Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Zeroaccess.C and Trojan.Gen.2


  • This topic is locked This topic is locked
18 replies to this topic

#1 gbayless

gbayless

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 06 September 2013 - 01:58 AM

i would love help removing these viruses that appeared after i removed the FBI ransomware. My antivirus is currently holding them at bay. OS is windows7 64 bit

 

 

and the DDS

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2010 6:09:10 PM
System Uptime: 9/5/2013 9:19:31 PM (4 hours ago)
.
Motherboard: TOSHIBA |  | NWQAA
Processor: Intel® Core™ i3 CPU       M 370  @ 2.40GHz | CPU | 2399/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 337.414 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP152: 8/31/2013 12:30:30 AM - Scheduled Checkpoint
.
==== Image File Execution Options =============
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.3
Anvi Smart Defender 1.9.2
Best Buy pc app
Bing Rewards Client Installer
Coupon Printer for Windows
D3DX10
Debut Video Capture Software
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Facebook Messenger 2.1.4814.0
Google Chrome
Google Update Helper
HP Photo Creations
HP Update
IB Updater 2.0.0.574
IB Updater Service
Intel PROSet Wireless
Intel WiMAX Tutorial
Intel® Graphics Media Accelerator Driver
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® PROSet/Wireless WiMAX Software
Intel® Wireless Display
Internet Explorer Toolbar 4.7 by SweetPacks
Java 7 Update 11 (64-bit)
Java 7 Update 25
Java Auto Updater
JMicron Flash Media Controller Driver
Junk Mail filter update
Katawa Shoujo
Label@Once 1.0
Mass Effect
Mass Effect 2
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XNA Framework Redistributable 4.0 Refresh
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.0.0
Mozilla Firefox 17.0 (x86 en-US)
Mozilla Firefox Packages
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
Mumble 1.2.3
Norton Internet Security
NVIDIA PhysX
PDFCreator
PlayReady PC Runtime amd64
Prism Video File Converter
Project64 1.6
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Sendori
Shopping Sidekick Plugin
Skype Click to Call
Skype™ 6.6
Star Wars - Battlefront II
Steam
Sword of the Stars: The Pit
Synaptics Pointing Device Driver
Team Fortress 2
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD Protection
TOSHIBA HDD/SSD Alert
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Updater By SweetPacks 2.0.0.609
Utility Common Driver
VideoPad Video Editor
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
9/5/2013 9:21:54 PM, Error: Service Control Manager [7023]  - The Computer Browser service terminated with the following error:  The specified service does not exist as an installed service.
9/5/2013 9:20:55 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
9/5/2013 9:20:55 PM, Error: Service Control Manager [7000]  - The Service Sendori service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
9/5/2013 5:45:08 PM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.
9/5/2013 5:35:12 PM, Error: Service Control Manager [7003]  - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
9/5/2013 5:26:20 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service defragsvc with arguments "" in order to run the server: {D20A3293-3341-4AE8-9AAF-8E397CB63C34}
9/5/2013 5:25:36 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 4:02:15 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service sndappv2 with arguments "-Service" in order to run the server: {B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
9/5/2013 4:01:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/5/2013 4:01:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/5/2013 4:01:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/5/2013 4:01:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/5/2013 4:01:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/5/2013 4:01:24 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/5/2013 4:00:40 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD asdrm asdws BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The PST Service service depends on the Workstation service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 4:00:37 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 3:44:34 PM, Error: Microsoft-Windows-SharedAccess_NAT [34001]  - The ICS_IPV6 failed to configure IPv6 stack.
9/5/2013 2:09:07 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD asdrm BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
9/5/2013 2:09:02 PM, Error: Service Control Manager [7001]  - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 2:09:02 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/5/2013 1:43:38 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004]  - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
9/5/2013 1:38:09 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  SRTSP
9/5/2013 1:37:24 PM, Error: Service Control Manager [7024]  - The Windows Firewall service terminated with service-specific error Access is denied..
9/5/2013 1:36:57 PM, Error: SRTSP [4]  - Error loading virus definitions.
9/5/2013 1:32:45 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/5/2013 1:30:14 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD BHDrvx64 ccSet_NIS DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSP SRTSPX SymIRON SymNetS tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
9/4/2013 10:41:29 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
9/2/2013 9:11:10 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 12.
9/2/2013 9:11:10 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================

Edited by gbayless, 06 September 2013 - 02:38 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 07 September 2013 - 12:16 AM





Hello gbayless,

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gbayless

gbayless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 07 September 2013 - 02:01 AM

First of all thank you Gringo for your help. 

 

here is the frst.txt

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2013
Ran by greg (administrator) on GREG-PC on 07-09-2013 00:56:28
Running from C:\Users\greg\Downloads
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
() C:\Program Files\IB Updater\ExtensionUpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Sendori) C:\Program Files (x86)\Sendori\sndappv2.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriSvc.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(sendori) C:\Program Files (x86)\Sendori\Sendori.Service.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriUp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\windows\system32\igfxsrvc.exe
(Facebook) C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\windows\system32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Sendori, Inc.) C:\Program Files (x86)\Sendori\SendoriTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\system32\StikyNot.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] -  [x]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon [x]
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505768 2010-06-29] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [915320 2010-05-10] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1519016 2010-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-07-22] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [IntelWirelessWiMAX] - C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1441792 2010-06-08] (Intel® Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-07-09] (TOSHIBA Corporation)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1811880 2013-08-28] (Valve Corporation)
HKCU\...\Run: [Facebook Update] -  [x]
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\windows\system32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\greg\AppData\Roaming\cache.dat <==== ATTENTION 
MountPoints2: D - D:\TL_Bootstrap.exe
MountPoints2: {2895a0dd-2d5a-11e0-be82-0023159086d4} - D:\TL_Bootstrap.exe
MountPoints2: {468f9240-4e6f-11e1-a57f-88ae1dfb46f8} - E:\LaunchU3.exe -a
MountPoints2: {48ec372a-e734-11df-b521-806e6f6e6963} - E:\menu.exe
MountPoints2: {b6144f75-2b4c-11e0-a0ed-88ae1dfb46f8} - E:\TL_Bootstrap.exe
MountPoints2: {c8091d9c-2c3b-11e0-b2a5-0023159086d4} - D:\TL_Bootstrap.exe
MountPoints2: {f4554f84-8585-11e2-ae02-88ae1dfb46f8} - D:\MotorolaDeviceManagerSetup.exe -a
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1295736 2011-02-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-05-01] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252728 2010-04-01] (TOSHIBA)
HKLM-x32\...\Run: [PCFixSpeed] - "C:\Program Files (x86)\PCFixSpeed\PCFixTray.exe" /startup [x]
HKLM-x32\...\Run: [Sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] -  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk
ShortcutTarget: Facebook Messenger.lnk -> C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe (Facebook)
Startup: C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://start.toshiba.com/g/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={093940F2-9358-11E2-934F-88AE1DFB46F8}
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: (No Name) - {EEE6C35D-6118-11DC-9C72-001320C79847} -  No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = http://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10042&barid={093940F2-9358-11E2-934F-88AE1DFB46F8}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/mb185/?search={searchTerms}&loc=IB_DS&a=6PQOmGzTGv&i=26
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension64.dll ()
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name - {EEE6C35C-6118-11DC-9C72-001320C79847} -  No File
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: No Name - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} -  No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} -  No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9 01 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 02 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 03 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 04 C:\windows\system32\Sendori.dll File Not found ()
Winsock: Catalog9 15 C:\windows\system32\Sendori.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{CB645FB5-A4E0-4118-9DD0-51A37745DA27}: [NameServer]192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default
FF user.js: detected! => C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\user.js
FF NewTab: hxxp://start.sweetpacks.com/?src=97&barid={093940F2-9358-11E2-934F-88AE1DFB46F8}&crg=3.5000006.10042
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={093940F2-9358-11E2-934F-88AE1DFB46F8}
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 - C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\my-homepage.xml
FF SearchPlugin: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\MyStart.xml
FF SearchPlugin: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\Web Search.xml
FF Extension: No Name - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\staged
FF Extension: Yahoo! Toolbar - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Search Spin  - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}
FF Extension: No Name - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF Extension: No Name - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox
FF HKLM\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}] C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{8E9E3331-D360-4f87-8803-52DE43566502}] C:\Program Files\Updater By SweetPacks\Firefox
FF Extension: Updater By SweetPacks - C:\Program Files\Updater By SweetPacks\Firefox
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0
CHR Extension: (YouTube) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: () - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlopielgodpjhkbapdlbbicpiefpaack\1.20.5_0
CHR Extension: (Norton Identity Protection) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx
CHR HKLM-x32\...\Chrome\Extension: [dlopielgodpjhkbapdlbbicpiefpaack] - C:\Users\greg\AppData\Local\Shopping Sidekick Plugin\Chrome\Shopping Sidekick Plugin.crx
CHR HKLM-x32\...\Chrome\Extension: [jifflliplgeajjdhmkcfnngfpgbjonjg] - C:\Program Files (x86)\Perion\NewTab\newTab.crx
CHR HKLM-x32\...\Chrome\Extension: [kincjchfokkeneeofpeefomkikfkiedl] - C:\Program Files (x86)\OApps\chromeaddon.crx
CHR HKLM-x32\...\Chrome\Extension: [licjnkifamhpbaefhdpacpmihicfbomb] - C:\Program Files (x86)\PricePeep\pricepeep.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM-x32\...\Chrome\Extension: [niogeckbkdcabhnapjbkeiklablhjoca] - C:\Program Files (x86)\Perion\ChromeInfoBar\ChromeInfoBar.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
 
==================== Services (Whitelisted) =================
 
R2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)
R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [121144 2013-03-25] (Motorola Mobility LLC)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)
R2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)
R2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)
U2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e}\   \...\???\{b0ce6852-8ac3-5f02-1184-9d525505464e}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-08-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [140376 2013-08-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-09-04] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130905.001\IDSvia64.sys [520280 2013-09-04] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130906.017\ENG64.SYS [126040 2013-09-05] (Symantec Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130906.017\ENG64.SYS [126040 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130906.017\EX64.SYS [2099288 2013-09-05] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20130906.017\EX64.SYS [2099288 2013-09-05] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
U2 SharedAccess; 
S3 sxuptp; system32\DRIVERS\sxuptp.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-09-06 02:07 - 2013-09-06 02:09 - 00000000 ____D C:\Users\greg\AppData\Local\NPE
2013-09-06 02:06 - 2013-09-06 02:06 - 02986440 _____ (Symantec Corporation) C:\Users\greg\Downloads\NPE.exe
2013-09-06 01:36 - 2013-09-06 01:36 - 00018398 _____ C:\Users\greg\Desktop\dds.txt
2013-09-06 01:35 - 2013-09-06 01:35 - 00018398 _____ C:\Users\greg\Documents\Attach.txt
2013-09-06 01:35 - 2013-09-06 01:35 - 00018398 _____ C:\Users\greg\Desktop\attach.txt
2013-09-06 01:34 - 2013-09-06 01:34 - 00688992 ____R (Swearware) C:\Users\greg\Downloads\dds.com
2013-09-05 22:32 - 2013-09-05 22:32 - 00000000 ____D C:\FRST
2013-09-05 21:46 - 2013-09-05 21:46 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-05 21:44 - 2013-09-07 00:49 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-05 21:44 - 2013-09-06 21:58 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-05 21:44 - 2013-09-05 21:44 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-05 21:44 - 2013-09-05 21:44 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-05 21:43 - 2013-09-05 21:43 - 00784880 _____ (Google Inc.) C:\Users\greg\Downloads\ChromeSetup.exe
2013-09-05 21:23 - 2013-09-05 21:23 - 00004360 _____ C:\{EF106BD1-583A-4807-B299-965BFA253EA9}
2013-09-05 17:32 - 2013-09-05 17:32 - 00000000 __SHD C:\windows\system32\%APPDATA%
2013-09-05 15:45 - 2013-09-05 15:59 - 00000004 _____ C:\Users\greg\AppData\Roaming\cache.ini
2013-09-05 13:45 - 2013-09-05 16:02 - 00000000 ____D C:\Users\greg\AppData\Roaming\Anvisoft
2013-09-05 13:44 - 2013-09-06 01:40 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-09-05 13:44 - 2013-09-05 13:44 - 00000000 ____D C:\ProgramData\Anvisoft
2013-09-05 13:41 - 2013-09-05 13:44 - 25679064 _____ C:\Users\greg\Downloads\asdsetup.exe
2013-09-05 13:40 - 2013-09-05 13:40 - 00086528 _____ (Ahead Software AG) C:\windows\SysWOW64\fjfa.tmp
2013-09-05 12:46 - 2013-09-05 12:46 - 00000000 ____D C:\ProgramData\rybvj
2013-09-03 21:21 - 2013-09-04 01:58 - 00000000 ____D C:\Users\greg\AppData\Local\Conduit
2013-09-03 21:21 - 2013-09-03 21:21 - 00000000 ____D C:\Users\greg\AppData\Local\CRE
2013-09-03 21:20 - 2013-09-05 13:36 - 00000000 ____D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader
2013-09-03 21:20 - 2013-09-03 21:54 - 00000000 ____D C:\Users\greg\AppData\Roaming\FlvtoConverter
2013-08-29 07:37 - 2013-08-29 07:38 - 00000000 ____D C:\ProgramData\6Dp6n373
2013-08-27 10:08 - 2013-08-27 10:08 - 00000221 _____ C:\Users\greg\Desktop\Mass Effect 2.url
2013-08-26 20:14 - 2013-08-26 20:14 - 00000000 ____D C:\Intel
2013-08-26 18:49 - 2013-08-26 18:49 - 00000000 ____D C:\windows\SysWOW64\AGEIA
2013-08-26 18:49 - 2013-08-26 18:49 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-26 18:48 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2013-08-26 18:48 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2013-08-26 18:48 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2013-08-26 18:48 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2013-08-26 18:48 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2013-08-26 18:48 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2013-08-24 09:32 - 2013-08-26 18:49 - 00000000 ____D C:\Users\greg\Documents\BioWare
2013-08-24 09:30 - 2013-08-24 09:30 - 00000245 _____ C:\windows\DXError.log
2013-08-24 01:23 - 2013-08-24 01:23 - 00000221 _____ C:\Users\greg\Desktop\Mass Effect.url
2013-08-19 03:59 - 2013-08-19 03:59 - 00003771 _____ C:\Users\greg\Downloads\changeentities.py
2013-08-19 03:55 - 2013-08-19 03:55 - 00002021 _____ C:\Users\greg\Downloads\setspawnerproperties.py
2013-08-19 03:39 - 2013-08-19 03:39 - 00000000 ____D C:\Users\greg\Desktop\ServerJarStorage
2013-08-17 23:31 - 2013-08-17 23:31 - 00001122 _____ C:\Users\greg\Desktop\Katawa Shoujo.lnk
2013-08-17 23:31 - 2013-08-17 23:31 - 00000000 ____D C:\Users\greg\AppData\Roaming\RenPy
2013-08-17 23:31 - 2013-08-17 23:31 - 00000000 ____D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Katawa Shoujo
2013-08-17 23:30 - 2013-08-17 23:31 - 00000000 ____D C:\Program Files (x86)\Katawa Shoujo
2013-08-17 22:52 - 2013-09-05 21:33 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Users\greg\AppData\Roaming\Yahoo!
2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-17 22:50 - 2013-08-17 22:50 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe (3).torrent
2013-08-17 22:48 - 2013-08-17 22:48 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe.torrent
2013-08-17 22:48 - 2013-08-17 22:48 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe (2).torrent
2013-08-17 22:48 - 2013-08-17 22:48 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe (1).torrent
2013-08-15 20:51 - 2013-08-15 20:51 - 00675988 _____ C:\Users\greg\Desktop\Minecraft.exe
2013-08-11 13:25 - 2013-08-11 13:26 - 00000000 ____D C:\Users\greg\Downloads\world
2013-08-08 17:50 - 2013-08-08 17:50 - 00000000 _____ C:\windows\SysWOW64\shoAC9.tmp
 
