Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit infection


  • This topic is locked This topic is locked
15 replies to this topic

#1 PSL649

PSL649

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 21 April 2014 - 04:00 PM

Hi,

 

I am having trouble with my Toshiba Satellite P775. I have already did a Cure on Rootkit:Win32.Backboot.gen  that TDSSkiller found per Kaspersky's malware forum.  I am also having no luck with trying to get into the BIOS and have consulted with Toshiba to try and work around this....we had no luck.  I have been able to boot into safe mode but this takes a long time, while booting the drivers it stops at HAL.sys.  I was able to boot HIRENS and nothing wil run due to no network connection.  I was able to get GMER to load and ran a scan and saved the output, I did not try to fix anything.  I have seen a thread on something that resembles my current problem, nut want to post to make sure.

 

Thanks for all your help

 

This is the link that I found that matched my problem:

http://www.bleepingcomputer.com/forums/t/395047/windows-7-x64-will-not-start-startup-repair-cidll-bsod/


Edited by PSL649, 21 April 2014 - 09:18 PM.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 22 April 2014 - 05:29 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 PSL649

PSL649
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 22 April 2014 - 09:29 AM

Hi Marius,

 

I ran the program with no problems, here is the output

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014

Ran by SYSTEM on MININT-1GAODOA on 22-04-2014 10:21:34
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [DelayTSS] => C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-04-13] (Webroot)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2357984 2014-02-20] (Microsoft Corp.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Elliott\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\Elliott\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-25] (Google Inc.)
HKU\Elliott\...\Policies\system: [DisableCMD] 0
HKU\Elliott\...\Policies\system: [NoDispAppearancePage] 0
HKU\Elliott\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Elliott\...\Policies\system: [NoDispSettingsPage] 0
HKU\Elliott\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Elliott\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Elliott\...\Policies\Explorer: [NoControlPanel] 0
HKU\Elliott\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Elliott\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Elliott\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Elliott\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Elliott\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Elliott\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Elliott\...\Policies\Explorer: [NoFind] 0
HKU\Elliott\...\Policies\Explorer: [NoFile] 0
HKU\Elliott\...\Policies\Explorer: [HideClock] 0
HKU\Elliott\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Elliott\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Elliott\...\Policies\Explorer: [NoSetFolders] 0
HKU\Elliott\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Elliott\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Elliott\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Elliott\...\Policies\Explorer: [NoDFSTab] 0
HKU\Elliott\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Elliott\...\Policies\Explorer: [NoLogoff] 0
HKU\Elliott\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Elliott\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Elliott\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Elliott\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Elliott\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Elliott\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Elliott\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-11-04] ()
AppInit_DLLs:  C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll [210448 2014-02-03] (Aztec Media Inc)
AppInit_DLLs:  C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll => C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll [23568 2014-02-06] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
AppInit_DLLs-x32:  C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll.dll [182800 2014-02-03] (Aztec Media Inc)
AppInit_DLLs-x32:  C:\PROGRA~2\SETTIN~1\systemk\syskldr.dll => C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll [19984 2014-02-06] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll [485904 2014-02-06] ()
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll [658960 2014-02-06] ()
 
==================== Services (Whitelisted) =================
 
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [118632 2012-09-26] (Sendori, Inc.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173280 2014-02-20] (Microsoft Corp.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
S2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
S2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [15208 2012-09-26] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3569512 2012-09-26] (Sendori)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-04-13] (Webroot)
S2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 70087959; No ImagePath
S3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [1387608 2013-03-21] (Symantec Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-11] (Brother Industries Ltd.)
S3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-04-03] (Symantec Corporation)
S3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130405.001\IDSvia64.sys [513184 2013-04-02] (Symantec Corporation)
S3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130406.008\ENG64.SYS [126192 2013-04-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130406.008\EX64.SYS [2087664 2013-04-03] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
S3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
S3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
S3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-25] (Symantec Corporation)
S3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
S3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-04-13] (Webroot)
S0 SR; 
S2 srservice; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-22 10:21 - 2014-04-22 10:21 - 00000000 ____D () C:\FRST
2014-04-21 10:50 - 2014-04-21 10:50 - 00000036 _____ () C:\Users\Elliott\AppData\Local\housecall.guid.cache
2014-04-21 10:49 - 2014-04-21 10:49 - 00000000 ____D () C:\ProgramData\PC Tools
2014-04-21 10:12 - 2014-04-21 10:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-04-21 10:12 - 2014-04-21 10:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-04-21 10:05 - 2014-04-21 10:05 - 00012136 _____ () C:\Users\Administrator\Desktop\20140421diagtest
2014-04-21 09:29 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2014-04-21 09:29 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-21 09:29 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-21 09:29 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2014-04-21 09:29 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2014-04-21 09:29 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2014-04-21 09:29 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-04-21 09:29 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\System32\rdvidcrl.dll
2014-04-21 09:29 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-04-21 09:29 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-04-21 09:29 - 2013-10-01 16:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2014-04-21 09:29 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2014-04-21 09:29 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-21 09:29 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2014-04-21 09:29 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-21 09:29 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-04-21 09:29 - 2013-10-01 12:57 - 06578176 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2014-04-21 09:29 - 2013-10-01 12:55 - 05698048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-21 09:28 - 2014-03-06 02:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-04-21 09:28 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-04-21 09:28 - 2014-03-06 01:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-04-21 09:28 - 2014-03-06 01:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-21 09:28 - 2014-03-06 00:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-04-21 09:28 - 2014-03-06 00:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-04-21 09:28 - 2014-03-06 00:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-04-21 09:28 - 2014-03-06 00:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-04-21 09:28 - 2014-03-06 00:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-04-21 09:28 - 2014-03-06 00:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-04-21 09:28 - 2014-03-06 00:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-21 09:28 - 2014-03-06 00:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-04-21 09:28 - 2014-03-06 00:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-04-21 09:28 - 2014-03-06 00:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-04-21 09:28 - 2014-03-06 00:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-04-21 09:28 - 2014-03-06 00:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-04-21 09:28 - 2014-03-06 00:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-04-21 09:28 - 2014-03-06 00:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-04-21 09:28 - 2014-03-06 00:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-04-21 09:28 - 2014-03-06 00:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 09:28 - 2014-03-06 00:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 09:28 - 2014-03-06 00:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-21 09:28 - 2014-03-05 23:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-04-21 09:28 - 2014-03-05 23:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-04-21 09:28 - 2014-03-05 23:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 09:28 - 2014-03-05 23:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 09:28 - 2014-03-05 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-21 09:28 - 2014-03-05 23:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-21 09:28 - 2014-03-05 23:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-04-21 09:28 - 2014-03-05 23:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-21 09:28 - 2014-03-05 23:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-21 09:28 - 2014-03-05 23:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 09:28 - 2014-03-05 23:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 09:28 - 2014-03-05 23:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-04-21 09:28 - 2014-03-05 23:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 09:28 - 2014-03-05 23:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-04-21 09:28 - 2014-03-05 23:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-21 09:28 - 2014-03-05 23:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 09:28 - 2014-03-05 22:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-04-21 09:28 - 2014-03-05 22:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 09:28 - 2014-03-05 22:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 09:28 - 2014-03-05 22:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 09:28 - 2014-03-05 22:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-04-21 09:28 - 2014-03-05 21:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-04-21 09:28 - 2014-03-05 21:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-04-21 09:28 - 2014-03-05 21:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 09:28 - 2014-03-05 21:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 09:28 - 2014-03-05 21:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 09:27 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2014-04-21 09:27 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2014-04-21 09:27 - 2012-08-23 06:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2014-04-21 09:27 - 2012-08-23 05:24 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-04-21 09:27 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-04-21 09:27 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2014-04-21 09:27 - 2012-08-23 01:51 - 03174912 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2014-04-21 09:23 - 2014-04-21 09:23 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-21 09:23 - 2014-03-30 23:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-04-21 09:22 - 2013-09-24 18:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2014-04-21 09:22 - 2013-09-24 17:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-21 09:22 - 2012-05-04 03:00 - 00366592 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2014-04-21 09:22 - 2012-05-04 01:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-04-21 09:18 - 2014-04-21 09:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Toshiba
2014-04-21 09:17 - 2014-04-22 06:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-04-21 09:17 - 2014-04-21 09:17 - 00070464 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-21 09:17 - 2014-04-21 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SteelSeries
2014-04-21 09:17 - 2014-04-21 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-04-21 09:16 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 09:16 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 09:16 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TOSHIBA
2014-04-21 09:14 - 2014-04-21 09:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-21 08:42 - 2014-04-21 08:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-04-21 08:12 - 2014-04-21 09:16 - 00000000 ____D () C:\users\Administrator
2014-04-21 08:12 - 2014-04-21 08:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-21 08:12 - 2012-04-01 18:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-04-21 08:12 - 2011-11-24 19:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-21 08:09 - 2014-04-21 08:09 - 00000000 ____D () C:\lptmp24088
2014-04-21 08:06 - 2014-04-21 08:06 - 00003720 _____ () C:\Windows\brndlog.bak
2014-04-21 08:04 - 2014-04-21 08:04 - 00000789 _____ () C:\Windows\SysWOW64\debug.log
2014-04-21 07:39 - 2014-04-21 07:39 - 00070464 _____ () C:\GDIPFONTCACHEV1.DAT
2014-04-21 05:29 - 2014-04-21 05:29 - 00262144 _____ () C:\Windows\Minidump\042114-31387-01.dmp
2014-04-20 07:04 - 2014-04-20 07:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-20 07:03 - 2014-04-20 07:03 - 00271760 _____ () C:\Windows\Minidump\042014-18782-01.dmp
2014-04-19 12:35 - 2014-04-19 12:35 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\Malwarebytes
2014-04-19 12:35 - 2014-04-19 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 12:35 - 2012-09-29 10:54 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbam.sys
2014-04-19 12:14 - 2014-04-19 12:14 - 00262144 _____ () C:\Windows\Minidump\041914-32822-01.dmp
2014-04-19 01:39 - 2014-04-19 05:29 - 00000104 ____N () C:\AOSS.log
2014-04-09 13:58 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2014-04-09 13:58 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2014-04-09 13:58 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2014-04-09 13:58 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2014-04-09 13:58 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2014-04-09 13:58 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 13:58 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 13:58 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 13:58 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 13:58 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 13:58 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 13:58 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msiscsi.sys
2014-04-09 13:58 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys
2014-04-09 13:58 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Diskdump.sys
2014-04-09 13:58 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\iologmsg.dll
2014-04-09 13:58 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 13:58 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2014-04-08 17:40 - 2014-04-16 12:17 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\TS3Client
2014-04-08 17:39 - 2014-04-08 17:40 - 00001177 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-04-08 17:39 - 2014-04-08 17:40 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-04-08 17:36 - 2014-04-08 17:39 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Elliott\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-04-01 02:03 - 2014-04-01 02:03 - 00000000 ___RD () C:\Users\Elliott\AppData\Roaming\Brother
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\vlc
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\ProgramData\PureLeads
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\Program Files (x86)\PureLeads
2014-03-29 10:46 - 2014-01-23 15:12 - 00354592 _____ (Sendori) C:\Windows\SysWOW64\plsapp.dll
2014-03-29 10:46 - 2013-11-13 19:41 - 00439296 _____ (Sendori) C:\Windows\System32\plsapp64.dll
2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\OpenCandy
2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Program Files (x86)\Vidplaya
2014-03-29 09:24 - 2014-03-29 09:25 - 06373376 _____ () C:\Users\Elliott\Desktop\hamachi.msi
2014-03-25 14:08 - 2014-03-25 14:08 - 00000222 _____ () C:\Users\Elliott\Desktop\7 Days to Die.url
 
