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"NortonOnlineBackupReminder"="c:\program files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" [2011-06-22 3218864]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-15 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Re-Markable;Re-Markable;c:\program files (x86)\Re-Markable-soft\Re-MarkableRK161.exe;c:\program files (x86)\Re-Markable-soft\Re-MarkableRK161.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 {552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64;c:\windows\system32\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys;c:\windows\SYSNATIVE\drivers\{552199fb-9890-4055-9aaf-b2f6d51d46e9}Gw64.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 GFNEXSrv;GFNEX Service;c:\windows\System32\GFNEXSrv.exe;c:\windows\SYSNATIVE\GFNEXSrv.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 pcregservice;pcregservice Service;c:\program files\pcreg\pcreg.exe;c:\program files\pcreg\pcreg.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSVia64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-26 18:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-07 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-07 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-07 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440]
"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-06-03 2226280]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"pcreg"="c:\program files\pcreg\service.exe" [2014-04-25 89816]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:14291;https=127.0.0.1:49168
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\SoftwareUpdater.lnk - c:\program files (x86)\Software Updater\SoftwareUpdater.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-BC81280F-F047-C5E3-27B5-D6AF61072A5F - c:\program files (x86)\Re-Markable-soft\Uninstall.exe
AddRemove-Browsersafeguard - c:\program files (x86)\Browsersafeguard\uninstall.BrowserSafeguard.exe
AddRemove-TidyNetwork - c:\users\Ronda\AppData\Local\TidyNetwork\TidyNetwork.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-05-01  19:58:25
ComboFix-quarantined-files.txt  2014-05-02 02:58
.
Pre-Run: 685,587,488,768 bytes free
Post-Run: 685,638,160,384 bytes free
.
- - End Of File - - 4E698A20B3A6F9431EB50C08563D741E

Link to post
Share on other sites

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Unable to set value : HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8F78842A-3E7C-4085-AD9F-1285123912B1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F78842A-3E7C-4085-AD9F-1285123912B1}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FAD4627B-BE46-42FD-8231-ED58D1948378}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FAD4627B-BE46-42FD-8231-ED58D1948378}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB4BEF21-6EFA-4400-96B3-D95366BD5597}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\SearchScopes\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FE319DF4-EDE5-4B10-BB99-9588F48EC4EE}\ not found.
Unable to set value : HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E!
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
C:\Users\Ronda\AppData\Roaming\Mozilla\Extensions folder moved successfully.
C:\Users\Ronda\AppData\Roaming\Mozilla\Firefox\Profiles\vx2lmpos.default\extensions folder moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\extensions folder moved successfully.
C:\Users\Ronda\AppData\Local\Google\Chrome\User Data\Default\Extensions\nflfgignhfidipfhophfcapmoalfkklg\1.161.0.0_0 folder moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry key HKEY_USERS\S-1-5-21-3271951059-1772318387-167408843-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.
Registry key HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\RunOnce not found.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: Ronda
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
->Flash cache emptied: 56466 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Ronda
->Flash cache emptied: 61781 bytes
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Ronda
->Temp folder emptied: 24534578 bytes
->Temporary Internet Files folder emptied: 346002749 bytes
->FireFox cache emptied: 23975393 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 45878 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 747 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 43277516 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 418.00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 05012014_204833

Files\Folders moved on Reboot...
C:\Users\Ronda\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Ronda\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
C:\windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Great job lady ! Ok time for some lean-up !!

 

Clean up with OTL


    Right-click OTL.exe and select " Run as administrator " to run it.
    This will remove all the tools we used to clean your pc.
    Close all other programs apart from OTL as this step will require a reboot
    On the OTL main screen, press the CleanUp! button
    Say Yes to the prompt and then allow the program to reboot your computer.

You can now delete any tools we used if they remain on your Desktop.
 

 

==============================

 

 

 
Congratulation you are clean !!!