==================== One Month Modified Files and Folders =======
 
2013-09-07 00:55 - 2013-09-07 00:55 - 01948604 _____ (Farbar) C:\Users\greg\Downloads\FRST64.exe
2013-09-07 00:49 - 2013-09-05 21:44 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-09-07 00:39 - 2012-09-29 14:21 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-09-07 00:14 - 2013-07-09 19:36 - 00000336 _____ C:\windows\Tasks\HP Photo Creations Communicator.job
2013-09-06 23:51 - 2009-07-13 22:51 - 00141836 _____ C:\windows\setupact.log
2013-09-06 23:43 - 2012-09-19 23:38 - 00000924 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000UA.job
2013-09-06 23:43 - 2012-09-19 23:38 - 00000902 _____ C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000Core.job
2013-09-06 22:08 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-06 22:08 - 2009-07-13 22:45 - 00016304 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-06 22:05 - 2010-11-03 04:18 - 01629370 _____ C:\windows\WindowsUpdate.log
2013-09-06 22:04 - 2009-07-13 23:13 - 00792370 _____ C:\windows\system32\PerfStringBackup.INI
2013-09-06 22:01 - 2013-07-25 21:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-09-06 21:58 - 2013-09-05 21:44 - 00000890 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-09-06 21:58 - 2010-11-03 04:40 - 00000050 _____ C:\windows\system32\SupplicantTest.log
2013-09-06 21:58 - 2010-08-29 23:00 - 00159416 _____ C:\windows\PFRO.log
2013-09-06 21:58 - 2009-07-13 23:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-09-06 21:24 - 2012-11-07 00:00 - 00000000 ____D C:\Users\greg\AppData\Roaming\.minecraft
2013-09-06 02:09 - 2013-09-06 02:07 - 00000000 ____D C:\Users\greg\AppData\Local\NPE
2013-09-06 02:07 - 2010-11-03 04:44 - 00000000 ____D C:\ProgramData\Norton
2013-09-06 02:06 - 2013-09-06 02:06 - 02986440 _____ (Symantec Corporation) C:\Users\greg\Downloads\NPE.exe
2013-09-06 01:40 - 2013-09-05 13:45 - 00000000 ____D C:\Users\greg\AppData\Roaming\Anvisoft
2013-09-06 01:40 - 2013-09-05 13:44 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2013-09-06 01:36 - 2013-09-06 01:36 - 00018398 _____ C:\Users\greg\Desktop\dds.txt
2013-09-06 01:35 - 2013-09-06 01:35 - 00018398 _____ C:\Users\greg\Documents\Attach.txt
2013-09-06 01:35 - 2013-09-06 01:35 - 00018398 _____ C:\Users\greg\Desktop\attach.txt
2013-09-06 01:34 - 2013-09-06 01:34 - 00688992 ____R (Swearware) C:\Users\greg\Downloads\dds.com
2013-09-05 22:32 - 2013-09-05 22:32 - 00000000 ____D C:\FRST
2013-09-05 21:46 - 2013-09-05 21:46 - 00002270 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-09-05 21:44 - 2013-09-05 21:44 - 00003890 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-09-05 21:44 - 2013-09-05 21:44 - 00003638 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-09-05 21:44 - 2010-08-29 22:43 - 00000000 ____D C:\Program Files (x86)\Google
2013-09-05 21:43 - 2013-09-05 21:43 - 00784880 _____ (Google Inc.) C:\Users\greg\Downloads\ChromeSetup.exe
2013-09-05 21:33 - 2013-08-17 22:52 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2013-09-05 21:23 - 2013-09-05 21:23 - 00004360 _____ C:\{EF106BD1-583A-4807-B299-965BFA253EA9}
2013-09-05 17:57 - 2010-12-29 19:09 - 00000000 ____D C:\Users\greg
2013-09-05 17:38 - 2012-12-21 20:42 - 00000000 ____D C:\ProgramData\Sendori
2013-09-05 17:32 - 2013-09-05 17:32 - 00000000 __SHD C:\windows\system32\%APPDATA%
2013-09-05 17:32 - 2013-03-11 04:01 - 00000000 ____D C:\Program Files (x86)\UEFI WinFlash
2013-09-05 15:59 - 2013-09-05 15:45 - 00000004 _____ C:\Users\greg\AppData\Roaming\cache.ini
2013-09-05 15:44 - 2012-12-10 22:13 - 00000375 _____ C:\windows\system32\Drivers\etc\hosts.ics
2013-09-05 13:56 - 2012-11-04 20:14 - 00000000 ____D C:\Users\greg\AppData\Roaming\Babylon
2013-09-05 13:44 - 2013-09-05 13:44 - 00000000 ____D C:\ProgramData\Anvisoft
2013-09-05 13:44 - 2013-09-05 13:41 - 25679064 _____ C:\Users\greg\Downloads\asdsetup.exe
2013-09-05 13:40 - 2013-09-05 13:40 - 00086528 _____ (Ahead Software AG) C:\windows\SysWOW64\fjfa.tmp
2013-09-05 13:37 - 2013-01-08 18:35 - 00000000 ____D C:\Program Files (x86)\Shopping Sidekick Plugin
2013-09-05 13:36 - 2013-09-03 21:20 - 00000000 ____D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flvto Youtube Downloader
2013-09-05 13:36 - 2013-06-12 00:44 - 00000000 ____D C:\Users\greg\AppData\Local\Flvto Youtube Downloader
2013-09-05 13:36 - 2012-12-21 20:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-05 13:36 - 2009-07-13 21:20 - 00000000 ____D C:\windows\registration
2013-09-05 13:35 - 2013-03-11 15:58 - 00000000 ____D C:\Users\greg\AppData\Roaming\Skype
2013-09-05 12:46 - 2013-09-05 12:46 - 00000000 ____D C:\ProgramData\rybvj
2013-09-04 02:10 - 2013-07-18 04:28 - 00049162 _____ C:\Users\greg\Desktop\mcedit.log
2013-09-04 01:58 - 2013-09-03 21:21 - 00000000 ____D C:\Users\greg\AppData\Local\Conduit
2013-09-03 21:54 - 2013-09-03 21:20 - 00000000 ____D C:\Users\greg\AppData\Roaming\FlvtoConverter
2013-09-03 21:21 - 2013-09-03 21:21 - 00000000 ____D C:\Users\greg\AppData\Local\CRE
2013-08-29 07:38 - 2013-08-29 07:37 - 00000000 ____D C:\ProgramData\6Dp6n373
2013-08-28 16:23 - 2012-12-21 20:42 - 00000000 ____D C:\Program Files (x86)\Sendori
2013-08-27 10:08 - 2013-08-27 10:08 - 00000221 _____ C:\Users\greg\Desktop\Mass Effect 2.url
2013-08-27 10:08 - 2013-07-27 21:48 - 00000000 ____D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-26 20:15 - 2013-07-30 01:53 - 00000000 ____D C:\Users\greg\Documents\minecraft server
2013-08-26 20:14 - 2013-08-26 20:14 - 00000000 ____D C:\Intel
2013-08-26 18:49 - 2013-08-26 18:49 - 00000000 ____D C:\windows\SysWOW64\AGEIA
2013-08-26 18:49 - 2013-08-26 18:49 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-08-26 18:49 - 2013-08-24 09:32 - 00000000 ____D C:\Users\greg\Documents\BioWare
2013-08-26 18:48 - 2010-08-29 22:49 - 00451708 _____ C:\windows\DirectX.log
2013-08-24 09:36 - 2011-10-21 23:33 - 00000000 ____D C:\Users\greg\AppData\Local\CrashDumps
2013-08-24 09:30 - 2013-08-24 09:30 - 00000245 _____ C:\windows\DXError.log
2013-08-24 01:23 - 2013-08-24 01:23 - 00000221 _____ C:\Users\greg\Desktop\Mass Effect.url
2013-08-20 19:39 - 2012-09-29 14:21 - 00692104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 19:39 - 2012-09-29 14:21 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 19:39 - 2012-09-29 14:21 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2013-08-19 18:50 - 2013-03-11 15:58 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-08-19 04:10 - 2013-07-18 04:28 - 00002856 _____ C:\Users\greg\Desktop\mcedit.ini
2013-08-19 03:59 - 2013-08-19 03:59 - 00003771 _____ C:\Users\greg\Downloads\changeentities.py
2013-08-19 03:58 - 2013-07-18 04:28 - 00000000 ____D C:\Users\greg\Desktop\MCEdit-0.1.7.1.win-amd64
2013-08-19 03:55 - 2013-08-19 03:55 - 00002021 _____ C:\Users\greg\Downloads\setspawnerproperties.py
2013-08-19 03:39 - 2013-08-19 03:39 - 00000000 ____D C:\Users\greg\Desktop\ServerJarStorage
2013-08-17 23:31 - 2013-08-17 23:31 - 00001122 _____ C:\Users\greg\Desktop\Katawa Shoujo.lnk
2013-08-17 23:31 - 2013-08-17 23:31 - 00000000 ____D C:\Users\greg\AppData\Roaming\RenPy
2013-08-17 23:31 - 2013-08-17 23:31 - 00000000 ____D C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Katawa Shoujo
2013-08-17 23:31 - 2013-08-17 23:30 - 00000000 ____D C:\Program Files (x86)\Katawa Shoujo
2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Users\greg\AppData\Roaming\Yahoo!
2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\ProgramData\Yahoo!
2013-08-17 22:52 - 2013-08-17 22:52 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-17 22:50 - 2013-08-17 22:50 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe (3).torrent
2013-08-17 22:48 - 2013-08-17 22:48 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe.torrent
2013-08-17 22:48 - 2013-08-17 22:48 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe (2).torrent
2013-08-17 22:48 - 2013-08-17 22:48 - 00034321 _____ C:\Users\greg\Downloads\[4ls]_katawa_shoujo_1.1-[windows][8AACDD32].exe (1).torrent
2013-08-15 20:51 - 2013-08-15 20:51 - 00675988 _____ C:\Users\greg\Desktop\Minecraft.exe
2013-08-15 13:51 - 2010-12-29 19:11 - 00000000 ____D C:\Users\greg\AppData\Local\Deployment
2013-08-15 13:47 - 2010-08-29 22:44 - 00000000 ____D C:\Program Files\Google
2013-08-15 13:43 - 2010-12-29 18:36 - 00000000 ____D C:\Users\greg\AppData\Local\Google
2013-08-15 13:25 - 2009-07-13 23:08 - 00032636 _____ C:\windows\Tasks\SCHEDLGU.TXT
2013-08-15 01:00 - 2013-08-06 03:00 - 00000000 ____D C:\windows\system32\MRT
2013-08-15 00:58 - 2011-05-28 17:55 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-13 12:40 - 2013-07-30 02:46 - 00000000 ____D C:\Users\greg\AppData\Local\LogMeIn Hamachi
2013-08-13 12:37 - 2009-07-13 21:20 - 00000000 ____D C:\windows\system32\NDF
2013-08-13 10:21 - 2012-10-23 18:23 - 00000000 ____D C:\windows\System32\Tasks\NCH Software
2013-08-11 13:26 - 2013-08-11 13:25 - 00000000 ____D C:\Users\greg\Downloads\world
2013-08-09 11:28 - 2013-08-04 00:51 - 00000000 ____D C:\Users\greg\Documents\world backups
2013-08-08 17:50 - 2013-08-08 17:50 - 00000000 _____ C:\windows\SysWOW64\shoAC9.tmp
 