==================== One Month Modified Files and Folders =======
 
2014-04-22 10:21 - 2014-04-22 10:21 - 00000000 ____D () C:\FRST
2014-04-22 06:11 - 2012-01-25 21:36 - 01949004 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 06:11 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 06:11 - 2009-07-13 20:45 - 00025120 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 06:09 - 2009-07-13 21:13 - 00782010 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-04-22 06:07 - 2014-04-21 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-04-22 06:07 - 2012-01-25 21:54 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 06:04 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 06:04 - 2009-07-13 20:51 - 00077643 _____ () C:\Windows\setupact.log
2014-04-21 10:52 - 2013-04-05 11:01 - 00000000 ____D () C:\Users\Elliott\AppData\Local\NPE
2014-04-21 10:51 - 2012-03-18 10:55 - 00000000 ____D () C:\ProgramData\WRData
2014-04-21 10:50 - 2014-04-21 10:50 - 00000036 _____ () C:\Users\Elliott\AppData\Local\housecall.guid.cache
2014-04-21 10:49 - 2014-04-21 10:49 - 00000000 ____D () C:\ProgramData\PC Tools
2014-04-21 10:44 - 2012-10-30 09:49 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\Skype
2014-04-21 10:44 - 2012-03-20 17:13 - 00000000 ____D () C:\Users\Elliott\AppData\Local\Deployment
2014-04-21 10:42 - 2014-03-20 16:07 - 00000000 ____D () C:\Users\Elliott\AppData\Local\LogMeIn Hamachi
2014-04-21 10:42 - 2012-01-25 21:54 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 10:21 - 2012-12-26 06:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 10:12 - 2014-04-21 10:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-04-21 10:12 - 2014-04-21 10:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-04-21 10:05 - 2014-04-21 10:05 - 00012136 _____ () C:\Users\Administrator\Desktop\20140421diagtest
2014-04-21 09:48 - 2014-04-21 09:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Toshiba
2014-04-21 09:39 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 09:27 - 2011-11-24 19:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-21 09:25 - 2014-04-21 09:23 - 00000000 ____D () C:\Windows\System32\MRT
2014-04-21 09:17 - 2014-04-21 09:17 - 00070464 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-21 09:17 - 2014-04-21 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SteelSeries
2014-04-21 09:17 - 2014-04-21 09:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-04-21 09:16 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 09:16 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 09:16 - 2014-04-21 09:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TOSHIBA
2014-04-21 09:16 - 2014-04-21 08:12 - 00000000 ____D () C:\users\Administrator
2014-04-21 09:16 - 2009-07-13 21:08 - 00032600 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-21 09:15 - 2010-11-20 19:47 - 00127950 _____ () C:\Windows\PFRO.log
2014-04-21 09:14 - 2014-04-21 09:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-21 08:42 - 2014-04-21 08:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-04-21 08:12 - 2014-04-21 08:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-21 08:09 - 2014-04-21 08:09 - 00000000 ____D () C:\lptmp24088
2014-04-21 08:06 - 2014-04-21 08:06 - 00003720 _____ () C:\Windows\brndlog.bak
2014-04-21 08:04 - 2014-04-21 08:04 - 00000789 _____ () C:\Windows\SysWOW64\debug.log
2014-04-21 07:39 - 2014-04-21 07:39 - 00070464 _____ () C:\GDIPFONTCACHEV1.DAT
2014-04-21 05:46 - 2013-04-07 07:29 - 00000000 ____D () C:\Users\Elliott\AppData\Local\CrashDumps
2014-04-21 05:45 - 2012-03-18 09:33 - 00000000 ____D () C:\Users\Elliott\AppData\Local\Google
2014-04-21 05:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2014-04-21 05:29 - 2014-04-21 05:29 - 00262144 _____ () C:\Windows\Minidump\042114-31387-01.dmp
2014-04-21 05:29 - 2014-03-16 16:19 - 620203904 _____ () C:\Windows\MEMORY.DMP
2014-04-21 05:29 - 2013-06-09 04:21 - 00000000 ____D () C:\Windows\Minidump
2014-04-20 07:04 - 2014-04-20 07:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-20 07:03 - 2014-04-20 07:03 - 00271760 _____ () C:\Windows\Minidump\042014-18782-01.dmp
2014-04-19 12:35 - 2014-04-19 12:35 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\Malwarebytes
2014-04-19 12:35 - 2014-04-19 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 12:14 - 2014-04-19 12:14 - 00262144 _____ () C:\Windows\Minidump\041914-32822-01.dmp
2014-04-19 09:18 - 2014-03-12 13:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-19 09:18 - 2013-07-30 10:59 - 00000000 ____D () C:\Users\Elliott\AppData\Local\Warframe
2014-04-19 09:18 - 2012-11-18 16:17 - 00000000 ____D () C:\Users\Elliott\AppData\Local\lptmp937191061
2014-04-19 09:18 - 2012-03-18 10:57 - 00000000 ____D () C:\Program Files\Webroot
2014-04-19 09:18 - 2012-01-25 21:51 - 00000000 ____D () C:\ProgramData\Norton
2014-04-19 09:18 - 2010-11-20 23:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-19 09:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-04-19 05:29 - 2014-04-19 01:39 - 00000104 ____N () C:\AOSS.log
2014-04-19 05:20 - 2012-03-18 09:25 - 00000000 ____D () C:\users\Elliott
2014-04-16 12:17 - 2014-04-08 17:40 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\TS3Client
2014-04-13 08:28 - 2012-03-18 10:57 - 00152744 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2014-04-13 08:28 - 2012-03-18 10:57 - 00114176 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2014-04-13 08:28 - 2012-03-18 10:57 - 00103816 _____ (Webroot) C:\Windows\System32\WRusr.dll
2014-04-09 18:37 - 2012-04-01 13:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 17:40 - 2014-04-08 17:39 - 00001177 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-04-08 17:40 - 2014-04-08 17:39 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-04-08 17:39 - 2014-04-08 17:36 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Elliott\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-04-04 13:29 - 2012-01-25 21:54 - 00003908 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 13:29 - 2012-01-25 21:54 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 02:03 - 2014-04-01 02:03 - 00000000 ___RD () C:\Users\Elliott\AppData\Roaming\Brother
2014-03-31 05:35 - 2010-11-20 19:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-03-30 23:51 - 2014-04-21 09:23 - 90655440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\vlc
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\ProgramData\PureLeads
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\Program Files (x86)\PureLeads
2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\OpenCandy
2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Program Files (x86)\Vidplaya
2014-03-29 09:25 - 2014-03-29 09:24 - 06373376 _____ () C:\Users\Elliott\Desktop\hamachi.msi
2014-03-25 14:08 - 2014-03-25 14:08 - 00000222 _____ () C:\Users\Elliott\Desktop\7 Days to Die.url
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\B0936C1D-881E-436F-96B6-F5B2B3C4E115.exe
C:\Users\Elliott\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Elliott\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Elliott\AppData\Local\Temp\Delta.exe
C:\Users\Elliott\AppData\Local\Temp\DeltaTB.exe
C:\Users\Elliott\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Elliott\AppData\Local\Temp\ose00000.exe
C:\Users\Elliott\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Elliott\AppData\Local\Temp\SIntf16.dll
C:\Users\Elliott\AppData\Local\Temp\SIntf32.dll
C:\Users\Elliott\AppData\Local\Temp\SIntfNT.dll
C:\Users\Elliott\AppData\Local\Temp\SpOrder.dll
C:\Users\Elliott\AppData\Local\Temp\WDH.exe
C:\Users\Elliott\AppData\Local\Temp\WSSetup.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
Restore point made on: 2014-03-25 13:01:35
Restore point made on: 2014-03-25 16:21:43
Restore point made on: 2014-03-28 14:25:48
Restore point made on: 2014-04-01 13:12:54
Restore point made on: 2014-04-04 13:33:19
Restore point made on: 2014-04-09 13:59:20
Restore point made on: 2014-04-09 18:36:00
Restore point made on: 2014-04-15 07:48:49
Restore point made on: 2014-04-21 09:23:19
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 6051.76 MB
Available physical RAM: 5387.22 MB
Total Pagefile: 6049.96 MB
Available Pagefile: 5378.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB
 