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

 
 *From within Internet Explorer click on the Tools menu and then click on Options.
 *Click once on the Security tab
 *Click once on the Internet icon so it becomes highlighted.
 *Click once on the Custom Level button.
 *Change the Download signed ActiveX controls to Prompt
 *Change the Download unsigned ActiveX controls to Disable
 *Change the Initialize and script ActiveX controls not marked as safe to Disable
 *Change the Installation of desktop items to Prompt
 *Change the Launching programs and files in an IFRAME to Prompt
 *Change the Navigate sub-frames across different domains to Prompt
 *When all these settings have been made, click on the OK button.
 *If it prompts you as to whether or not you want to save the settings, press the Yes button.
 *Next press the Apply button and then the OK to exit the Internet Properties page.

==========================

Make your Mozilla Firefox more secure - This can be done by adding these add-ons:

   NoScript
   AdBlockPlus

=============================

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

=============================

Free Anti-Virus

  Avast Free Antivirus
  Avira Free Antivirus 2013
  PC Tools AntiVirus Free
  Ad-Aware Free Antivirus

========================

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here.

 Online Armor Free
 Agnitum Outpost Firewall Free
 Comodo Firewall

=======================

Make sure you keep your Windows OS current. Windows XP users can visit  Windows updatedefault.asp regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

=======================

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

==========================

WOT(Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

==========================

I also recommend that you read the following:
How to prevent malware by miekiemoes

==========================

To insure better safety, these are a must have:
Rule #1 ........ Good Antivirus
Rule #2 ........ Good Firewall
Rule #3 ........ Good Router is Great ! (optional but best)


Happy surfing and Stay Clean
Chuck
 

 

 

========================

 

Here is the free Antivirus & how to set it up, make sure you click the free version !! http://download.cnet.com/Avast-Free-Antivirus-2014/3000-2239_4-10019223.html?part=dl-85737&subj=dl&tag=button

 

Instructions for setting up AVAST !!

 1. Right-click the Avast icon located in the notification area of the Windows task bar. Select "Program Settings" to launch the Avast settings window.
 2. Click "Common" in the left column to view common configuration needs. Place a check mark next to each option you want to enable.
 3. Click "Appearance" in the left column to change how the Avast icon and user interface is displayed on your computer. You can choose to animate the Avast icon and select optional translucent effects for the user interface.
 4. Select "Chest" from the left column. Configure the options for the Chest size. The Chest is where quarantined files are kept. Additionally, you can configure the maximum size of report files to be sent when a virus is found on your computer.
 5. Click "Confirmations" to alter when Avast will question you about what to do with an infected file or before performing certain actions.
 6. Choose the "Language" option located in the left column to install additional languages for Avast. By default, English is the only available language.
 7. Use the "Sounds" selection to change Avast sounds or to disable Avast sounds completely.
 8. Configure the Log file limit and the logging level by selecting "Logging" from the left column. Select "Exclusions" to add files for Avast to ignore when scanning your computer.
 9. Click "Update" to configure update options. You can choose Avast to automatically update, ask when a new update is available, or only allow manual updates.
10.   Select "Troubleshooting" to configure options that help when you are having problems with Avast. You can configure Avast to only display pop-ups if a full screen application is not running or to disable the rootkit scan Avast Antivirus performs as your system boots up.
11. Click "OK" to apply the new configuration and close the configuration options.
 

Link to post
Share on other sites

Ronda, Let me know how it's running & if any other problems exist !! Ok, it may run a little slow until it reboots normally a few times !

 

If not you are good to go !!

 

Chuck

Link to post
Share on other sites

You welcome Ronda ! I will lock this after 5 days, if you need it re-opened just PM me or another Mod ! We do this to keep the drive- by's from posting into your topic !

 

Chuck

Link to post
Share on other sites

Seeing how the problems have been resolved this topic is now closed ! If for some reason you need it re-opened please PM me or another Mod !

 

Thanks

Chuck

Link to post
Share on other sites
Guest
This topic is now closed to further replies.