Files to move or delete:
====================
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e}
C:\Users\greg\AppData\Roaming\cache.ini
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
 
 
LastRegBack: 2013-09-06 19:46
 
==================== End Of Log ============================
 
and the Attach.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2013
Ran by greg at 2013-09-07 01:00:13
Running from C:\Users\greg\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Installed Programs =======================
 
   
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader 9.5.3 (x32 Version: 9.5.3)
Best Buy pc app (HKCU Version: 3.0.0.0)
Best Buy pc app (Version: 3.0.0.0)
Bing Rewards Client Installer (x32 Version: 16.0.345.0)
Coupon Printer for Windows (x32 Version: 5.0.0.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Debut Video Capture Software (x32)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Facebook Messenger 2.1.4814.0 (x32 Version: 2.1.4814.0)
Google Chrome (x32 Version: 29.0.1547.66)
Google Update Helper (x32 Version: 1.3.21.153)
HP Photo Creations (x32 Version: 1.0.0.11942)
HP Update (x32 Version: 5.005.000.002)
IB Updater 2.0.0.574 (Version: 2.0.0.574)
IB Updater Service (x32 Version: 3.0.5.3)
Intel PROSet Wireless
Intel WiMAX Tutorial (Version: 1.5.4.0)
Intel® Graphics Media Accelerator Driver (x32 Version: 8.15.10.2119)
Intel® Management Engine Components (x32 Version: 6.0.0.1179)
Intel® Rapid Storage Technology (x32 Version: 9.5.7.1002)
Intel® PROSet/Wireless WiMAX Software (Version: 2.03.0005)
Intel® Wireless Display (Version: 1.2.20.0)
Internet Explorer Toolbar 4.7 by SweetPacks (x32 Version: 4.7.0008)
Java 7 Update 11 (64-bit) (Version: 7.0.110)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JMicron Flash Media Controller Driver (x32 Version: 1.0.44.1)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Katawa Shoujo (x32)
Label@Once 1.0 (x32 Version: 1.0)
Mass Effect (x32)
Mass Effect 2 (x32)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0)
Motorola Device Manager (x32 Version: 2.3.9)
Motorola Device Software Update (x32 Version: 13.02.1402)
Motorola Mobile Drivers Installation 6.0.0 (Version: 6.0.0)
Mozilla Firefox 17.0 (x86 en-US) (x32 Version: 17.0)
Mozilla Firefox Packages (HKCU)
Mozilla Maintenance Service (x32 Version: 17.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0)
Mumble 1.2.3 (x32 Version: 1.2.3)
Norton Internet Security (x32 Version: 20.4.0.40)
NVIDIA PhysX (x32 Version: 9.09.0814)
PDFCreator (x32 Version: 1.2.0)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Prism Video File Converter (x32)
Project64 1.6 (x32 Version: 1.6)
Realtek Ethernet Controller Driver For Windows 7 (x32 Version: 7.20.503.2010)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6069)
rosoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Sendori (x32 Version: 2.0.15)
Shopping Sidekick Plugin (x32 Version: 1.24.151.151)
Skype Click to Call (x32 Version: 6.11.13348)
Skype™ 6.6 (x32 Version: 6.6.106)
Star Wars - Battlefront II (x32)
Steam (x32 Version: 1.0.0.0)
Sword of the Stars: The Pit (x32)
Synaptics Pointing Device Driver (Version: 15.0.8.1)
Team Fortress 2 (x32)
TOSHIBA Application Installer (x32 Version: 9.0.1.1)
TOSHIBA Assist (x32 Version: 3.00.11)
Toshiba Book Place (x32 Version: 2.0.3977.0)
TOSHIBA Bulletin Board (Version: 1.6.08.64)
TOSHIBA Bulletin Board (x32 Version: 1.6.08.64)
TOSHIBA Disc Creator (Version: 2.1.0.2 for x64)
TOSHIBA DVD PLAYER (x32 Version: 3.01.2.12-A)
TOSHIBA eco Utility (Version: 1.2.18.64)
TOSHIBA eco Utility (x32 Version: 1.2.18.64)
TOSHIBA Face Recognition (Version: 3.1.3.64)
TOSHIBA Face Recognition (x32 Version: 3.1.3.64)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.26C)
TOSHIBA HDD Protection (Version: 2.2.0.4)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6)
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6)
TOSHIBA Media Controller (x32 Version: 1.0.80.8.64)
TOSHIBA Media Controller Plug-in (x32 Version: 1.0.8.0)
TOSHIBA PC Health Monitor (Version: 1.7.1.64)
TOSHIBA Quality Application (x32 Version: 1.0.3)
TOSHIBA Recovery Media Creator (Version: 2.1.0.4 for x64)
TOSHIBA ReelTime (Version: 1.7.16.64)
TOSHIBA ReelTime (x32 Version: 1.7.16.64)
TOSHIBA Service Station (x32 Version: 2.2.9)
TOSHIBA Sleep Utility (x32 Version: 1.4.1.2)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C)
TOSHIBA Value Added Package (Version: 1.3.14.64)
TOSHIBA Value Added Package (x32 Version: 1.3.14.64)
TOSHIBA Web Camera Application (x32 Version: 1.1.1.16)
ToshibaRegistration (x32 Version: 1.0.4)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft Office 2010 (KB2494150) (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Updater By SweetPacks 2.0.0.609 (Version: 2.0.0.609)
Utility Common Driver (x32 Version: 1.0.52.1C)
VideoPad Video Editor (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3502.0922)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.20 (32-bit) (x32 Version: 4.20.0)
Yahoo! Toolbar (x32)
 