==================== Drives ================================
 
Drive c: (TI106348W0B) (Fixed) (Total:682.03 GB) (Free:528.79 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive f: () (Fixed) (Total:14.9 GB) (Free:14.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 854931EA)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 29D9C0BD)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
 
 
LastRegBack: 2014-03-23 07:30
 
==================== End Of Log ============================


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 22 April 2014 - 09:45 AM

Fix with FRST (Recovery Environment)


  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)
    AppInit_DLLs:  C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll [210448 2014-02-03] (Aztec Media Inc)
    AppInit_DLLs:  C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll => C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll [23568 2014-02-06] ()
    AppInit_DLLs-x32:  C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll.dll [182800 2014-02-03] (Aztec Media Inc)
    AppInit_DLLs-x32:  C:\PROGRA~2\SETTIN~1\systemk\syskldr.dll => C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll [19984 2014-02-06] ()
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browsemngr.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browsermngr.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
    IFEO\delta babylon.exe: [Debugger] tasklist.exe
    IFEO\delta tb.exe: [Debugger] tasklist.exe
    IFEO\delta2.exe: [Debugger] tasklist.exe
    IFEO\deltainstaller.exe: [Debugger] tasklist.exe
    IFEO\deltasetup.exe: [Debugger] tasklist.exe
    IFEO\deltatb.exe: [Debugger] tasklist.exe
    IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\iminentsetup.exe: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
    IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    
    S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
    S2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
    S2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
    S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [15208 2012-09-26] (sendori)
    S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3569512 2012-09-26] (Sendori)
    S2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [X]
    S3 70087959; No ImagePath
    
    C:\Program Files (x86)\Linkey
    C:\Program Files (x86)\Settings Manager
    C:\Program Files (x86)\Sendori
    C:\Program Files (x86)\Wajam
    2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\ProgramData\PureLeads
    2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\Program Files (x86)\PureLeads
    2014-03-29 10:46 - 2014-01-23 15:12 - 00354592 _____ (Sendori) C:\Windows\SysWOW64\plsapp.dll
    2014-03-29 10:46 - 2013-11-13 19:41 - 00439296 _____ (Sendori) C:\Windows\System32\plsapp64.dll
    2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\OpenCandy
    2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Program Files (x86)\Vidplaya

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Now please enter System Recovery Options again.

  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

 

When finished, boot into windows.

 

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Also, please upload the ark.txt by GMER.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 PSL649

PSL649
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 22 April 2014 - 10:29 AM

Hi Marius,

 

Here is the GMER log:

 

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2014-04-21 16:36:54
Windows 5.1.2600 
Running: G-MER.exe; Driver: B:\Temp\kwtdypog.sys
 
 
---- System - GMER 1.0.15 ----
 
INT 0x01        \SystemRoot\system32\drivers\dummy.sys  F7A657C0
INT 0x03        \SystemRoot\system32\drivers\dummy.sys  F7A657E0
INT 0x1F        \I386\SYSTEM32\HALAACPI.DLL             80A18FD0
INT 0x37        \I386\SYSTEM32\HALAACPI.DLL             80A18728
INT 0x3D        \I386\SYSTEM32\HALAACPI.DLL             80A19B70
INT 0x41        \I386\SYSTEM32\HALAACPI.DLL             80A199CC
INT 0x50        \I386\SYSTEM32\HALAACPI.DLL             80A18800
INT 0xC1        \I386\SYSTEM32\HALAACPI.DLL             80A18984
INT 0xD1        \I386\SYSTEM32\HALAACPI.DLL             80A17D34
INT 0xE1        \I386\SYSTEM32\HALAACPI.DLL             80A18F0C
INT 0xE3        \I386\SYSTEM32\HALAACPI.DLL             80A18C70
INT 0xFD        \I386\SYSTEM32\HALAACPI.DLL             80A19464
INT 0xFE        \I386\SYSTEM32\HALAACPI.DLL             80A19604
 
---- Kernel code sections - GMER 1.0.15 ----
 
?               \I386\SYSTEM32\NTKRNLMP.EXE             kernel module suspicious modification
?               \I386\SYSTEM32\NTKRNLMP.EXE             The system cannot find the file specified. !
 
---- Devices - GMER 1.0.15 ----
 
AttachedDevice  \FileSystem\Ntfs \Ntfs                  dc_fsf.sys
 
Device          \Driver\ACPI_HAL \Device\0000000b       HALAACPI.DLL
 
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume1  dcrypt.sys
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume1  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume1  hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume2  dcrypt.sys
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume2  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume2  hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume3  dcrypt.sys
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume3  snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice  \Driver\ftdisk \Device\HarddiskVolume3  hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)
AttachedDevice  \FileSystem\Fastfat \Fat                dc_fsf.sys
AttachedDevice  \FileSystem\Fastfat \Fat                fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
 
---- Threads - GMER 1.0.15 ----
 
Thread          System [4:148]                          BB33E096
 
---- EOF - GMER 1.0.15 ----


#6 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 22 April 2014 - 10:38 AM

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#7 PSL649

PSL649
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 22 April 2014 - 11:03 AM

Hi Marius,

 

I still have no internet connection,  When I try to turn on the WiFi using the button at the top nothing happens. I used the FRST64 program that I used in the Repair environment.  The tests ran fine and here are the 3 logs that were produced:

 

FIXLOG

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014

Ran by SYSTEM at 2014-04-22 11:33:38 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
HKLM-x32\...\Run: [PureLeads Tray] => C:\Program Files (x86)\PureLeads\PureLeadsTray.exe [83232 2014-01-23] (PureLeads)
AppInit_DLLs:  C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll64.dll [210448 2014-02-03] (Aztec Media Inc)
AppInit_DLLs:  C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll => C:\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll [23568 2014-02-06] ()
AppInit_DLLs-x32:  C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll => C:\Program Files (x86)\Linkey\IEExtension\iedll.dll [182800 2014-02-03] (Aztec Media Inc)
AppInit_DLLs-x32:  C:\PROGRA~2\SETTIN~1\systemk\syskldr.dll => C:\Program Files (x86)\Settings Manager\systemk\syskldr.dll [19984 2014-02-06] ()
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browsemngr.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browsermngr.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\bundlesweetimsetup.exe: [Debugger] tasklist.exe
IFEO\cltmngsvc.exe: [Debugger] tasklist.exe
IFEO\delta babylon.exe: [Debugger] tasklist.exe
IFEO\delta tb.exe: [Debugger] tasklist.exe
IFEO\delta2.exe: [Debugger] tasklist.exe
IFEO\deltainstaller.exe: [Debugger] tasklist.exe
IFEO\deltasetup.exe: [Debugger] tasklist.exe
IFEO\deltatb.exe: [Debugger] tasklist.exe
IFEO\deltatb_2501-c733154b.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\iminentsetup.exe: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\rjatydimofu.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\sweetimsetup.exe: [Debugger] tasklist.exe
IFEO\tbdelta.exetoolbar783881609.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
 
S2 plsapp; C:\Program Files (x86)\PureLeads\plsapp.exe [3690784 2014-01-23] (Sendori)
S2 PlsvcV1; C:\Program Files (x86)\PureLeads\PureLeadsSvc.exe [91936 2014-01-23] (PureLeads)
S2 PlsvcV2; C:\Program Files (x86)\PureLeads\PureLeads.Service.exe [24352 2014-01-23] (sendori)
S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [15208 2012-09-26] (sendori)
S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3569512 2012-09-26] (Sendori)
S2 WajamUpdater; "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" [X]
S3 70087959; No ImagePath
 