==================== Restore Points  =========================
 
31-08-2013 06:30:30 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {0187E08E-849C-47C2-BB5A-5E65ADA0D79B} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {044A6734-E90E-4F8F-B357-B2DC8AB3B5EC} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_started
Task: {055EC39E-A336-4885-AE45-073CA7FDE1E0} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12] (Oracle Corporation)
Task: {05C04FFF-6C4E-490C-9ECC-C2ED42F26699} - System32\Tasks\NCH Software\debutShakeIcon => C:\Program Files (x86)\NCH Software\Debut\Debut.exe [2012-10-23] (NCH Software)
Task: {097A96B6-E554-4284-88F3-33D43FCF862A} - System32\Tasks\{DD8DBF7D-BFC2-46AF-A596-55D3ACCA1491} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe
Task: {0C146AF5-0033-4A39-9EAE-241B56F80855} - System32\Tasks\{46FCE9BF-AF68-4450-A73E-7C80F7D68E6C} => C:\Program Files (x86)\Finale Allegro 2007\allegro.exe
Task: {0D8C750C-A1D7-4C60-BEB9-9DB0C0BF6067} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {28DE8ED8-D172-4794-8D49-D8F634D67C50} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {28ECA130-B7B3-4672-A631-24307594442B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
Task: {2DA735E1-C649-4412-B96F-1C23E35F5F8A} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {40478A44-E1F6-4B86-8283-211B6D84491D} - System32\Tasks\{FF43D90D-B817-4359-92C2-4473C2D33D90} => C:\Program Files (x86)\Mass Effect\MassEffectLauncher.exe
Task: {48B0BC78-3663-45A3-A703-30BD14833C5C} - System32\Tasks\{9EB731E7-B962-4818-BE38-77F81171953B} => C:\Program Files (x86)\Finale Allegro 2007\allegro.exe
Task: {549DA8A6-ABB6-4F77-BD78-A68937F8D3BC} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-09] ()
Task: {5E596F38-3A2A-41A0-A270-63EDCA76D445} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000UA => C:\Users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-19] (Facebook Inc.)
Task: {61B72AB6-F905-4D51-BD99-5AFE444C5C3D} - System32\Tasks\{DF11EABF-04AE-4F52-BE3D-DFD04E7B4D62} => C:\Program Files (x86)\Finale Allegro 2007\allegro.exe
Task: {6D722562-DBF0-435B-B746-FF9009B6D00B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-05] (Google Inc.)
Task: {8C6737E5-5C1A-4F71-830F-38D0534DA950} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {9236E210-FA5B-4F43-8292-1F283BF33780} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000Core => C:\Users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-19] (Facebook Inc.)
Task: {93089605-65C5-4F7B-90DE-9FA7975547CD} - System32\Tasks\{C4A1C177-0058-4996-A03E-8C878DB82F3C} => C:\Program Files (x86)\Finale Allegro 2007\allegro.exe
Task: {A083F848-E50A-4BED-8218-2BD8738AF051} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)
Task: {A121D4F0-C845-40EC-AAFA-0350181FB1B7} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {A951E154-AEFA-4DC0-91D8-10F383E0DD36} - System32\Tasks\HP online update program => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2011-10-28] (Hewlett-Packard)
Task: {CAD0FF90-2704-4BCA-B732-F3D92464E5E3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {ED132D4C-41C9-42B2-88DB-3DAA6A2BEAF5} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-03-25] ()
Task: {EF0F7CE0-8732-4B4F-B2D2-0911B513DD2B} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000Core.job => C:\Users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000UA.job => C:\Users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-11-03 04:23 - 2010-03-22 12:21 - 01660448 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkAPO64.dll
2010-11-03 04:23 - 2010-03-22 12:21 - 00099016 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEEL64A.dll
2010-11-03 04:23 - 2010-03-22 12:21 - 00201928 _____ (Dolby Laboratories, Inc.) C:\windows\system32\RTEED64A.dll
2009-07-13 17:47 - 2009-07-13 19:41 - 00242688 _____ (Microsoft Corporation) c:\windows\system32\wbem\wmisvc.dll
2009-07-13 17:48 - 2009-07-13 19:41 - 01220096 _____ (Microsoft Corporation) C:\windows\system32\wbem\wbemcore.dll
2009-07-13 17:47 - 2009-07-13 19:40 - 00440320 _____ (Microsoft Corporation) C:\windows\system32\wbem\esscli.dll
2009-07-13 17:47 - 2009-07-13 19:41 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\wbem\repdrvfs.dll
2009-07-13 17:48 - 2009-07-13 19:41 - 00750080 _____ (Microsoft Corporation) C:\windows\system32\wbem\wmiprvsd.dll
2009-07-13 17:47 - 2009-07-13 19:41 - 00505856 _____ (Microsoft Corporation) C:\windows\system32\wbem\wbemess.dll
2009-07-13 17:47 - 2009-07-13 19:41 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\wbem\ncprov.dll
2012-10-31 22:02 - 2005-03-12 00:07 - 00087040 _____ () C:\windows\System32\pdfcmnnt.dll
2009-07-13 18:39 - 2009-07-13 19:41 - 00039424 _____ (Microsoft Corporation) C:\windows\system32\spool\PRTPROCS\x64\winprint.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00119296 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrReg.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00123904 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrFunc.dll
2010-06-07 16:37 - 2010-06-07 16:37 - 01068544 _____ (Devicescape Software, Inc.) C:\windows\system32\supplicant.dll
2009-07-13 23:35 - 2009-07-13 20:25 - 00195072 _____ (Microsoft Corporation) C:\windows\system32\en-us\tQuery.dll.mui
2013-06-08 14:17 - 2013-05-20 22:44 - 01060232 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\20.4.0.40\ccL120U.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00119176 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\20.4.0.40\ccVrTrst.dll
2013-06-08 14:17 - 2013-05-22 23:25 - 00114056 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\20.4.0.40\EFACli64.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00475528 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\20.4.0.40\ccSet.dll
2013-06-08 14:17 - 2013-05-29 19:23 - 00553264 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine64\20.4.0.40\diStRptr.dll
2009-07-13 17:48 - 2009-07-13 19:40 - 02055168 _____ (Microsoft Corporation) C:\windows\system32\wbem\cimwin32.dll
2010-06-07 16:34 - 2010-06-07 16:34 - 00137216 _____ (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\wimaxMO.dll
2010-11-03 04:23 - 2010-03-22 12:21 - 00149536 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkCfg64.dll
2010-07-28 11:27 - 2010-07-28 11:27 - 00089016 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoHci.dll
2010-07-28 11:27 - 2010-07-28 11:27 - 00590776 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoPower.dll
2010-03-10 19:46 - 2010-03-10 19:46 - 00396584 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2010-03-10 19:46 - 2010-03-10 19:46 - 00207144 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00260096 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TCooling.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00286208 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TtosFunc.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00300544 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TOddPwr.dll
2010-06-29 12:06 - 2010-06-29 12:06 - 00055808 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrSrv.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00263680 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrBrightness.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00261632 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\T1394Pwr.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00267776 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TKBLEDPwr.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00261632 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TSDPwr.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00260608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPCIePwr.dll
2010-05-10 10:20 - 2010-05-10 10:20 - 00162680 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.dll
2010-03-12 16:38 - 2010-03-12 16:38 - 00059704 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdEvnt.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00265016 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnPRTSC.dll
2008-07-14 11:33 - 2008-07-14 11:33 - 00134456 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\FnSticky.dll
2010-04-07 17:07 - 2010-04-07 17:07 - 09468728 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00055608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnEsc.dll
2008-07-14 11:35 - 2008-07-14 11:35 - 00107832 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TWarnMsg\TWarnMsg.dll
2009-11-03 14:26 - 2009-11-03 14:26 - 00053560 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-06-12 10:57 - 2010-06-12 10:57 - 00294776 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TBS\TBSMain.dll
2008-07-14 11:34 - 2008-07-14 11:34 - 00053560 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF1.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00268800 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunc2.DLL
2008-07-14 11:34 - 2008-07-14 11:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF3.dll
2008-07-14 11:34 - 2008-07-14 11:34 - 00054072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF4.dll
2010-04-12 11:21 - 2010-04-12 11:21 - 00118616 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF5.dll
2009-07-16 16:27 - 2009-07-16 16:27 - 00077624 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF67.dll
2009-08-19 21:36 - 2009-08-19 21:36 - 00369008 _____ (TOSHIBA Corporation.) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF8Dll.dll
2008-07-14 11:34 - 2008-07-14 11:34 - 00057656 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF9.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 15:15 - 2010-03-03 15:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-06-29 12:05 - 2010-06-29 12:05 - 00264704 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TFunctab.DLL
2010-05-13 16:17 - 2010-05-13 16:17 - 00080280 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnSpace.dll
2010-08-29 22:37 - 2009-06-22 16:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-06-23 21:38 - 2009-06-23 21:38 - 00077376 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\HDD Protection\NotifyThp.dll
2009-03-12 20:08 - 2009-03-12 20:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2007-12-11 10:42 - 2007-12-11 10:42 - 00017784 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\NotifyTZU.dll
2009-07-25 18:38 - 2009-07-25 18:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2008-07-14 11:35 - 2008-07-14 11:35 - 00233272 _____ (TOSHIBA Corp.) C:\Program Files\TOSHIBA\Utilities\NotifyX.dll
2007-05-07 20:58 - 2007-05-07 20:58 - 00018040 _____ (TOSHIBA Corporation) C:\Program Files\Toshiba\TBS\NotifyTBS.dll
2010-06-08 15:25 - 2010-06-08 15:25 - 00806912 _____ (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU_UICustomControls.dll
2010-06-08 15:25 - 2010-06-08 15:25 - 00061440 _____ (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU_WiMAXSDKInterop.dll
2010-06-08 15:25 - 2010-06-08 15:25 - 00057344 _____ (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU_Common.dll
2010-06-08 15:25 - 2010-06-08 15:25 - 00061440 _____ (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU_BizTier.dll
2010-06-08 15:25 - 2010-06-08 15:25 - 00065536 _____ (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU_ServicePublisher.dll
2010-06-08 15:25 - 2010-06-08 15:25 - 00038912 _____ (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU_WiFiCoEx.dll
2010-06-08 15:25 - 2010-06-08 15:25 - 00069632 _____ (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU_UIDisplayWiMAX.dll
2010-04-23 14:58 - 2010-04-23 14:58 - 03409256 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll
2010-07-09 20:30 - 2010-07-09 20:30 - 00066976 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\ReelTimeRemoteStorage.dll
2010-07-09 20:30 - 2010-07-09 20:30 - 00384928 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\DataProcess.dll
2010-04-21 11:38 - 2010-04-21 11:38 - 00087552 _____ (Intel Corporation) C:\windows\system32\igfxrENU.lrc
2010-11-03 04:36 - 2011-02-11 13:45 - 00058744 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\PluginLib.dll
2010-11-03 04:36 - 2011-02-11 13:45 - 00020856 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\libTMachInfo.dll
2010-11-03 04:36 - 2011-02-11 12:48 - 00068096 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\Alerts.dll
2010-11-03 04:36 - 2011-02-11 12:48 - 00087552 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\PCHealthInfo.dll
2010-11-03 04:36 - 2011-02-11 12:48 - 00096768 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\Plugins\SwUpdates.dll
2010-12-30 21:41 - 2011-06-07 19:21 - 08007680 _____ ( ) C:\windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll
2010-11-03 04:36 - 2011-02-11 13:45 - 00021368 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\FilterLib.dll
2013-03-11 04:03 - 2011-02-11 13:46 - 00027000 _____ (TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\BitsLib.dll
2010-07-22 17:32 - 2010-07-22 17:32 - 00146944 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHCTL.dll
2010-07-22 17:32 - 2010-07-22 17:32 - 00132608 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHDISK.dll
2010-02-05 18:44 - 2010-02-05 18:44 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2010-02-05 18:45 - 2010-02-05 18:45 - 00265072 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TReport.dll
2010-07-22 17:32 - 2010-07-22 17:32 - 00259584 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TReport.dll
2010-07-22 17:32 - 2010-07-22 17:32 - 00108544 _____ (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHMui.dll
2012-01-13 08:23 - 2011-11-16 23:41 - 01292592 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2013-02-12 22:57 - 2013-01-03 22:51 - 01114112 _____ (Microsoft Corporation) C:\windows\syswow64\kernel32.dll
2013-02-12 22:57 - 2013-01-03 22:51 - 00274944 _____ (Microsoft Corporation) C:\windows\syswow64\KERNELBASE.dll
2013-07-27 21:05 - 2013-05-31 17:15 - 00290232 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\UMEngx86.dll
2013-04-09 15:49 - 2013-03-01 23:05 - 01230848 _____ (Microsoft Corporation) C:\windows\syswow64\urlmon.dll
2012-02-17 16:45 - 2011-12-16 01:59 - 00690688 _____ (Microsoft Corporation) C:\windows\syswow64\msvcrt.dll
2013-04-09 15:49 - 2013-03-01 23:06 - 00981504 _____ (Microsoft Corporation) C:\windows\syswow64\WININET.dll
2009-07-13 17:39 - 2009-07-13 19:16 - 00350208 _____ (Microsoft Corporation) C:\windows\syswow64\SHLWAPI.dll
2009-07-13 17:25 - 2009-07-13 19:11 - 00310784 _____ (Microsoft Corporation) C:\windows\syswow64\GDI32.dll
2009-07-13 17:24 - 2009-07-13 19:11 - 00833024 _____ (Microsoft Corporation) C:\windows\syswow64\USER32.dll
2009-07-13 18:20 - 2009-07-13 19:14 - 00640000 _____ (Microsoft Corporation) C:\windows\syswow64\ADVAPI32.dll
2009-07-13 17:11 - 2009-07-13 19:16 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2009-07-13 17:12 - 2009-07-13 19:11 - 00662528 _____ (Microsoft Corporation) C:\windows\syswow64\RPCRT4.dll
2012-09-28 10:54 - 2012-06-01 22:42 - 00096768 _____ (Microsoft Corporation) C:\windows\syswow64\SspiCli.dll
2009-07-13 17:12 - 2009-07-13 19:15 - 00036864 _____ (Microsoft Corporation) C:\windows\syswow64\CRYPTBASE.dll
2009-07-13 17:25 - 2009-07-13 19:11 - 00025600 _____ (Microsoft Corporation) C:\windows\syswow64\LPK.dll
2013-01-08 18:10 - 2012-11-22 03:33 - 00627712 _____ (Microsoft Corporation) C:\windows\syswow64\USP10.dll
2013-04-09 15:49 - 2013-03-01 23:01 - 02077184 _____ (Microsoft Corporation) C:\windows\syswow64\iertutil.dll
2010-12-31 23:00 - 2010-06-28 23:02 - 01413632 _____ (Microsoft Corporation) C:\windows\syswow64\ole32.dll
2011-10-20 17:48 - 2011-08-26 22:43 - 00571904 _____ (Microsoft Corporation) C:\windows\syswow64\OLEAUT32.dll
2012-10-09 20:00 - 2012-06-01 22:45 - 01157632 _____ (Microsoft Corporation) C:\windows\syswow64\CRYPT32.dll
2010-08-29 22:15 - 2009-08-29 00:57 - 00034816 _____ (Microsoft Corporation) C:\windows\syswow64\MSASN1.dll
2012-09-28 10:54 - 2012-06-08 22:46 - 12868608 _____ (Microsoft Corporation) C:\windows\syswow64\SHELL32.dll
2009-07-13 17:28 - 2009-07-13 19:15 - 00828928 _____ (Microsoft Corporation) C:\windows\syswow64\MSCTF.dll
2009-07-13 17:16 - 2009-07-13 19:16 - 01668608 _____ (Microsoft Corporation) C:\windows\syswow64\SETUPAPI.dll
2011-07-07 23:32 - 2011-05-24 04:34 - 00145920 _____ (Microsoft Corporation) C:\windows\syswow64\CFGMGR32.dll
2011-07-07 23:32 - 2011-05-24 04:34 - 00064512 _____ (Microsoft Corporation) C:\windows\syswow64\DEVOBJ.dll
2009-07-13 17:12 - 2009-07-13 19:16 - 00206336 _____ (Microsoft Corporation) C:\windows\syswow64\WS2_32.dll
2009-07-13 17:12 - 2009-07-13 19:16 - 00008704 _____ (Microsoft Corporation) C:\windows\syswow64\NSI.dll
2012-10-09 20:01 - 2012-08-24 11:10 - 00172544 _____ (Microsoft Corporation) C:\windows\syswow64\WINTRUST.dll
2009-07-13 17:15 - 2009-07-13 19:16 - 00006144 _____ (Microsoft Corporation) C:\windows\syswow64\PSAPI.DLL
2013-03-25 13:44 - 2013-03-25 13:44 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00705928 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccL120U.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00089480 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccVrTrst.dll
2013-06-08 14:17 - 2013-05-22 23:25 - 00086408 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\EFACli.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00157576 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvc.dll
2013-06-08 14:17 - 2013-05-20 22:40 - 00410576 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\srtsp32.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00159624 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccIPC.dll
2013-06-08 14:17 - 2013-05-29 19:22 - 00556336 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\DIMASTER.DLL
2009-07-13 17:44 - 2009-07-13 19:15 - 00522240 _____ (Microsoft Corporation) C:\windows\syswow64\CLBCatQ.DLL
2013-06-08 14:17 - 2013-05-20 22:44 - 00345480 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSet.dll
2013-08-15 13:43 - 2013-07-22 01:17 - 00813904 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\COSVCPLG.DLL
2013-06-08 14:17 - 2013-05-20 22:44 - 00289160 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CCGEVT.DLL
2013-06-08 14:17 - 2013-05-20 22:44 - 00207240 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccGLog.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00401288 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CCJOBMGR.DLL
2013-06-08 14:17 - 2013-05-20 22:44 - 00324488 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CCSUBENG.DLL
2013-06-08 14:17 - 2013-05-20 22:44 - 00207752 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CCEMLPXY.DLL
2013-06-08 14:17 - 2013-05-07 18:53 - 00620920 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\IRON.DLL
2013-06-08 14:17 - 2013-04-24 18:43 - 00251824 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\SNDSVC.DLL
2013-06-08 14:17 - 2013-04-24 18:43 - 00040880 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\SYMRDRSV.DLL
2013-06-08 14:17 - 2013-06-03 22:42 - 00474960 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\HNCORE.DLL
2013-06-08 14:17 - 2013-04-24 18:43 - 00240560 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymNeti.dll
2013-06-08 14:17 - 2013-04-24 18:43 - 00074672 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymRedir.dll
2013-06-08 14:17 - 2013-05-23 20:09 - 00284552 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\APPMGR32.DLL
2013-07-27 20:40 - 2013-06-27 23:17 - 01849168 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\ISDATAPR.DLL
2013-06-08 14:17 - 2013-06-03 22:42 - 00719184 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\AVPSVC32.dll
2013-06-08 14:17 - 2013-05-23 20:09 - 00098696 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\AVMail.dll
2013-06-08 14:17 - 2013-05-23 20:09 - 01771400 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\avModule.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 03857232 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\NCW.DLL
2012-04-20 07:33 - 2012-02-29 23:45 - 00158720 _____ (Microsoft Corporation) C:\windows\syswow64\imagehlp.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 04060496 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\asEngine.dll
2013-06-08 14:17 - 2013-05-29 20:13 - 01078576 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\DataStor.dll
2013-06-08 14:17 - 2013-05-20 16:50 - 00932176 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\cltPE.dll
2013-06-08 14:17 - 2013-05-23 20:09 - 00502664 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\AVIfc.dll
2013-06-08 14:17 - 2013-06-03 19:23 - 01550672 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\SQSVC.DLL
2009-07-13 18:20 - 2009-07-13 19:14 - 00309248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2013-06-08 14:17 - 2013-06-03 22:43 - 00243024 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\QSPLUGIN.DLL
2013-06-08 14:17 - 2013-05-20 16:50 - 01035088 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CLTLMS.DLL
2013-06-08 14:17 - 2012-11-15 20:14 - 00147448 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\BHSVCPLG.DLL
2013-06-08 14:17 - 2013-05-29 20:13 - 00633648 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\SPOCCLNT.DLL
2013-06-08 14:17 - 2013-05-20 23:02 - 00655240 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\DSCli.dll
2013-06-08 14:17 - 2013-05-29 20:13 - 00348464 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SQLite.dll
2013-06-08 14:17 - 2013-05-29 20:13 - 00965936 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\COMM.DLL
2013-06-08 14:17 - 2013-05-29 20:13 - 00693040 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\EVENTSVC.DLL
2013-06-08 14:17 - 2013-05-20 16:50 - 00985424 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CLTLMJ.DLL
2013-06-08 14:17 - 2013-05-29 20:13 - 01337136 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\MCLNTASK.DLL
2009-07-13 17:33 - 2009-07-13 19:17 - 00249680 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2013-09-06 01:47 - 2013-09-04 17:36 - 00799136 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130905.001\IDSxpx86.dll
2013-06-08 14:17 - 2013-05-29 20:13 - 00103216 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ProxyClt.dll
2013-07-27 20:40 - 2013-07-03 15:42 - 00821552 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\NAHELPER.DLL
2013-06-08 14:17 - 2013-05-30 19:46 - 00999760 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coDataPr.dll
2013-06-08 14:17 - 2013-05-30 19:48 - 00551760 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coShdObj.dll
2013-06-08 14:17 - 2013-04-08 19:27 - 00124896 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\IPSPLUG.DLL
2013-06-08 14:17 - 2013-06-03 22:42 - 01185104 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\ISDATASV.DLL
2013-07-27 21:05 - 2013-05-31 17:15 - 01893816 _____ (Symantec Corporation) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHEngine.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00475472 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\FWCORE.DLL
2013-06-08 14:17 - 2012-11-15 20:14 - 00198648 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\BHClient.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00205136 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\FWSETUP.DLL
2013-06-08 14:17 - 2013-06-03 22:42 - 00175440 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\FWGenPlg.dll
2009-07-13 17:53 - 2009-07-13 19:15 - 00462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2013-06-08 14:17 - 2013-05-29 19:22 - 00320816 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diStRptr.dll
2009-07-13 17:38 - 2009-07-13 19:16 - 00268800 _____ (Microsoft Corporation) C:\windows\syswow64\WLDAP32.dll
2013-06-08 14:17 - 2013-05-23 20:09 - 00113544 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\QBackup.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00075088 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IMCfg.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00537424 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\AVPAPP32.dll
2012-09-28 10:54 - 2012-06-01 22:48 - 00225280 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-06-08 14:17 - 2013-05-30 19:48 - 00148816 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\coParse.dll
2010-12-31 23:00 - 2010-11-01 22:40 - 00496128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00712528 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\NAVLOGV.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00242512 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\NUMEng.dll
2013-06-08 14:17 - 2013-03-25 20:05 - 01057664 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\LUE.DLL
2013-06-08 14:17 - 2013-05-20 22:44 - 01192328 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSEBind.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00183120 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\FWHelper.dll
2009-07-13 17:29 - 2009-07-13 19:16 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qmgrprxy.dll
2013-07-01 13:28 - 2013-07-01 13:28 - 00133408 _____ (Sendori) C:\Program Files (x86)\Sendori\SndCertDLL.dll
2013-07-01 13:28 - 2013-07-01 13:28 - 00275744 _____ (Sendori, Inc.) C:\Program Files (x86)\Sendori\DynLib.dll
2013-04-09 15:49 - 2013-03-01 23:05 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-02-12 22:57 - 2013-01-03 22:51 - 01114112 _____ (Microsoft Corporation) C:\windows\syswow64\KERNEL32.dll
2012-09-28 10:54 - 2012-06-08 22:46 - 12868608 _____ (Microsoft Corporation) C:\windows\syswow64\shell32.dll
2013-04-09 15:49 - 2013-03-01 23:01 - 11019776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2011-10-20 17:48 - 2011-08-26 22:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OLEACC.dll
2013-07-01 13:28 - 2013-07-01 13:28 - 00147232 _____ (Sendori) C:\Program Files (x86)\Sendori\Sendori.Library.dll
2009-07-13 17:15 - 2009-07-13 19:09 - 00002048 _____ (Microsoft Corporation) C:\windows\syswow64\Normaliz.dll
2013-07-01 13:28 - 2013-07-01 13:28 - 00047392 _____ ( ) C:\Program Files (x86)\Sendori\Interop.PCProxyLib.dll
2010-08-29 22:15 - 2009-09-09 23:52 - 00257024 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.DLL
2013-06-08 14:17 - 2013-06-03 22:42 - 00548688 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\NPCTRAY.DLL
2013-06-08 14:17 - 2013-06-03 22:43 - 00962384 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\uiMain.dll
2013-06-08 14:17 - 2013-05-28 01:42 - 02430800 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SYMHTMDX.DLL
2009-07-13 17:39 - 2009-07-13 19:15 - 00486912 _____ (Microsoft Corporation) C:\windows\syswow64\COMDLG32.dll
2013-06-08 14:17 - 2013-05-29 20:13 - 01337136 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\MClnTask.dll
2013-07-27 20:40 - 2013-06-27 23:17 - 01849168 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\isDataPr.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00548176 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\ASHELPER.DLL
2013-07-27 20:40 - 2013-07-03 15:42 - 00821552 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\naHelper.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00579408 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\ASOEHOOK.DLL
2013-06-08 14:17 - 2013-06-03 22:42 - 00537424 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\AVPAPP32.DLL
2013-06-08 14:17 - 2013-05-20 16:50 - 02651472 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\CLTALDIS.DLL
2013-06-08 14:17 - 2013-06-03 22:42 - 00528208 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\FWSESAL.DLL
2013-06-19 19:07 - 2013-05-20 16:50 - 00536912 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\MUI\20.4.0.40\09\01\cltRes.loc
2013-06-08 14:17 - 2013-05-20 16:50 - 01035088 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\cltLMS.dll
2013-06-08 14:17 - 2013-05-30 19:48 - 01397584 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\COACTMGR.DLL
2013-06-08 14:17 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-06-08 14:17 - 2013-05-20 22:44 - 00289160 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccGEvt.dll
2013-06-08 14:17 - 2013-06-03 22:42 - 00502608 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\NUEX.DLL
2013-06-08 14:17 - 2013-05-29 20:13 - 00965936 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Comm.dll
2013-06-08 14:17 - 2012-05-15 03:27 - 00588216 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\SDKCMN.DLL
2013-06-08 14:17 - 2013-06-03 22:43 - 00916304 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\UIALERT.DLL
2013-06-08 14:17 - 2013-05-29 20:13 - 00028464 ____R (Symantec Corporation) C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\USERCTXT.DLL
2012-09-28 10:54 - 2012-06-01 22:42 - 00096768 _____ (Microsoft Corporation) C:\windows\syswow64\SSPICLI.DLL
2009-07-13 17:25 - 2009-07-13 19:11 - 00119808 _____ (Microsoft Corporation) C:\windows\syswow64\IMM32.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 00292272 _____ () C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 21014960 _____ () C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\libcef.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 09962416 _____ (The ICU Project) C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\icudt.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 00179632 _____ () C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\CefSharp.WinForms.dll
2013-03-07 22:32 - 2013-03-07 22:32 - 00399280 _____ (Newtonsoft) C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\Newtonsoft.Json.dll
2009-07-13 17:15 - 2009-07-13 19:16 - 00006144 _____ (Microsoft Corporation) C:\windows\syswow64\psapi.dll
2013-07-27 21:41 - 2013-08-28 15:47 - 00288680 _____ (Valve Corporation) C:\Program Files (x86)\Steam\crashhandler.dll
2013-07-03 15:23 - 2013-07-15 16:32 - 02895272 _____ (Valve Corporation) C:\Program Files (x86)\Steam\steam.dll
2013-07-09 17:56 - 2013-08-28 15:47 - 10654632 _____ (Valve Corporation) C:\Program Files (x86)\Steam\steamui.dll
2013-07-01 08:20 - 2013-08-21 16:18 - 00687104 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-07-09 17:56 - 2013-08-28 15:47 - 00263080 _____ (Valve Corporation) C:\Program Files (x86)\Steam\tier0_s.dll
2013-07-09 17:56 - 2013-08-28 15:47 - 00236456 _____ (Valve Corporation) C:\Program Files (x86)\Steam\vstdlib_s.dll
2013-06-14 15:49 - 2013-06-14 17:49 - 00122864 _____ (Valve) C:\Program Files (x86)\Steam\CSERHelper.dll
2013-07-09 17:56 - 2013-08-28 15:47 - 00169384 _____ (Valve Corporation) C:\Program Files (x86)\Steam\bin\filesystem_stdio.DLL
2013-07-09 17:56 - 2013-08-28 15:47 - 00694696 _____ (Valve Corporation) C:\Program Files (x86)\Steam\bin\vgui2_s.DLL
2013-07-09 17:56 - 2013-08-28 15:47 - 01120680 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-09 13:45 - 2013-08-07 13:31 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-14 17:49 - 09955112 _____ (The ICU Project) C:\Program Files (x86)\Steam\bin\icudt.dll
2013-06-14 15:49 - 2013-06-14 17:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-14 17:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-14 17:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2013-07-09 17:56 - 2013-08-28 15:47 - 07745960 _____ (Valve Corporation) C:\Program Files (x86)\Steam\steamclient.dll
2013-01-08 18:10 - 2012-12-06 22:57 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2011-10-20 18:28 - 2011-06-15 22:35 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XmlLite.dll
2009-07-13 17:27 - 2009-07-13 19:16 - 00377856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2013-07-09 17:56 - 2013-08-28 15:47 - 02449832 _____ (Valve Corporation) c:\program files (x86)\steam\bin\friendsui.DLL
2013-07-09 17:56 - 2013-08-28 15:47 - 01804712 _____ (Valve Corporation) c:\program files (x86)\steam\bin\serverbrowser.DLL
2009-07-13 18:04 - 2009-07-13 19:15 - 00145408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dinput8.dll
2013-07-09 17:56 - 2013-08-28 15:47 - 02090408 _____ (Valve Corporation) C:\Program Files (x86)\Steam\bin\SteamService.dll
2010-11-03 04:18 - 2010-03-03 14:37 - 01892352 _____ (Apache Software Foundation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\xerces-c_2_7.dll
2013-09-05 21:46 - 2013-09-02 14:35 - 09962960 _____ (The ICU Project) C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\icudt.dll
2009-07-13 18:03 - 2009-07-13 19:15 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2013-09-05 21:46 - 2013-09-05 21:46 - 00982352 _____ (Symantec Corporation) C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.0.10_0\npcoplgn.dll
2009-07-13 17:16 - 2009-07-13 19:16 - 01668608 _____ (Microsoft Corporation) C:\windows\syswow64\setupapi.dll
2013-09-05 21:46 - 2013-09-02 14:35 - 00709584 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
2013-09-05 21:46 - 2013-09-02 14:35 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
2013-09-05 21:46 - 2013-09-02 14:35 - 04053456 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
2013-09-05 21:46 - 2013-09-02 14:35 - 00410576 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
2013-09-05 21:46 - 2013-09-02 14:35 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
2013-06-08 14:17 - 2013-05-30 19:48 - 01164112 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coUICtlr.dll
2013-06-08 14:17 - 2013-05-30 19:49 - 00842064 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coWPPlg.dll
2013-06-08 14:17 - 2013-05-30 19:48 - 00227664 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coSfShre.dll
2013-06-08 14:17 - 2013-05-30 19:48 - 02573136 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIDSafe.dll
2013-06-08 14:17 - 2012-05-30 08:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
2009-07-13 17:15 - 2009-07-13 19:09 - 00002048 _____ (Microsoft Corporation) C:\windows\syswow64\normaliz.dll
2013-06-08 14:17 - 2013-05-29 19:22 - 00517424 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\diArkive.dll
2013-06-08 14:17 - 2013-05-28 01:42 - 03008848 ____R (Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SYMHTML.DLL
2013-09-05 21:46 - 2013-09-02 14:35 - 13599184 _____ () C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) ==========
 