C:\Program Files (x86)\Linkey
C:\Program Files (x86)\Settings Manager
C:\Program Files (x86)\Sendori
C:\Program Files (x86)\Wajam
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\ProgramData\PureLeads
2014-03-29 10:46 - 2014-03-29 10:46 - 00000000 ____D () C:\Program Files (x86)\PureLeads
2014-03-29 10:46 - 2014-01-23 15:12 - 00354592 _____ (Sendori) C:\Windows\SysWOW64\plsapp.dll
2014-03-29 10:46 - 2013-11-13 19:41 - 00439296 _____ (Sendori) C:\Windows\System32\plsapp64.dll
2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\OpenCandy
2014-03-29 10:41 - 2014-03-29 10:41 - 00000000 ____D () C:\Program Files (x86)\Vidplaya
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\PureLeads Tray => Value deleted successfully.
" C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll" => Value Data removed successfully.
" C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll" => Value Data removed successfully.
" C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll" => Value Data removed successfully.
" C:\PROGRA~2\SETTIN~1\systemk\syskldr.dll" => Value Data removed successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsemngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsermngr.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bundlesweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\cltmngsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta babylon.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta tb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\delta2.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltainstaller.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltasetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\deltatb_2501-c733154b.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\iminentsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\rjatydimofu.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\sweetimsetup.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\tbdelta.exetoolbar783881609.exe => Key deleted successfully.
HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe => Key deleted successfully.
plsapp => Service deleted successfully.
PlsvcV1 => Service deleted successfully.
PlsvcV2 => Service deleted successfully.
Service Sendori => Service deleted successfully.
sndappv2 => Service deleted successfully.
WajamUpdater => Service deleted successfully.
70087959 => Service deleted successfully.
C:\Program Files (x86)\Linkey => Moved successfully.
C:\Program Files (x86)\Settings Manager => Moved successfully.
C:\Program Files (x86)\Sendori => Moved successfully.
C:\Program Files (x86)\Wajam => Moved successfully.
C:\ProgramData\PureLeads => Moved successfully.
C:\Program Files (x86)\PureLeads => Moved successfully.
C:\Windows\SysWOW64\plsapp.dll => Moved successfully.
C:\Windows\System32\plsapp64.dll => Moved successfully.
C:\Users\Elliott\AppData\Roaming\OpenCandy => Moved successfully.
C:\Program Files (x86)\Vidplaya => Moved successfully.
 
==== End of Fixlog ====

 

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014

Ran by Elliott (administrator) on ELLIOTT-PC on 22-04-2014 11:49:37
Running from C:\Users\Elliott\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(SteelSeries) C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11780712 2011-03-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2189416 2011-03-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [DelayTSS] => C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe [2153328 2011-11-21] ()
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [763512 2014-04-13] (Webroot)
HKLM-x32\...\Run: [SteelSeries World of Warcraft MMO Gaming Mouse] => C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe [1651200 2011-08-18] (SteelSeries)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-04-15] (LogMeIn Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2357984 2014-02-20] (Microsoft Corp.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-01-26] (Google Inc.)
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2604800291-2597828391-1879029592-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
AppInit_DLLs: C:\PROGRA~3\Wincert\WIN64C~1.DLL => C:\ProgramData\Wincert\win64cert.dll [8704 2013-11-04] ()
AppInit_DLLs-x32: C:\PROGRA~3\Wincert\WIN32C~1.DLL => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
HKLM\...\AppCertDlls: [x86] -> C:\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll
HKLM\...\AppCertDlls: [x64] -> C:\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=293&src=hmp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
URLSearchHook: HKLM-x32 - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
URLSearchHook: HKCU - AOL Toolbar Search Class - {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
&tb_mrud=15-12-2012
 
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=293&src=ds&p={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL = 
&tb_mrud=15-12-2012
 
BHO: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll (Webroot)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
BHO-x32: Linkey - {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - C:\PROGRA~2\Linkey\IEEXTE~1\iedll.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll No File
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll ()
BHO-x32: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll (Webroot)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll ()
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog9-x64 01 C:\windows\system32\plsapp64.dll File Not found ()
Winsock: Catalog9-x64 02 C:\windows\system32\plsapp64.dll File Not found ()
Winsock: Catalog9-x64 03 C:\windows\system32\plsapp64.dll File Not found ()
Winsock: Catalog9-x64 04 C:\windows\system32\plsapp64.dll File Not found ()
Winsock: Catalog9-x64 15 C:\windows\system32\plsapp64.dll File Not found ()
Tcpip\..\Interfaces\{83F744EC-7623-4265-B5CE-24D20EABE3E9}: [NameServer]207.69.188.185,207.69.188.186,68.237.161.12
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ []
 
Chrome: 
=======
CHR HomePage: hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=293&src=hmp
CHR StartupUrls: "hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=293&src=hmp"
CHR DefaultSearchKeyword: ask.com
CHR DefaultSearchProvider: default-search.net
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.250.6) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U25) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-08]
CHR Extension: (Google Drive) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-08]
CHR Extension: (YouTube) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-08]
CHR Extension: (Google Search) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-08]
CHR Extension: (Wajam) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-06-08]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2014-01-31]
CHR Extension: (Norton Identity Protection) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-06-08]
CHR Extension: (Google Wallet) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Webroot) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2013-06-08]
CHR Extension: (Gmail) - C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-08]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Elliott\AppData\Local\Wajam\Chrome\wajam.crx [2012-10-05]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - C:\ProgramData\WRData\PKG\CHROME\CHROME_1.0.0.26.crx [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\Extensions\Chrome.crx [2012-01-26]
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2012-11-18]
 
==================== Services (Whitelisted) =================
 
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173280 2014-02-20] (Microsoft Corp.)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-04-08] (LogMeIn, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [138760 2011-08-10] (Symantec Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [763512 2014-04-13] (Webroot)
S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [1387608 2013-03-22] (Symantec Corporation)
S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys [167048 2011-08-08] (Symantec Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-04-03] (Symantec Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130405.001\IDSvia64.sys [513184 2013-04-02] (Symantec Corporation)
S3 Mo3Fltr; C:\Windows\System32\drivers\Mo3Fltr.sys [12800 2010-08-11] ()
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130406.008\ENG64.SYS [126192 2013-04-03] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130406.008\EX64.SYS [2087664 2013-04-03] (Symantec Corporation)
S3 SRTSP; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSP64.SYS [729720 2011-08-02] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1301000.01C\SRTSPX64.SYS [37496 2011-08-02] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS [451192 2011-07-25] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS [1084536 2011-07-28] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-26] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS [189560 2011-07-25] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS [401016 2011-07-25] (Symantec Corporation)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [114176 2014-04-13] (Webroot)
U0 SR; 
U2 srservice; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-22 14:21 - 2014-04-22 11:49 - 00000000 ____D () C:\FRST
2014-04-22 11:49 - 2014-04-22 11:49 - 00035666 _____ () C:\Users\Elliott\Desktop\FRST.txt
2014-04-22 11:48 - 2014-04-22 10:09 - 02061312 _____ (Farbar) C:\Users\Elliott\Desktop\FRST64.exe
2014-04-22 11:39 - 2014-04-22 11:39 - 00000358 _____ () C:\TMachInfo.log
2014-04-21 14:50 - 2014-04-21 14:50 - 00000036 _____ () C:\Users\Elliott\AppData\Local\housecall.guid.cache
2014-04-21 14:49 - 2014-04-21 14:49 - 00000000 ____D () C:\ProgramData\PC Tools
2014-04-21 14:12 - 2014-04-21 14:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-04-21 14:12 - 2014-04-21 14:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-04-21 14:05 - 2014-04-21 14:05 - 00012136 _____ () C:\Users\Administrator\Desktop\20140421diagtest
2014-04-21 13:29 - 2013-10-01 22:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-04-21 13:29 - 2013-10-01 22:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-04-21 13:29 - 2013-10-01 22:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-04-21 13:29 - 2013-10-01 21:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-04-21 13:29 - 2013-10-01 21:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-04-21 13:29 - 2013-10-01 21:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-04-21 13:29 - 2013-10-01 21:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-04-21 13:29 - 2013-10-01 20:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-04-21 13:29 - 2013-10-01 20:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-04-21 13:29 - 2013-10-01 20:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-04-21 13:29 - 2013-10-01 20:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-04-21 13:29 - 2013-10-01 20:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-04-21 13:29 - 2013-10-01 19:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-04-21 13:29 - 2013-10-01 19:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-04-21 13:29 - 2013-10-01 19:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-04-21 13:29 - 2013-10-01 18:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-04-21 13:29 - 2013-10-01 16:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-04-21 13:29 - 2013-10-01 16:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-04-21 13:28 - 2014-03-06 06:21 - 23549440 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-21 13:28 - 2014-03-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-21 13:28 - 2014-03-06 05:31 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-04-21 13:28 - 2014-03-06 05:19 - 17387008 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-21 13:28 - 2014-03-06 04:59 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-04-21 13:28 - 2014-03-06 04:57 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-04-21 13:28 - 2014-03-06 04:57 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-04-21 13:28 - 2014-03-06 04:53 - 02767360 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-04-21 13:28 - 2014-03-06 04:40 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-04-21 13:28 - 2014-03-06 04:39 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-04-21 13:28 - 2014-03-06 04:32 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-21 13:28 - 2014-03-06 04:32 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-04-21 13:28 - 2014-03-06 04:29 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-04-21 13:28 - 2014-03-06 04:29 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-04-21 13:28 - 2014-03-06 04:28 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-04-21 13:28 - 2014-03-06 04:15 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-04-21 13:28 - 2014-03-06 04:11 - 05784064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-04-21 13:28 - 2014-03-06 04:09 - 00453120 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-04-21 13:28 - 2014-03-06 04:03 - 00586240 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-04-21 13:28 - 2014-03-06 04:02 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-04-21 13:28 - 2014-03-06 04:02 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-04-21 13:28 - 2014-03-06 04:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-04-21 13:28 - 2014-03-06 03:56 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 13:28 - 2014-03-06 03:48 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-04-21 13:28 - 2014-03-06 03:47 - 02178048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-04-21 13:28 - 2014-03-06 03:46 - 04254720 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-04-21 13:28 - 2014-03-06 03:46 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-04-21 13:28 - 2014-03-06 03:45 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-04-21 13:28 - 2014-03-06 03:42 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-04-21 13:28 - 2014-03-06 03:40 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-04-21 13:28 - 2014-03-06 03:38 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-04-21 13:28 - 2014-03-06 03:36 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-04-21 13:28 - 2014-03-06 03:22 - 00367616 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-04-21 13:28 - 2014-03-06 03:21 - 00628736 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-04-21 13:28 - 2014-03-06 03:13 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 13:28 - 2014-03-06 03:11 - 02043904 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-04-21 13:28 - 2014-03-06 03:07 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-04-21 13:28 - 2014-03-06 03:01 - 00244224 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-04-21 13:28 - 2014-03-06 02:53 - 13551104 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-04-21 13:28 - 2014-03-06 02:46 - 00524288 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-04-21 13:28 - 2014-03-06 02:40 - 01967104 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-04-21 13:28 - 2014-03-06 02:36 - 11745792 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-04-21 13:28 - 2014-03-06 02:22 - 02260480 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-04-21 13:28 - 2014-03-06 01:58 - 01400832 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-04-21 13:28 - 2014-03-06 01:50 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-04-21 13:28 - 2014-03-06 01:43 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-04-21 13:28 - 2014-03-06 01:41 - 01789440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-04-21 13:28 - 2014-03-06 01:36 - 01143808 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-04-21 13:27 - 2012-08-23 10:13 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-04-21 13:27 - 2012-08-23 10:10 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-04-21 13:27 - 2012-08-23 10:08 - 00030208 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbGD.sys
2014-04-21 13:27 - 2012-08-23 09:24 - 00015360 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-21 13:27 - 2012-08-23 07:12 - 00192000 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdpendp_winip.dll
2014-04-21 13:27 - 2012-08-23 06:51 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\rdpendp_winip.dll
2014-04-21 13:27 - 2012-08-23 05:51 - 03174912 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-04-21 13:23 - 2014-04-21 13:25 - 00000000 ____D () C:\windows\system32\MRT
2014-04-21 13:23 - 2014-03-31 03:51 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-04-21 13:22 - 2013-09-24 22:23 - 01030144 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-04-21 13:22 - 2013-09-24 21:57 - 00792576 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-04-21 13:22 - 2012-05-04 07:00 - 00366592 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-04-21 13:22 - 2012-05-04 05:59 - 00514560 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-04-21 13:18 - 2014-04-21 13:48 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Toshiba
2014-04-21 13:17 - 2014-04-22 10:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-04-21 13:17 - 2014-04-21 13:17 - 00070464 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-21 13:17 - 2014-04-21 13:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SteelSeries
2014-04-21 13:17 - 2014-04-21 13:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-04-21 13:16 - 2014-04-21 13:16 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TOSHIBA
2014-04-21 13:14 - 2014-04-21 13:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-21 12:42 - 2014-04-21 12:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-04-21 12:12 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Administrator
2014-04-21 12:12 - 2014-04-21 12:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-21 12:12 - 2012-04-01 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2014-04-21 12:12 - 2011-11-24 23:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2014-04-21 12:12 - 2009-07-14 00:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-21 12:12 - 2009-07-14 00:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-21 12:09 - 2014-04-21 12:09 - 00000000 ____D () C:\lptmp24088
2014-04-21 12:06 - 2014-04-21 12:06 - 00003720 _____ () C:\windows\brndlog.bak
2014-04-21 12:04 - 2014-04-21 12:04 - 00000789 _____ () C:\windows\SysWOW64\debug.log
2014-04-21 11:39 - 2014-04-21 11:39 - 00070464 _____ () C:\GDIPFONTCACHEV1.DAT
2014-04-21 09:29 - 2014-04-21 09:29 - 00262144 _____ () C:\windows\Minidump\042114-31387-01.dmp
2014-04-20 11:04 - 2014-04-20 11:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-20 11:03 - 2014-04-20 11:03 - 00271760 _____ () C:\windows\Minidump\042014-18782-01.dmp
2014-04-19 16:35 - 2014-04-19 16:35 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\Malwarebytes
2014-04-19 16:35 - 2014-04-19 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 16:35 - 2012-09-29 14:54 - 00025928 _____ (Malwarebytes Corporation) C:\windows\SysWOW64\Drivers\mbam.sys
2014-04-19 16:14 - 2014-04-19 16:14 - 00262144 _____ () C:\windows\Minidump\041914-32822-01.dmp
2014-04-19 05:39 - 2014-04-19 09:29 - 00000104 ____N () C:\AOSS.log
2014-04-09 17:58 - 2014-03-04 05:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-04-09 17:58 - 2014-03-04 05:44 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2014-04-09 17:58 - 2014-03-04 05:44 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2014-04-09 17:58 - 2014-03-04 05:44 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2014-04-09 17:58 - 2014-03-04 05:44 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2014-04-09 17:58 - 2014-03-04 05:17 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2014-04-09 17:58 - 2014-03-04 05:16 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-04-09 17:58 - 2014-03-04 05:16 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2014-04-09 17:58 - 2014-03-04 05:16 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2014-04-09 17:58 - 2014-03-04 04:09 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2014-04-09 17:58 - 2014-03-04 04:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2014-04-09 17:58 - 2014-02-03 22:35 - 00274880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-04-09 17:58 - 2014-02-03 22:35 - 00190912 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-04-09 17:58 - 2014-02-03 22:35 - 00027584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Diskdump.sys
2014-04-09 17:58 - 2014-02-03 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\iologmsg.dll
2014-04-09 17:58 - 2014-02-03 22:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\iologmsg.dll
2014-04-09 17:58 - 2014-01-23 22:37 - 01684928 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-04-08 21:40 - 2014-04-16 16:17 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\TS3Client
2014-04-08 21:39 - 2014-04-08 21:40 - 00001177 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-04-08 21:39 - 2014-04-08 21:40 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-04-08 21:36 - 2014-04-08 21:39 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Elliott\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-04-01 06:03 - 2014-04-01 06:03 - 00000000 ___RD () C:\Users\Elliott\AppData\Roaming\Brother
2014-03-29 14:46 - 2014-03-29 14:46 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\vlc
2014-03-29 13:24 - 2014-03-29 13:25 - 06373376 _____ () C:\Users\Elliott\Desktop\hamachi.msi
2014-03-25 18:08 - 2014-03-25 18:08 - 00000222 _____ () C:\Users\Elliott\Desktop\7 Days to Die.url
 