AlternateDataStreams: C:\ProgramData\TEMP:373E1720
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/06/2013 03:09:30 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/06/2013 03:08:38 PM) (Source: Google Update) (User: greg-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (09/05/2013 09:42:01 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc00000fd
Fault offset: 0x000000000005316f
Faulting process id: 0xdf0
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/05/2013 09:39:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: explorer.exe, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: ntdll.dll, version: 6.1.7600.16915, time stamp: 0x4ec4b137
Exception code: 0xc00000fd
Fault offset: 0x000000000005303a
Faulting process id: 0x17dc
Faulting application start time: 0xexplorer.exe0
Faulting application path: explorer.exe1
Faulting module path: explorer.exe2
Report Id: explorer.exe3
 
Error: (09/05/2013 09:22:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7600.16768, time stamp: 0x4d688122
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000355498
Faulting process id: 0x910
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (09/05/2013 05:37:57 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/05/2013 04:56:34 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -Embedding; Description = Configured Microsoft Office Home and Student 2010; Error = 0x8007043c).
 
Error: (09/05/2013 04:01:26 PM) (Source: System Restore) (User: )
Description: System restore ended unexpectedly because of power loss or a program error. Additional information: (Scheduled Checkpoint).
 
Error: (09/05/2013 03:43:00 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/05/2013 00:43:46 PM) (Source: SendoriService) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
 
System errors:
=============
Error: (09/06/2013 10:01:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
 
Error: (09/06/2013 10:00:24 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (09/06/2013 10:00:23 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service hung on starting.
 
Error: (09/06/2013 09:58:26 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (09/06/2013 07:09:30 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/06/2013 03:08:28 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/06/2013 05:31:51 AM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (09/05/2013 09:21:54 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error: 
%%1060
 
Error: (09/05/2013 09:20:55 PM) (Source: Service Control Manager) (User: )
Description: The Service Sendori service failed to start due to the following error: 
%%1053
 
Error: (09/05/2013 09:20:55 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
 
 
Microsoft Office Sessions:
=========================
Error: (09/06/2013 03:09:30 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/06/2013 03:08:38 PM) (Source: Google Update)(User: greg-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (09/05/2013 09:42:01 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c00000fd000000000005316fdf001ceaab2aa643d0dC:\windows\explorer.exeC:\windows\SYSTEM32\ntdll.dll4938e683-16a6-11e3-a476-88ae1dfb46f8
 
Error: (09/05/2013 09:39:12 PM) (Source: Application Error)(User: )
Description: explorer.exe6.1.7600.167684d688122ntdll.dll6.1.7600.169154ec4b137c00000fd000000000005303a17dc01ceaab054c10d1dC:\windows\explorer.exeC:\windows\SYSTEM32\ntdll.dlle48772a8-16a5-11e3-a476-88ae1dfb46f8
 
Error: (09/05/2013 09:22:04 PM) (Source: Application Error)(User: )
Description: Explorer.EXE6.1.7600.167684d688122unknown0.0.0.000000000c0000005000000000035549891001ceaab00097d811C:\windows\Explorer.EXEunknown7fd44e2f-16a3-11e3-a476-88ae1dfb46f8
 
Error: (09/05/2013 05:37:57 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/05/2013 04:56:34 PM) (Source: System Restore)(User: )
Description: C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\Setup.exe" -EmbeddingConfigured Microsoft Office Home and Student 20100x8007043c
 
Error: (09/05/2013 04:01:26 PM) (Source: System Restore)(User: )
Description: Scheduled Checkpoint
 
Error: (09/05/2013 03:43:00 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (09/05/2013 00:43:46 PM) (Source: SendoriService)(User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 39%
Total physical RAM: 7986.67 MB
Available physical RAM: 4869.94 MB
Total Pagefile: 15971.48 MB
Available Pagefile: 12609.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (TI106042W0A) (Fixed) (Total:452.7 GB) (Free:337.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (STAR_WARS) (CDROM) (Total:7.56 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 702E5435)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=453 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12 GB) - (Type=17)
 
==================== End Of Log ============================

 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 07 September 2013 - 02:25 AM

Hello gbayless



I need you to download this script I have made for you --> Attached File  fixlist.txt   473bytes   7 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gbayless

gbayless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 07 September 2013 - 02:47 AM

My computer forcefully restarted after the fix command had finished, was that supposed to happen? 

 

here is the fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-09-2013
Ran by greg at 2013-09-07 01:39:45 Run:1
Running from C:\Users\greg\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\greg\AppData\Roaming\cache.dat <==== ATTENTION
U2 SharedAccess; 
C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e} 
C:\Users\greg\AppData\Roaming\cache.ini 
DeleteJunctionsInDirectory: C:\Program Files\Windows Defender
DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client
DeleteJunctionsIndirectory: C:\Windows\system64
cmd: Dir /b /a:l "C:\Program Files" /s
 
 
 
*****************
 
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
SharedAccess => Service deleted successfully.
 
"C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e} " directory move:
 
Could not move "C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e} " directory. => Scheduled to move on reboot.
 
C:\Users\greg\AppData\Roaming\cache.ini  => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Not Found
"C:\Windows\system64" => Not Found
 
=========  Dir /b /a:l "C:\Program Files" /s =========
 
File Not Found
 
========= End of CMD: =========
 
 
=========== Result of Scheduled Files to move ===========
 
"C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e} " => Directory could not move.
 
==== End of Fixlog ====


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 07 September 2013 - 03:57 AM



Hello gbayless

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 gbayless

gbayless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 07 September 2013 - 05:05 AM

though they seemed to remove alot of items and such the viruses are still attacking, and the computer still seems to be running the same as far as i can tell. 

 

adwcleaner

 

# AdwCleaner v3.002 - Report created 07/09/2013 at 03:35:15
# Updated 01/09/2013 by Xplode
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : greg - GREG-PC
# Running from : C:\Users\greg\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : IB Updater
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\Perion
Folder Deleted : C:\Program Files (x86)\SaveValet
Folder Deleted : C:\Program Files (x86)\Shopping Sidekick Plugin
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\windows\SysWOW64\ARFC
Folder Deleted : C:\windows\SysWOW64\jmdp
Folder Deleted : C:\windows\SysWOW64\WNLT
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Program Files\Updater By SweetPacks
Folder Deleted : C:\windows\System32\ARFC
Folder Deleted : C:\Users\greg\AppData\Local\Conduit
Folder Deleted : C:\Users\greg\AppData\Local\cre
Folder Deleted : C:\Users\greg\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\greg\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\greg\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\greg\AppData\LocalLow\SweetIM
Folder Deleted : C:\Users\greg\AppData\Roaming\Babylon
Folder Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\SweetPacksToolbarData
Folder Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\CT3241284
Folder Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\windows\System32\dmwu.exe
File Deleted : C:\windows\System32\ImhxxpComm.dll
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\Askcom.xml
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\Conduit.xml
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\MyStart Search.xml
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\MyStart.xml
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\searchplugins\Web Search.xml
File Deleted : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\user.js
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{8E9E3331-D360-4f87-8803-52DE43566502}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Value Deleted : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\licjnkifamhpbaefhdpacpmihicfbomb
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PricePeep.DLL
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho
Key Deleted : HKLM\SOFTWARE\Classes\PricePeep.PricePeepBho.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PCFixSpeed]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0021802.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{38A066B0-DD5F-4226-AC4F-6A27C1BFB892}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1B97A696-5576-43AC-A73B-E1D2C78F21E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75BF416E-4326-45B5-8A2D-AE32D05B930B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3BF3DED5-0FC8-4207-AC09-AA7B5AF4E408}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD6D90C0-E6EE-4BC6-B9F7-9ED319698007}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EEE6C35D-6118-11DC-9C72-001320C79847}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\WNLT
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Shopping Sidekick Plugin
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\IB Updater
Key Deleted : [x64] HKLM\SOFTWARE\WNLT
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.17267
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v17.0 (en-US)
 
[ File : C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\prefs.js ]
 
Line Deleted : user_pref("browser.BabylonToolbar_i.newTab", "");
Line Deleted : user_pref("browser.BabylonToolbar_i.newTabUrl", "");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "");
Line Deleted : user_pref("browser.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid={093940F2-9358-11E2-934F-88AE1DFB46F8}&crg=3.5000006.10042");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={093940F2-9358-11E2-934F-88AE1DFB46F8}");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=110803&tt=311012_niche_4412_7");
Line Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");
Line Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "18");
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "");
Line Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "339E8DD710B0A0A038EF6C4B6C096862");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", true);
Line Deleted : user_pref("extensions.BabylonToolbar.hrdid", "e4e2383e0000000000000023159086d5");
Line Deleted : user_pref("extensions.BabylonToolbar.id", "e4e2383e0000000000000023159086d5");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15649");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.instlday", "15649");
Line Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.3.819:15:05");
Line Deleted : user_pref("extensions.BabylonToolbar.lastdp", 6);
Line Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"6\",\"lastVrsn\":\"6\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":0}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "tzb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "tzb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "tzb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.srch", "");
Line Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e4e2383e0000000000000023159086d5&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e4e2383e0000000000000023159086d5&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.3.819:15:05");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.8.3.819:15:05");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110803&tt=311012_niche_4412_7");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.819:15:05");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22586720);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.incredibar.admin", false);
Line Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar.cntry", "US");
Line Deleted : user_pref("extensions.incredibar.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Line Deleted : user_pref("extensions.incredibar.did", "10678");
Line Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Line Deleted : user_pref("extensions.incredibar.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar.hdrMd5", "40AD6398D1BB3C881E9E953415801BD7");
Line Deleted : user_pref("extensions.incredibar.hmpg", false);
Line Deleted : user_pref("extensions.incredibar.id", "e4e2383e0000000000000023159086d5");
Line Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar.instlDay", "15645");
Line Deleted : user_pref("extensions.incredibar.instlRef", "");
Line Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:00:21");
Line Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Line Deleted : user_pref("extensions.incredibar.newTab", false);
Line Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.incredibar.ppd", "111");
Line Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar.productid", "26");
Line Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar.sg", "none");
Line Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQOmGzTGv&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar.upn2", "6PQOmGzTGv");
Line Deleted : user_pref("extensions.incredibar.upn2n", "92543849417796975");
Line Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:00:21");
Line Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10678");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "e4e2383e0000000000000023159086d5");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15645");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "111");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQOmGzTGv&loc=IB_TB&i=26&search=");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6PQOmGzTGv");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92543849417796975");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:00:21");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Line Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Line Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10042");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.newtab.created", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.newtab.url", "hxxp://start.sweetpacks.com/?src=97&barid=$toolbar_id;&crg=$cargo;");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.newtab.url", "about:newtab");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "Ask.com");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=US&userid=e330a51d-7d69-4877-9e1d-50e1b91cd450&searchtype=hp");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;&flavour=$flavr;");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{093940F2-9358-11E2-934F-88AE1DFB46F8}");
Line Deleted : user_pref("sweetim.toolbar.urls.afteruninstall", "hxxp://toolbar.sweetpacks.com/uninstallbar.asp?barid=$toolbar_id;&flavour=$flavr;");
Line Deleted : user_pref("sweetim.toolbar.urls.contactus", "hxxp://www.perion.com/contact-us");
Line Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={093940F2-9358-11E2-934F-88AE1DFB46F8}");
Line Deleted : user_pref("sweetim.toolbar.urls.privacy", "hxxp://www.perion.com/privacy-policy");
Line Deleted : user_pref("sweetim.toolbar.urls.searchpage", "hxxp://start.sweetpacks.com/?barid=$toolbar_id;");
Line Deleted : user_pref("sweetim.toolbar.urls.uninstall", "hxxp://toolbar.sweetpacks.com/uninstall");
Line Deleted : user_pref("sweetim.toolbar.version", "1.12.0.0");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_product_domain", "Incredibar");
Line Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.sweetim.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"h[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
Line Deleted : user_pref("{8E9E3331-D360-4f87-8803-52DE43566502}.ScriptData_product_name", "Updater By SweetPacks");
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=toolbar|babsrc=tb_ss|invocationType=tb50-ie-aolsoftonic-tbsbox-en-us|invocationType=tb50-ff-aolsoftonic[...]
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://search.snap.do/|||8641363310447706");
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://search.snap.do/?q=google&category=Web/|#|old_value|||8641363310447706");
Line Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\":\"q\",\"search.imesh.net\":\"q\",\"www.search-results.com\":\"q\",\"home.mywebsearch.com\":\"searc[...]
 
-\\ Google Chrome v29.0.1547.66
 
[ File : C:\Users\greg\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [41077 octets] - [07/09/2013 03:33:15]
AdwCleaner[S0].txt - [39691 octets] - [07/09/2013 03:35:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39752 octets] ##########
 
JRT
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.8 (09.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by greg on Sat 09/07/2013 at  3:42:24.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2065017107-1862159159-1119248885-1000\Software\IB Updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2065017107-1862159159-1119248885-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\updater by sweetpacks
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220222182202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550255185502}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660266186602}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440244184402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby-20120809_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\dealcabby_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PricePeepInstaller-Adknowledgetest_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{15513F39-265F-41D2-8E31-C1EE2DA66C41}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B2FE5DA6-7984-4285-BF78-EF9243CD25BC}
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
Successfully deleted: [File] C:\windows\syswow64\shoAC9.tmp
Successfully deleted: [File] C:\windows\syswow64\shoB951.tmp
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\greg\AppData\Roaming\strongvault"
Successfully deleted: [Folder] "C:\Users\greg\appdata\local\best buy pc app"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{1065486C-9AE5-46BD-968E-AF6F9D58CF33}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{174BD7F7-8D18-4072-9A35-17666E5C1892}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{1A99DEAA-8A6E-4E40-B30F-5A74A3CBE9B7}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{26E2ADF1-4BB2-4B7F-BF89-624374CDB9F2}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{2D944D8D-B65F-4C6C-82C2-3E629E2AB65D}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{323ED4BB-4889-4955-A07A-9BC977CBC565}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{35118E2E-098D-4537-B626-746B322D20B9}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{4A0ADB2B-88B3-4388-9B49-27D4C79BA780}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{55E01607-6C1C-4C3E-BE84-F884C8841A4D}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{59596C70-E419-45FA-B307-562A3970551F}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{5D03AE1F-47F0-4A71-9A13-B89615BBC540}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{9B20C71F-6706-4847-A91D-920D8811FA4B}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{9D439E3E-5338-4F87-87AE-78C63E7A2891}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{9ED70807-E011-42F2-9D5E-199CFF6F61B5}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{A0721090-297A-4085-A573-49555F7A635F}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{AB121152-EF45-480E-858E-C1BD18176BBC}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{B70FD6DE-19AD-4305-BA56-A824A6DEDBC0}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{C7C86B98-D296-4D21-8BDE-1373C8AF2378}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{C8869529-A06E-4E49-A66A-62ABA10C7DBF}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{D74AC0D6-27AC-4DD7-8B0F-BC1CED02F818}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{D93DA7C0-0212-40F5-805D-6C04BEC80693}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{E062D360-4C45-4DC8-AF8A-3D2713F499F4}
Successfully deleted: [Empty Folder] C:\Users\greg\appdata\local\{F19E0748-3C3E-4BA6-B10A-168FF2242222}
 