==================== One Month Modified Files and Folders =======
 
2014-04-22 11:49 - 2014-04-22 14:21 - 00000000 ____D () C:\FRST
2014-04-22 11:49 - 2014-04-22 11:49 - 00035666 _____ () C:\Users\Elliott\Desktop\FRST.txt
2014-04-22 11:47 - 2012-03-18 14:55 - 00000000 ____D () C:\ProgramData\WRData
2014-04-22 11:45 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 11:45 - 2009-07-14 00:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 11:40 - 2012-01-26 01:36 - 01950266 _____ () C:\windows\WindowsUpdate.log
2014-04-22 11:40 - 2009-07-14 01:13 - 00782010 _____ () C:\windows\system32\PerfStringBackup.INI
2014-04-22 11:40 - 2009-07-14 01:08 - 00032600 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-22 11:40 - 2009-07-14 01:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-04-22 11:39 - 2014-04-22 11:39 - 00000358 _____ () C:\TMachInfo.log
2014-04-22 11:39 - 2012-10-30 13:49 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\Skype
2014-04-22 11:38 - 2012-03-20 21:13 - 00000000 ____D () C:\Users\Elliott\AppData\Local\Deployment
2014-04-22 11:37 - 2014-03-20 20:07 - 00000000 ____D () C:\Users\Elliott\AppData\Local\LogMeIn Hamachi
2014-04-22 11:37 - 2009-07-14 00:51 - 00077699 _____ () C:\windows\setupact.log
2014-04-22 10:09 - 2014-04-22 11:48 - 02061312 _____ (Farbar) C:\Users\Elliott\Desktop\FRST64.exe
2014-04-22 10:07 - 2014-04-21 13:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn Hamachi
2014-04-22 10:07 - 2012-01-26 01:54 - 00000908 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 14:52 - 2013-04-05 15:01 - 00000000 ____D () C:\Users\Elliott\AppData\Local\NPE
2014-04-21 14:50 - 2014-04-21 14:50 - 00000036 _____ () C:\Users\Elliott\AppData\Local\housecall.guid.cache
2014-04-21 14:49 - 2014-04-21 14:49 - 00000000 ____D () C:\ProgramData\PC Tools
2014-04-21 14:42 - 2012-01-26 01:54 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 14:21 - 2012-12-26 10:08 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 14:12 - 2014-04-21 14:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2014-04-21 14:12 - 2014-04-21 14:12 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2014-04-21 14:05 - 2014-04-21 14:05 - 00012136 _____ () C:\Users\Administrator\Desktop\20140421diagtest
2014-04-21 13:48 - 2014-04-21 13:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Toshiba
2014-04-21 13:39 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-04-21 13:27 - 2011-11-24 23:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-21 13:25 - 2014-04-21 13:23 - 00000000 ____D () C:\windows\system32\MRT
2014-04-21 13:17 - 2014-04-21 13:17 - 00070464 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-21 13:17 - 2014-04-21 13:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\SteelSeries
2014-04-21 13:17 - 2014-04-21 13:17 - 00000000 ____D () C:\Users\Administrator\AppData\Local\LogMeIn
2014-04-21 13:16 - 2014-04-21 13:16 - 00001424 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2014-04-21 13:16 - 2014-04-21 13:16 - 00000000 ____D () C:\Users\Administrator\AppData\Local\TOSHIBA
2014-04-21 13:16 - 2014-04-21 12:12 - 00000000 ____D () C:\Users\Administrator
2014-04-21 13:15 - 2010-11-20 23:47 - 00127950 _____ () C:\windows\PFRO.log
2014-04-21 13:14 - 2014-04-21 13:14 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-21 12:42 - 2014-04-21 12:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel
2014-04-21 12:12 - 2014-04-21 12:12 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2014-04-21 12:09 - 2014-04-21 12:09 - 00000000 ____D () C:\lptmp24088
2014-04-21 12:06 - 2014-04-21 12:06 - 00003720 _____ () C:\windows\brndlog.bak
2014-04-21 12:04 - 2014-04-21 12:04 - 00000789 _____ () C:\windows\SysWOW64\debug.log
2014-04-21 11:39 - 2014-04-21 11:39 - 00070464 _____ () C:\GDIPFONTCACHEV1.DAT
2014-04-21 09:46 - 2013-04-07 11:29 - 00000000 ____D () C:\Users\Elliott\AppData\Local\CrashDumps
2014-04-21 09:45 - 2012-03-18 13:33 - 00000000 ____D () C:\Users\Elliott\AppData\Local\Google
2014-04-21 09:35 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\system32\NDF
2014-04-21 09:29 - 2014-04-21 09:29 - 00262144 _____ () C:\windows\Minidump\042114-31387-01.dmp
2014-04-21 09:29 - 2014-03-16 20:19 - 620203904 _____ () C:\windows\MEMORY.DMP
2014-04-21 09:29 - 2013-06-09 08:21 - 00000000 ____D () C:\windows\Minidump
2014-04-20 11:04 - 2014-04-20 11:04 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-04-20 11:03 - 2014-04-20 11:03 - 00271760 _____ () C:\windows\Minidump\042014-18782-01.dmp
2014-04-19 16:35 - 2014-04-19 16:35 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\Malwarebytes
2014-04-19 16:35 - 2014-04-19 16:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-19 16:14 - 2014-04-19 16:14 - 00262144 _____ () C:\windows\Minidump\041914-32822-01.dmp
2014-04-19 13:18 - 2014-03-12 17:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-19 13:18 - 2013-07-30 14:59 - 00000000 ____D () C:\Users\Elliott\AppData\Local\Warframe
2014-04-19 13:18 - 2012-11-18 20:17 - 00000000 ____D () C:\Users\Elliott\AppData\Local\lptmp937191061
2014-04-19 13:18 - 2012-03-18 14:57 - 00000000 ____D () C:\Program Files\Webroot
2014-04-19 13:18 - 2012-01-26 01:51 - 00000000 ____D () C:\ProgramData\Norton
2014-04-19 13:18 - 2010-11-21 03:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-19 13:18 - 2009-07-13 23:20 - 00000000 ____D () C:\windows\registration
2014-04-19 09:29 - 2014-04-19 05:39 - 00000104 ____N () C:\AOSS.log
2014-04-19 09:20 - 2012-03-18 13:25 - 00000000 ____D () C:\Users\Elliott
2014-04-16 16:17 - 2014-04-08 21:40 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\TS3Client
2014-04-13 12:28 - 2012-03-18 14:57 - 00152744 _____ (Webroot) C:\windows\SysWOW64\WRusr.dll
2014-04-13 12:28 - 2012-03-18 14:57 - 00114176 _____ (Webroot) C:\windows\system32\Drivers\WRkrn.sys
2014-04-13 12:28 - 2012-03-18 14:57 - 00103816 _____ (Webroot) C:\windows\system32\WRusr.dll
2014-04-09 22:37 - 2012-04-01 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-08 21:40 - 2014-04-08 21:39 - 00001177 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2014-04-08 21:40 - 2014-04-08 21:39 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2014-04-08 21:39 - 2014-04-08 21:36 - 27601296 _____ (TeamSpeak Systems GmbH) C:\Users\Elliott\Downloads\TeamSpeak3-Client-win32-3.0.14.exe
2014-04-04 17:29 - 2012-01-26 01:54 - 00003908 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-04 17:29 - 2012-01-26 01:54 - 00003656 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-01 06:03 - 2014-04-01 06:03 - 00000000 ___RD () C:\Users\Elliott\AppData\Roaming\Brother
2014-03-31 09:35 - 2010-11-20 23:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-03-31 03:51 - 2014-04-21 13:23 - 90655440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-29 14:46 - 2014-03-29 14:46 - 00000000 ____D () C:\Users\Elliott\AppData\Roaming\vlc
2014-03-29 13:25 - 2014-03-29 13:24 - 06373376 _____ () C:\Users\Elliott\Desktop\hamachi.msi
2014-03-25 18:08 - 2014-03-25 18:08 - 00000222 _____ () C:\Users\Elliott\Desktop\7 Days to Die.url
 
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\B0936C1D-881E-436F-96B6-F5B2B3C4E115.exe
C:\Users\Elliott\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Elliott\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Elliott\AppData\Local\Temp\Delta.exe
C:\Users\Elliott\AppData\Local\Temp\DeltaTB.exe
C:\Users\Elliott\AppData\Local\Temp\MybabylonTB.exe
C:\Users\Elliott\AppData\Local\Temp\ose00000.exe
C:\Users\Elliott\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\Elliott\AppData\Local\Temp\SIntf16.dll
C:\Users\Elliott\AppData\Local\Temp\SIntf32.dll
C:\Users\Elliott\AppData\Local\Temp\SIntfNT.dll
C:\Users\Elliott\AppData\Local\Temp\SpOrder.dll
C:\Users\Elliott\AppData\Local\Temp\WDH.exe
C:\Users\Elliott\AppData\Local\Temp\WSSetup.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-23 11:30
 
==================== End Of Log ============================

 

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014

Ran by Elliott at 2014-04-22 11:50:02
Running from C:\Users\Elliott\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Webroot SecureAnywhere (Enabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Webroot SecureAnywhere (Enabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)
7 Days to Die (HKLM-x32\...\Steam App 251570) (Version:  - The Fun Pimps)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AOL Toolbar (HKCU\...\AOL Toolbar) (Version:  - )
AOL Toolbar (HKLM-x32\...\AOL Toolbar) (Version:  - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Best Buy Connect (HKLM-x32\...\{B435FD87-CA14-45E3-9D0B-A30F1F9F3866}) (Version: 3.00.68 - Best Buy)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.395.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version:  - AOL Inc.) <==== ATTENTION
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Linkey (HKCU\...\Linkey) (Version: 0.0.0.333 - Aztec Media Inc) <==== ATTENTION
LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.188 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.188 - LogMeIn, Inc.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version:  - )
Microsoft Age of Empires II: The Conquerors Expansion (HKLM-x32\...\Age of Empires II: The Conquerors Expansion 1.0) (Version:  - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft VC9 runtime libraries (x32 Version: 2.0.0 - AOL Inc.) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 19.1.0.28 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PureLeads (HKLM-x32\...\PureLeads) (Version: 2.0.17 - PureLeads)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6323 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 2 (HKLM-x32\...\{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}) (Version:  - )
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\{907B4640-266B-4A21-92FB-CD1A86CD0F63}) (Version: 1.00.000 - Atari)
Settings Manager (HKLM-x32\...\Settings Manager) (Version: 5.0.0.11471 - Aztec Media Inc.) <==== ATTENTION
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.3.0 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.30 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.30 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Vidplaya version 1.0 (HKLM-x32\...\{358ECEF0-7D57-44BA-B460-87A4414EFBD6}_is1) (Version: 1.0 - Vidplaya)
Warframe (HKLM-x32\...\{F7EADE2C-2A5C-44D7-9A2B-995CDDC20295}) (Version: 1.0.0 - Digital Extremes)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 8.0.4.70 - Webroot)
Windows Driver Package - SteelSeries (HidUsb) HIDClass  (11/06/2008 1.0.0.0) (HKLM\...\3BAB28DCB147AECC0E058666DF1B98388950B510) (Version: 11/06/2008 1.0.0.0 - SteelSeries)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
World of Warcraft MMO Gaming Mouse (HKLM-x32\...\{C9DF0468-5F31-4799-B4FE-CBAD37FFB8DE}) (Version: 1.14.0000 - SteelSeries)
 
==================== Restore Points  =========================
 
25-03-2014 21:01:17 Windows Update
26-03-2014 00:20:59 Installed LogMeIn Hamachi
28-03-2014 22:25:31 Windows Update
01-04-2014 21:12:38 Windows Update
04-04-2014 21:32:55 Windows Update
09-04-2014 21:58:56 Windows Update
10-04-2014 02:35:35 Windows Update
15-04-2014 15:48:32 Windows Update
21-04-2014 17:22:56 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {052340BA-376A-4BB6-AC4C-94B550B5157E} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\WSCStub.exe [2011-08-13] (Symantec Corporation)
Task: {7FA670A3-FCB4-4E79-AF24-CDA0C9726A61} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {98CC583B-7464-4706-808B-EAC97F094EFD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26] (Google Inc.)
Task: {ABCC923A-C841-41DC-AF7F-4872E5F25DE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26] (Google Inc.)
Task: {AD043FB6-EBF8-41D8-A052-74DD5D043096} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {C2256CB9-E821-4CD4-B90A-09EE052E47C6} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\SymErr.exe [2011-08-11] (Symantec Corporation)
Task: {D0468AD5-E511-49FD-8FA1-238BD9482FDA} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {EC1DEDAC-A9C5-4B7D-AE02-6128C146FB87} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-31 21:32 - 2011-05-31 21:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-06-27 13:16 - 2011-06-27 13:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 21:18 - 2010-11-18 21:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2011-02-22 23:22 - 2011-02-22 23:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2010-12-15 19:19 - 2010-12-15 19:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 21:32 - 2011-05-31 21:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-10 01:09 - 2011-06-10 01:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-05-30 20:06 - 2012-05-30 20:06 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-03-21 16:30 - 2010-08-11 14:18 - 00010752 _____ () C:\Program Files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\VDHIDWDM.DLL
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\56571826.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\59524631.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\82513470.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\56571826.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\59524631.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\82513470.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\plsapp => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/22/2014 11:40:13 AM) (Source: Schedule) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (04/22/2014 11:39:09 AM) (Source: TOSHIBA Service Station) (User: )
Description: TSS Load: could not communicate with TMachInfo service
 
Error: (04/22/2014 11:37:11 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/22/2014 11:37:09 AM) (Source: Schedule) (User: )
Description: Schedule error: 10106Initialize call failed, bailing out
 
Error: (04/22/2014 10:08:41 AM) (Source: PlsvcV2) (User: )
Description: In the enable methodObject reference not set to an instance of an object.
 
Error: (04/22/2014 10:06:36 AM) (Source: Application Error) (User: )
Description: Faulting application name: SendoriSvc.exe, version: 2.0.4.0, time stamp: 0x506331f1
Faulting module name: DynLib.dll, version: 2.0.4.0, time stamp: 0x506331e3
Exception code: 0xc0000005
Fault offset: 0x0000b212
Faulting process id: 0x57c
Faulting application start time: 0xSendoriSvc.exe0
Faulting application path: SendoriSvc.exe1
Faulting module path: SendoriSvc.exe2
Report Id: SendoriSvc.exe3
 
Error: (04/22/2014 10:04:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (04/21/2014 03:01:09 PM) (Source: Sendori) (User: )
Description: TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'
 
Error: (04/21/2014 02:56:09 PM) (Source: Sendori) (User: )
Description: TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'
 
Error: (04/21/2014 02:51:09 PM) (Source: Sendori) (User: )
Description: TV ERRORThe remote name could not be resolved: 'pureleadstv.searchtreat.com'
 
 
System errors:
=============
Error: (04/22/2014 11:49:03 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:48:49 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:47:47 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:47:35 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:46:27 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:46:17 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:46:11 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:45:51 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:43:43 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
Error: (04/22/2014 11:43:39 AM) (Source: Service Control Manager) (User: )
Description: The IPsec Policy Agent service terminated with the following error: 
%%10106
 
 
Microsoft Office Sessions:
=========================
Error: (11/18/2013 07:49:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 2611 seconds with 1740 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-21 12:44:45.202
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-21 12:20:56.944
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-21 12:09:05.854
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-21 11:52:21.812
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-21 09:52:17.116
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-21 09:30:51.758
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-20 11:03:12.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-19 16:26:05.226
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-19 14:27:40.569
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-19 13:57:19.704
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\wininet.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 27%
Total physical RAM: 6051.76 MB
Available physical RAM: 4404 MB
Total Pagefile: 12101.7 MB
Available Pagefile: 10328.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (TI106348W0B) (Fixed) (Total:682.03 GB) (Free:528.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HBCD 15.2) (CDROM) (Total:0.58 GB) (Free:0 GB) CDFS
Drive e: () (Fixed) (Total:14.9 GB) (Free:14.89 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: 854931EA)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=682 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 29D9C0BD)
Partition 1: (Not Active) - (Size=15 GB) - (Type=0C)
 
==================== End Of Log ============================


#8 PSL649

PSL649
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 22 April 2014 - 01:13 PM

Hi Marius,

 

ComboFix 14-04-20.01 - Elliott 04/22/2014  13:45:40.1.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6052.4542 [GMT -4:00]
Running from: c:\users\Elliott\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: Webroot SecureAnywhere *Disabled/Updated* {66A6FE14-08CB-F415-3742-517201416109}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Webroot SecureAnywhere *Disabled/Updated* {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\programdata\Microsoft\Windows\DRM\BFFA.tmp
c:\programdata\Roaming
c:\programdata\Wincert\WIN32C~1.DLL
c:\users\Elliott\GoToAssistDownloadHelper.exe
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-22 to 2014-04-22  )))))))))))))))))))))))))))))))
.
.
2014-04-22 18:21 . 2014-04-22 15:50 -------- d-----w- C:\FRST
2014-04-22 17:57 . 2014-04-22 17:57 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96128795-79F2-452E-A8F4-AB92A033C5CD}\offreg.dll
2014-04-21 18:49 . 2014-04-21 18:49 -------- d-----w- c:\programdata\PC Tools
2014-04-21 17:56 . 2013-11-01 17:37 94424 ----a-w- c:\programdata\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe
2014-04-21 17:30 . 2014-04-17 09:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{96128795-79F2-452E-A8F4-AB92A033C5CD}\mpengine.dll
2014-04-21 17:28 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-21 17:27 . 2012-08-23 13:24 15360 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-04-21 17:27 . 2012-08-23 14:10 19456 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2014-04-21 17:27 . 2012-08-23 14:08 30208 ----a-w- c:\windows\system32\drivers\TsUsbGD.sys
2014-04-21 17:27 . 2012-08-23 14:13 243200 ----a-w- c:\windows\system32\rdpudd.dll
2014-04-21 17:27 . 2012-08-23 11:12 192000 ----a-w- c:\windows\SysWow64\rdpendp_winip.dll
2014-04-21 17:27 . 2012-08-23 10:51 228864 ----a-w- c:\windows\system32\rdpendp_winip.dll
2014-04-21 17:27 . 2012-08-23 09:51 3174912 ----a-w- c:\windows\system32\rdpcorets.dll
2014-04-21 17:27 . 2014-04-21 17:27 -------- d-----w- C:\history
2014-04-21 17:23 . 2014-04-21 17:25 -------- d-----w- c:\windows\system32\MRT
2014-04-21 17:22 . 2013-09-25 02:23 1030144 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-04-21 17:22 . 2013-09-25 01:57 792576 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-04-21 17:22 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2014-04-21 17:22 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-04-21 17:14 . 2014-04-21 17:14 -------- d-----w- C:\TDSSKiller_Quarantine
2014-04-21 16:44 . 2014-04-21 16:44 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\LogMeIn
2014-04-21 16:12 . 2014-04-21 17:16 -------- d-----w- c:\users\Administrator
2014-04-21 16:10 . 2014-04-21 16:10 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\Toshiba
2014-04-21 16:09 . 2014-04-21 16:09 -------- d-----w- c:\program files (x86)\Common Files\lptmp24088
2014-04-21 16:09 . 2014-04-21 16:09 -------- d-----w- C:\lptmp24088
2014-04-20 15:04 . 2014-04-20 15:04 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-04-19 20:35 . 2014-04-19 20:35 -------- d-----w- c:\users\Elliott\AppData\Roaming\Malwarebytes
2014-04-19 20:35 . 2012-09-29 18:54 25928 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2014-04-19 20:35 . 2014-04-19 20:35 -------- d-----w- c:\programdata\Malwarebytes
2014-04-09 01:40 . 2014-04-16 20:17 -------- d-----w- c:\users\Elliott\AppData\Roaming\TS3Client
2014-04-09 01:39 . 2014-04-09 01:40 -------- d-----w- c:\program files (x86)\TeamSpeak 3 Client
2014-04-01 10:03 . 2014-04-01 10:03 -------- d-----r- c:\users\Elliott\AppData\Roaming\Brother
2014-03-29 18:46 . 2014-03-29 18:46 -------- d-----w- c:\users\Elliott\AppData\Roaming\vlc
2014-03-29 18:40 . 2014-03-29 18:40 -------- d-----w- c:\users\Elliott\AppData\Local\Programs
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-13 16:28 . 2012-03-18 18:57 152744 ----a-w- c:\windows\SysWow64\WRusr.dll
2014-04-13 16:28 . 2012-03-18 18:57 114176 ----a-w- c:\windows\system32\drivers\WRkrn.sys
2014-04-13 16:28 . 2012-03-18 18:57 103816 ----a-w- c:\windows\system32\WRusr.dll
2014-03-31 13:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-12 21:21 . 2012-12-26 14:08 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-12 21:21 . 2011-11-25 03:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 09:17 . 2014-04-09 21:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 23:52 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 23:51 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 23:51 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 23:51 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 23:51 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 23:52 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 23:52 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 23:52 228864 ----a-w- c:\windows\system32\wwansvc.dll
2012-11-19 00:17 . 2012-11-19 00:17 9842040 ----a-w- c:\program files (x86)\Common Files\wruninstall.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]
"WRSVC"="c:\program files\Webroot\WRSA.exe" [2014-04-13 763512]
"SteelSeries World of Warcraft MMO Gaming Mouse"="c:\program files (x86)\SteelSeries\World of Warcraft MMO Gaming Mouse\WoWMHID.exe" [2011-08-18 1651200]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-04-15 3814736]
"BingDesktop"="c:\program files (x86)\Microsoft\BingDesktop\BingDesktop.exe" [2014-02-21 2357984]
.
c:\users\Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-6-23 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Install Webroot FF RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -q -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 9842040]
Install Webroot IE RunOnce.lnk - c:\program files (x86)\Common Files\wruninstall.exe -p -name=webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext [2012-11-18 9842040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"DisableLocalMachineRun"= 0 (0x0)
"DisableLocalMachineRunOnce"= 0 (0x0)
"DisableCurrentUserRun"= 0 (0x0)
"DisableCurrentUserRunOnce"= 0 (0x0)
"NoFile"= 0 (0x0)
"HideClock"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoEncryptOnMove"= 0 (0x0)
"NoResolveTrack"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
R2 Application Sendori;Application Sendori;c:\program files (x86)\Sendori\SendoriSvc.exe;c:\program files (x86)\Sendori\SendoriSvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 Mo3Fltr;MMO Mouse;c:\windows\system32\drivers\Mo3Fltr.sys;c:\windows\SYSNATIVE\drivers\Mo3Fltr.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys;c:\windows\SYSNATIVE\drivers\WRkrn.sys [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.362.0\BBSvc.exe [x]
S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe;c:\program files\Webroot\WRSA.exe [x]
S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1301000.01C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\ccSetx64.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130405.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130405.001\IDSvia64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1301000.01C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\SYMDS64.SYS [x]
S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1301000.01C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\SYMEFA64.SYS [x]
S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1301000.01C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\Ironx64.SYS [x]
S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\NISx64\1301000.01C\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1301000.01C\SYMNETS.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 21:38 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-26 21:21]
.
2014-04-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 05:54]
.
2014-04-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-26 05:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-05 11780712]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-02 2189416]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=293&src=hmp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: Interfaces\{83F744EC-7623-4265-B5CE-24D20EABE3E9}: NameServer = 207.69.188.185,207.69.188.186,68.237.161.12
TCP: Interfaces\{83F744EC-7623-4265-B5CE-24D20EABE3E9}\A4051405: NameServer = 207.69.188.185,207.69.188.186,68.237.161.12
.
.
------- File Associations -------
.
inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*
txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} - c:\progra~2\Linkey\IEEXTE~1\iedll.dll
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
SafeBoot-56571826.sys
SafeBoot-59524631.sys
SafeBoot-82513470.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-PureLeads - c:\program files (x86)\PureLeads\Uninstall.exe
AddRemove-Settings Manager - c:\program files (x86)\Settings Manager\systemk\Uninstall.exe
AddRemove-{358ECEF0-7D57-44BA-B460-87A4414EFBD6}_is1 - c:\program files (x86)\Vidplaya\unins000.exe
AddRemove-Linkey - c:\program files (x86)\Linkey\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.1.0.28\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\TOSHIBA\widimon\widimon.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-04-22  14:02:26 - machine was rebooted
ComboFix-quarantined-files.txt  2014-04-22 18:02
.
Pre-Run: 567,450,284,032 bytes free
Post-Run: 570,168,528,896 bytes free
.
- - End Of File - - A87A0432E29F5F140F158A9858842431