 
 
~~~ FireFox
 
Successfully deleted: [File] C:\user.js
Successfully deleted: [File] C:\Users\greg\AppData\Roaming\mozilla\firefox\profiles\ceel6426.default\searchplugins\my-homepage.xml
Successfully deleted: [Folder] C:\Users\greg\AppData\Roaming\mozilla\firefox\profiles\ceel6426.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{c4cfc0de-134f-4466-b2a2-ff7c59a8bfad}
Emptied folder: C:\Users\greg\AppData\Roaming\mozilla\firefox\profiles\ceel6426.default\minidumps [18 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\niogeckbkdcabhnapjbkeiklablhjoca
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 09/07/2013 at  3:55:47.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 07 September 2013 - 05:46 PM


Hello gbayless

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gbayless

gbayless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 07 September 2013 - 09:04 PM

It seems as the program removed the virus and the computer is running smoothly, at least it feels better, thank you and here is the log as requested

 

 
ComboFix 13-09-06.01 - greg 09/07/2013  18:00:54.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7987.5935 [GMT -6:00]
Running from: C:\Users\greg\Downloads\ComboFix.exe
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
 
 
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
 
 
C:\Program Files (x86)\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e}\9519~1\A535~1\E628~1\{b0ce6852-8ac3-5f02-1184-9d525505464e}\@
C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e}\9519~1\A535~1\E628~1\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\00000001.@
C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e}\9519~1\A535~1\E628~1\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\00000002.@
C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e}\9519~1\A535~1\E628~1\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\80000000.@
C:\Program Files (x86)\Google\Desktop\Install\{b0ce6852-8ac3-5f02-1184-9d525505464e}\9519~1\A535~1\E628~1\{b0ce6852-8ac3-5f02-1184-9d525505464e}\U\800000cb.@
C:\Users\greg\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FB22959E-967F-4CC3-9FD7-CBD039A363A4}.xps
C:\windows\SysWow64\DEBUG.log
C:\windows\SysWow64\fjfa.tmp
 
 
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
 
 
2013-09-08 00:13:59 . 2013-09-08 00:13:59 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-09-07 09:42:22 . 2013-09-07 09:42:22 -------- d-----w- C:\windows\ERUNT
2013-09-07 09:33:04 . 2013-09-07 09:35:35 -------- d-----w- C:\AdwCleaner
2013-09-07 09:27:51 . 2013-09-08 00:20:26 -------- d-----w- C:\Users\greg\AppData\Local\Temp
2013-09-06 08:07:21 . 2013-09-06 08:09:01 -------- d-----w- C:\Users\greg\AppData\Local\NPE
2013-09-06 04:32:00 . 2013-09-07 07:44:16 -------- d-----w- C:\FRST
2013-09-05 23:32:53 . 2013-09-05 23:32:53 -------- d-sh--w- C:\windows\system32\%APPDATA%
2013-09-05 19:45:03 . 2013-09-06 07:40:13 -------- d-----w- C:\Users\greg\AppData\Roaming\Anvisoft
2013-09-05 19:44:53 . 2013-09-05 19:44:53 -------- d-----w- C:\ProgramData\Anvisoft
2013-09-05 19:44:51 . 2013-09-06 07:40:13 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-09-05 18:46:19 . 2013-09-05 18:46:19 -------- d-----w- C:\ProgramData\rybvj
2013-09-04 03:20:13 . 2013-09-04 03:54:17 -------- d-----w- C:\Users\greg\AppData\Roaming\FlvtoConverter
2013-08-29 13:37:36 . 2013-08-29 13:38:19 -------- d-----w- C:\ProgramData\6Dp6n373
2013-08-27 02:14:23 . 2013-08-27 02:14:23 -------- d-----w- C:\Intel
2013-08-27 00:49:01 . 2013-08-27 00:49:03 -------- d-----w- C:\Program Files (x86)\AGEIA Technologies
2013-08-27 00:49:01 . 2013-08-27 00:49:01 -------- d-----w- C:\windows\SysWow64\AGEIA
2013-08-27 00:48:57 . 2013-08-27 00:48:57 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-08-27 00:48:09 . 2008-07-12 14:18:52 467984 ----a-w- C:\windows\SysWow64\d3dx10_39.dll
2013-08-27 00:48:09 . 2008-07-12 14:18:52 1493528 ----a-w- C:\windows\SysWow64\D3DCompiler_39.dll
2013-08-27 00:48:09 . 2008-07-12 14:18:48 540688 ----a-w- C:\windows\system32\d3dx10_39.dll
2013-08-27 00:48:09 . 2008-07-12 14:18:48 1942552 ----a-w- C:\windows\system32\D3DCompiler_39.dll
2013-08-27 00:48:07 . 2008-07-12 14:18:52 3851784 ----a-w- C:\windows\SysWow64\D3DX9_39.dll
2013-08-27 00:48:07 . 2008-07-12 14:18:48 4992520 ----a-w- C:\windows\system32\D3DX9_39.dll
2013-08-18 05:31:35 . 2013-08-18 05:31:36 -------- d-----w- C:\Users\greg\AppData\Roaming\RenPy
2013-08-18 05:30:19 . 2013-08-18 05:31:21 -------- d-----w- C:\Program Files (x86)\Katawa Shoujo
2013-08-18 04:52:44 . 2013-08-18 04:52:44 -------- d-----w- C:\ProgramData\Yahoo!
2013-08-18 04:52:32 . 2013-09-06 03:33:08 -------- d-----w- C:\ProgramData\Yahoo! Companion
2013-08-18 04:52:32 . 2013-08-18 04:52:32 -------- d-----w- C:\Users\greg\AppData\Roaming\Yahoo!
2013-08-18 04:52:31 . 2013-08-18 04:52:44 -------- d-----w- C:\Program Files (x86)\Yahoo!
2013-08-14 17:11:04 . 2013-08-14 17:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 17:11:04 . 2013-08-14 17:11:04 4774272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
 
 
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
 
2013-08-21 01:39:50 . 2012-09-29 20:21:44 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 01:39:50 . 2012-09-29 20:21:44 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-08-15 06:58:57 . 2011-05-28 23:55:28 78161360 ----a-w- C:\windows\system32\MRT.exe
2013-07-29 20:01:18 . 2013-07-29 20:01:27 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-29 20:01:17 . 2012-11-07 06:11:41 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-07-29 20:01:17 . 2010-08-30 04:37:00 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-07-01 19:28:10 . 2012-12-22 02:42:51 325920 ----a-w- C:\windows\SysWow64\Sendori.dll
2013-06-20 01:07:05 . 2011-04-30 12:58:17 177312 ----a-w- C:\windows\system32\drivers\SYMEVENT64x86.SYS
 
 
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
 
 
*Note* empty entries & legit default entries are not shown 
REGEDIT4
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\steam.exe" [2013-08-28 21:47:18 1811880]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 22:21:16 34160]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 23:44:58 423936]
"SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 02:01:10 352256]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 19:45:54 1295736]
"TWebCamera"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 23:55:36 2454840]
"Sendori Tray"="C:\Program Files (x86)\Sendori\SendoriTray.exe" [2013-07-01 19:28:16 83232]
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 19:18:46 49208]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 13:32:50 253816]
 
C:\Users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OneNote 2010 Screen Clipper and Launcher.lnk - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys;C:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;C:\windows\system32\DRIVERS\motfilt.sys;C:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys;C:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;C:\windows\system32\DRIVERS\motccgp.sys;C:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;C:\windows\system32\DRIVERS\motccgpfl.sys;C:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;C:\windows\system32\DRIVERS\Motousbnet.sys;C:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;C:\windows\system32\DRIVERS\motusbdevice.sys;C:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 sxuptp;SXUPTP Driver;C:\windows\system32\DRIVERS\sxuptp.sys;C:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;C:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;C:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys;C:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS;C:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys;C:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;C:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130905.001\IDSvia64.sys;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130905.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;C:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;C:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe;C:\Program Files (x86)\Sendori\SendoriSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe;C:\Program Files (x86)\Sendori\Sendori.Service.exe [x]
S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe;C:\Program Files (x86)\Sendori\sndappv2.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe;C:\Program Files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys;C:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;C:\windows\system32\DRIVERS\bpenum.sys;C:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys;C:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;C:\windows\system32\Drivers\bpusb.sys;C:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys;C:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys;C:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys;C:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys;C:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys;C:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;C:\windows\system32\DRIVERS\Sftfslh.sys;C:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;C:\windows\system32\DRIVERS\Sftplaylh.sys;C:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;C:\windows\system32\DRIVERS\Sftredirlh.sys;C:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;C:\windows\system32\DRIVERS\Sftvollh.sys;C:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;C:\windows\system32\DRIVERS\stdriver64.sys;C:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys;C:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
 
 
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 03:45:56 1177552 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
 
Contents of the 'Scheduled Tasks' folder
 
2013-09-07 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 20:21:45 . 2013-08-21 01:39:51]
 
2013-09-07 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000Core.job
- C:\Users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 05:38:13 . 2012-09-20 05:38:05]
 
2013-09-07 C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000UA.job
- C:\Users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 05:38:13 . 2012-09-20 05:38:05]
 
2013-09-08 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 03:44:51 . 2013-09-06 03:44:50]
 
2013-09-07 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 03:44:51 . 2013-09-06 03:44:50]
 
2013-09-08 C:\windows\Tasks\HP Photo Creations Communicator.job
- C:\ProgramData\HP Photo Creations\Communicator.exe [2013-07-10 01:35:33 . 2013-07-10 01:35:33]
 
 
--------- X64 Entries -----------
 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="C:\windows\system32\thpsrv" [X]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 18:21:16 10134560]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 18:21:16 896032]
"IntelWirelessWiMAX"="C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 21:25:22 1441792]
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 21:31:34 24376]
"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 00:45:06 709976]
"IgfxTray"="C:\windows\system32\igfxtray.exe" [2010-04-26 17:49:44 161304]
"HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2010-04-26 17:49:36 386584]
"Persistence"="C:\windows\system32\igfxpers.exe" [2010-04-26 17:49:40 413208]
 
------- Supplementary Scan -------
 
uLocal Page = C:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3E5BA79-5EA3-4D14-BE93-07DA11104C6D}\2656C6B696E6E2936636E2537484A7: NameServer = 192.168.2.1
TCP: Interfaces\{CB645FB5-A4E0-4118-9DD0-51A37745DA27}: NameServer = 192.168.2.1
FF - ProfilePath - C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - ExtSQL: 2013-07-14 19:23; {8E9E3331-D360-4f87-8803-52DE43566502}; C:\Program Files\Updater By SweetPacks\Firefox
FF - ExtSQL: 2013-08-17 22:53; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-09-05 13:36; {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}; C:\Users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}
 
- - - - ORPHANS REMOVED - - - -
 
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Facebook Update - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-TPwrMain - C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-SmoothView - C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-SmartFaceVWatcher - C:\Program Files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-TosNC - C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-Best Buy pc app - C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - C:\Program Files (x86)\Coupons\uninstall.exe
AddRemove-{FBBC4667-2521-4E78-B1BD-8706F774549B} - C:\ProgramData\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe
AddRemove-48e4cff94f039634 - C:\ProgramData\Best Buy pc app\ClickOnceUninstaller.exe


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 07 September 2013 - 10:12 PM


Hello gbayless

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gbayless

gbayless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 08 September 2013 - 01:36 AM

here is the log and seems to be running like it was before the virus's. significantly less lag in the games i play and overall running

 

 

ComboFix 13-09-06.01 - greg 09/08/2013   0:02.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.7987.6015 [GMT -6:00]
Running from: c:\users\greg\Downloads\ComboFix.exe
Command switches used :: c:\users\greg\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
.
.
2013-09-08 06:14 . 2013-09-08 06:14 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2013-09-08 06:14 . 2013-09-08 06:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-08 06:14 . 2013-09-08 06:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-09-07 09:42 . 2013-09-07 09:42 -------- d-----w- c:\windows\ERUNT
2013-09-07 09:33 . 2013-09-07 09:35 -------- d-----w- C:\AdwCleaner
2013-09-07 09:27 . 2013-09-08 06:14 -------- d-----w- c:\users\greg\AppData\Local\Temp
2013-09-06 08:07 . 2013-09-06 08:09 -------- d-----w- c:\users\greg\AppData\Local\NPE
2013-09-06 04:32 . 2013-09-07 07:44 -------- d-----w- C:\FRST
2013-09-05 23:32 . 2013-09-05 23:32 -------- d-sh--w- c:\windows\system32\%APPDATA%
2013-09-05 19:45 . 2013-09-06 07:40 -------- d-----w- c:\users\greg\AppData\Roaming\Anvisoft
2013-09-05 19:44 . 2013-09-05 19:44 -------- d-----w- c:\programdata\Anvisoft
2013-09-05 19:44 . 2013-09-06 07:40 -------- d-----w- c:\program files (x86)\Anvisoft
2013-09-05 18:46 . 2013-09-05 18:46 -------- d-----w- c:\programdata\rybvj
2013-09-04 03:20 . 2013-09-04 03:54 -------- d-----w- c:\users\greg\AppData\Roaming\FlvtoConverter
2013-08-29 13:37 . 2013-08-29 13:38 -------- d-----w- c:\programdata\6Dp6n373
2013-08-27 02:14 . 2013-08-27 02:14 -------- d-----w- C:\Intel
2013-08-27 00:49 . 2013-08-27 00:49 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-08-27 00:49 . 2013-08-27 00:49 -------- d-----w- c:\windows\SysWow64\AGEIA
2013-08-27 00:48 . 2013-08-27 00:48 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-08-27 00:48 . 2008-07-12 14:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2013-08-27 00:48 . 2008-07-12 14:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2013-08-27 00:48 . 2008-07-12 14:18 540688 ----a-w- c:\windows\system32\d3dx10_39.dll
2013-08-27 00:48 . 2008-07-12 14:18 1942552 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2013-08-27 00:48 . 2008-07-12 14:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2013-08-27 00:48 . 2008-07-12 14:18 4992520 ----a-w- c:\windows\system32\D3DX9_39.dll
2013-08-18 05:31 . 2013-08-18 05:31 -------- d-----w- c:\users\greg\AppData\Roaming\RenPy
2013-08-18 05:30 . 2013-08-18 05:31 -------- d-----w- c:\program files (x86)\Katawa Shoujo
2013-08-18 04:52 . 2013-08-18 04:52 -------- d-----w- c:\programdata\Yahoo!
2013-08-18 04:52 . 2013-09-06 03:33 -------- d-----w- c:\programdata\Yahoo! Companion
2013-08-18 04:52 . 2013-08-18 04:52 -------- d-----w- c:\users\greg\AppData\Roaming\Yahoo!
2013-08-18 04:52 . 2013-08-18 04:52 -------- d-----w- c:\program files (x86)\Yahoo!
2013-08-14 17:11 . 2013-08-14 17:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2013-08-14 17:11 . 2013-08-14 17:11 4774272 ----a-w- c:\program files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-21 01:39 . 2012-09-29 20:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-21 01:39 . 2012-09-29 20:21 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-15 06:58 . 2011-05-28 23:55 78161360 ----a-w- c:\windows\system32\MRT.exe
2013-07-29 20:01 . 2013-07-29 20:01 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-07-29 20:01 . 2012-11-07 06:11 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-07-29 20:01 . 2010-08-30 04:37 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-07-01 19:28 . 2012-12-22 02:42 325920 ----a-w- c:\windows\SysWow64\Sendori.dll
2013-06-20 01:07 . 2011-04-30 12:58 177312 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-08-28 1811880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2009-12-25 34160]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-02-23 352256]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-05-01 2454840]
"Sendori Tray"="c:\program files (x86)\Sendori\SendoriTray.exe" [2013-07-01 83232]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Facebook Messenger.lnk - c:\users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe [2013-3-7 248240]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys;c:\windows\SYSNATIVE\DRIVERS\acpials.sys [x]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]
R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]
R3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys;c:\windows\SYSNATIVE\DRIVERS\sxuptp.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20130715.001\BHDrvx64.sys [x]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130905.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20130905.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1404000.028\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1404000.028\SYMNETS.SYS [x]
S2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [x]
S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]
S2 Service Sendori;Service Sendori;c:\program files (x86)\Sendori\Sendori.Service.exe;c:\program files (x86)\Sendori\Sendori.Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 sndappv2;sndappv2;c:\program files (x86)\Sendori\sndappv2.exe;c:\program files (x86)\Sendori\sndappv2.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 stdriver;Sound tap driver Upper Class Filter Driver v2.0.0.0;c:\windows\system32\DRIVERS\stdriver64.sys;c:\windows\SYSNATIVE\DRIVERS\stdriver64.sys [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys;c:\windows\SYSNATIVE\DRIVERS\WDKMD.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-09-06 03:45 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-29 01:39]
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000Core.job
- c:\users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 05:38]
.
2013-09-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2065017107-1862159159-1119248885-1000UA.job
- c:\users\greg\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-20 05:38]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 03:44]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 03:44]
.
2013-09-08 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\Communicator.exe [2013-07-10 01:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-22 10134560]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-22 896032]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-06-08 1441792]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSND&bmod=TSND
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;192.168.*.*
uSearchAssistant = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B3E5BA79-5EA3-4D14-BE93-07DA11104C6D}\2656C6B696E6E2936636E2537484A7: NameServer = 192.168.2.1
TCP: Interfaces\{CB645FB5-A4E0-4118-9DD0-51A37745DA27}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Bing
FF - ExtSQL: 2013-07-14 19:23; {8E9E3331-D360-4f87-8803-52DE43566502}; c:\program files\Updater By SweetPacks\Firefox
FF - ExtSQL: 2013-08-17 22:53; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-09-05 13:36; {fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}; c:\users\greg\AppData\Roaming\Mozilla\Firefox\Profiles\ceel6426.default\extensions\{fe02a3ef-6cd5-4dc6-8cf4-f3bcac60bc7c}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Best Buy pc app - c:\programdata\{FBF3739B-717D-4429-BCEB-98D514E65F29}\Best Buy pc app Setup.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files (x86)\Coupons\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.4.0.40\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-09-08  00:33:45
ComboFix-quarantined-files.txt  2013-09-08 06:33
ComboFix2.txt  2013-09-08 00:40
.
Pre-Run: 361,111,904,256 bytes free
Post-Run: 361,014,628,352 bytes free
.
- - End Of File - - 2A6AA1D3021B47A365385EF38F2BA620


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 08 September 2013 - 09:20 PM


Hello

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)
  • Programs to remove

    • Adobe Reader 9.5.3
      Coupon Printer for Windows
      IB Updater 2.0.0.574
      IB Updater Service
      Internet Explorer Toolbar 4.7 by SweetPacks
      Java 7 Update 11 (64-bit)



Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe reader
  • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
    • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. default settings are fine
    • Click Run Cleaner.
    • Close CCleaner.
Run Malwarebytes

Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



Download HijackThis
  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic
"information and logs"
  • In your next post I need the following
    • Log From MBAM
    • report from Hijackthis
    • let me know of any problems you may have had
    • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gbayless

gbayless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 09 September 2013 - 01:27 AM

MBAM log

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.09.09.02
 
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
greg :: GREG-PC [administrator]
 
9/9/2013 12:09:03 AM
MBAM-log-2013-09-09 (00-14-03).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 246913
Time elapsed: 4 minute(s), 6 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceTheme) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceTheme) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceTheme) -> No action taken.
HKLM\SOFTWARE\PCFixSpeed (PUP.Optional.PCFixSpeed) -> No action taken.
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 6
C:\Users\greg\Downloads\Firefox_setup.exe (PUP.Optional.IBryte) -> No action taken.
C:\Users\greg\Downloads\MediaUpdater__2577_i40552624_il561391.exe (PUP.Optional.Amonetize) -> No action taken.
C:\Users\greg\Downloads\MediaUpdater__2577_i40552694_il561391.exe (PUP.Optional.Amonetize) -> No action taken.
C:\Users\greg\Downloads\Setup (1).exe (PUP.Optional.IBryte.A) -> No action taken.
C:\Users\greg\Downloads\Setup.exe (PUP.Optional.Solimba) -> No action taken.
C:\Users\greg\Downloads\xvidly_setup.exe (PUP.Downware) -> No action taken.
 
(end)
 

 

 

 

 

 

 

hijack this log

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:24:14 AM, on 9/9/2013
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Users\greg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\greg\Downloads\HijackThis.exe
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - Startup: Facebook Messenger.lnk = greg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB645FB5-A4E0-4118-9DD0-51A37745DA27}: NameServer = 192.168.2.1
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Application Sendori - Sendori, Inc. - C:\Program Files (x86)\Sendori\SendoriSvc.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Service Sendori - sendori - C:\Program Files (x86)\Sendori\Sendori.Service.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: sndappv2 - Sendori - C:\Program Files (x86)\Sendori\sndappv2.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
 
--
End of file - 11766 bytes
 

 

 

not sure how its running, whether better or not. Also couldnt find IB Updater 2.0.0.574

IB Updater Service

in either the computer uninstall, nor in revo



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:06 PM

Posted 09 September 2013 - 08:50 PM


Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
      O4 - HKLM\..\Run: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
      O4 - HKLM\..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - Startup: Facebook Messenger.lnk = greg\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
      O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
When the scan is complete
  • If no threats were found
    • put a checkmark in "Uninstall application on close"
    • close program
    • report to me that nothing was found
  • If threats were found
    • click on "list of threats found"
    • click on "export to text file" and save it as ESET SCAN and save to the desktop
    • Click on back
    • put a checkmark in "Uninstall application on close"
    • click on finish
    • close program
    • copy and paste the report here
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gbayless

gbayless
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:04:06 PM

Posted 09 September 2013 - 11:28 PM

here is the log

C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\IB Updater\Extension32.dll.vir a variant of Win32/Toolbar.Perion.A application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\IB Updater\ExtensionUpdaterService.exe.vir a variant of Win32/Toolbar.BitCocktail.B application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\IB Updater\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.D application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js.vir Win32/Toolbar.Perion.E application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\IB Updater\resources\localscript.js.vir Win32/Toolbar.Perion.E application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\Extension32.dll.vir a variant of Win32/Toolbar.Perion.A application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\ExtensionUpdaterService.exe.vir a variant of Win32/Toolbar.BitCocktail.B application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files\Updater By SweetPacks\InstallerHelper.dll.vir a variant of Win32/Toolbar.BitCocktail.A application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\ButtonUtil.dll.vir a variant of Win32/Toolbar.CrossRider.G application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe.vir a variant of Win32/Toolbar.CrossRider.E application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.dll.vir a variant of Win32/Toolbar.CrossRider.A application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe.vir a variant of Win32/Toolbar.CrossRider.E application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe.vir a variant of Win32/Toolbar.CrossRider.F application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\windows\SysWOW64\ARFC\wrtc.exe.vir a variant of Win32/Toolbar.Perion.G application
C:\Users\greg\Documents\Malware, Antivirus, cache cleaner etc\ADwcleaner\AdwCleaner\Quarantine\C\windows\SysWOW64\WNLT\Installation\WSSetup.exe.vir multiple threats
 

 

 

also. if you have a link to a 64 bit version of java that would be lovely. It is needed for optimal performance on some of the games i have if you wouldn't mind. Again thanks for you help






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users