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 23 April 2014 - 04:06 AM

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 PSL649

PSL649
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 23 April 2014 - 11:22 AM

Should I delete the quarantine items in the MBAM scan after this? 

 

The scans re done and here are the logs from them

 

MBAM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/23/2014
Scan Time: 10:52:27 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.23.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Elliott
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 307583
Time Elapsed: 11 min, 40 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 39
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, Quarantined, [4e74939ab6c5cb6b4e9f0648a260c739], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}, Quarantined, [4e74939ab6c5cb6b4e9f0648a260c739], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [30925ecf7704be789f5c22f5d32fd42c], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{6A7CD9EC-D8BD-4340-BCD0-77C09A282921}, Quarantined, [30925ecf7704be789f5c22f5d32fd42c], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [378bc9640e6d8da93cb2bd917191946c], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}, Quarantined, [378bc9640e6d8da93cb2bd917191946c], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [ae142eff502b003660a34ace4ab82ad6], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [ae142eff502b003660a34ace4ab82ad6], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [ae142eff502b003660a34ace4ab82ad6], 
PUP.Optional.Linkey.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47}, Quarantined, [ae142eff502b003660a34ace4ab82ad6], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader.1, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamDownloader, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamDownloader.1, Quarantined, [833feb426a11dc5afdf190bdb84aa15f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO.1, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\wajam.WajamBHO, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\wajam.WajamBHO.1, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}, Quarantined, [dee4aa83ea91fc3a29517f9c5aa8718f], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\CLASSES\APPID\priam_bho.DLL, Quarantined, [17abef3e0c6f38feffd8ebb0d82b6d93], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY, Quarantined, [c3ffcd60433872c416edee87ba489967], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\Wajam, Quarantined, [bf03bc716e0d54e2491be6cd0300cc34], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\priam_bho.DLL, Quarantined, [22a089a44f2c84b228af6239d72ce020], 
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [b70b1419ed8ea78fb4a2e8937e844eb2], 
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY, Quarantined, [4c76f538c6b5c274d82bd79e01016d93], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK\General, Quarantined, [61612ffe6d0e20160d75f0842dd5be42], 
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK, Quarantined, [903209247a01ed49e79c9ed6877b18e8], 
PUP.Optional.Softonic.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Quarantined, [734fa984354646f01364e98720e27e82], 
PUP.Optional.Wajam.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM, Quarantined, [527027062e4ddc5a5c7d6e2d649f5ca4], 
 
Registry Values: 5
PUP.Optional.Linkey.A, HKLM\SOFTWARE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, Quarantined, [c3ffcd60433872c416edee87ba489967]
PUP.Optional.Linkey.A, HKLM\SOFTWARE\WOW6432NODE\LINKEY|ie_jsurl, http://app.linkeyproject.com/popup/IE/background.js, Quarantined, [4c76f538c6b5c274d82bd79e01016d93]
PUP.Optional.SettingsManager.A, HKLM\SOFTWARE\WOW6432NODE\SYSTEMK|browser,  ie ff cr, Quarantined, [903209247a01ed49e79c9ed6877b18e8]
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WAJAM|red, 2, Quarantined, [b70b80ad146715212eacf9a2758ea65a]
PUP.Optional.Wajam.A, HKU\S-1-5-21-2604800291-2597828391-1879029592-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WAJAM|affiliate_id, 4222, Quarantined, [527027062e4ddc5a5c7d6e2d649f5ca4]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 6
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Wajam, Quarantined, [a81a131a0c6fba7c6941baaa5ea4bc44], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Wajam\Chrome, Quarantined, [a81a131a0c6fba7c6941baaa5ea4bc44], 
 
Files: 17
PUP.Optional.Softonic.A, C:\Users\Elliott\Downloads\SoftonicDownloader_for_hamachi.exe, Quarantined, [f8ca25084d2e8aac90e773a8728f9868], 
PUP.Optional.Linkey.A, C:\Users\Elliott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Linkey.lnk, Quarantined, [685a121b3b4068ce3ae8d59ed32f3dc3], 
PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win32prop.dll, Quarantined, [6e5447e6483386b0f91947556d964bb5], 
PUP.Optional.Datamngr.A, C:\ProgramData\Wincert\win64prop.dll, Quarantined, [bd05f13c7704bd79d33fb0ece02336ca], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\manifest.json, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_128x128.png, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_48x48.png, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html\background.html, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\background.js, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\browserLoad.js, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam.js, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_background.js, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_chrome.js, Quarantined, [ecd659d46e0dea4c4e1c7ae96d958d73], 
PUP.Optional.Wajam.A, C:\Users\Elliott\AppData\Local\Wajam\Chrome\wajam.crx, Quarantined, [a81a131a0c6fba7c6941baaa5ea4bc44], 
PUP.Optional.DefaultSearch.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "startup_urls": [ "http://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=293&src=hmp" ],), Replaced,[972b8ba239425cda505c1c3b7292c53b]
PUP.Optional.DefaultSearch.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (   "homepage": "http://www.default-search.net?sid=476&aid=100&itype=n&ver=11471&tm=293&src=hmp",), Replaced,[942e2ffe28538bab00adb4a3d82ce51b]
PUP.Optional.DefaultSearch.A, C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\Preferences, Good: (), Bad: (      "search_url": "http://www.default-search.net/search?sid=476&aid=100&itype=n&ver=11471&tm=293&src=ds&p={searchTerms}",), Replaced,[b111da5319626dc94b63b3a4b252738d]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
ESET
C:\FRST\Quarantine\C\Program Files (x86)\Linkey\Helper.dll a variant of Win32/Toolbar.SearchSuite.P potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\DynLib.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\freebl3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\Interop.PCProxyLib.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\libnspr4.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\libplc4.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\libplds4.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\nss3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\nssckbi.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\nssdbm3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\nssutil3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\plsapp.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\plsapp.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\plsappDLL.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\plsappLSP.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\plsappLSP64.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\pureleads-win-upgrader.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\PureLeads.Library.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\PureLeads.Service.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\PureLeadsControl.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\PureLeadsSvc.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\PureLeadsTray.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\PureLeadsUp.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\smime3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\softokn3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\sqlite3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\ssl3.dll a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\PureLeads\Uninstall.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Program Files (x86)\Sendori\SendoriSvc.exe a variant of Generik.IERBPVQ potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\Internet Explorer Settings.exe Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\syskldr_u.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemk.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemkbho.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\systemku.exe a variant of Win32/Toolbar.SearchSuite.O potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\Internet Explorer Settings.exe Win32/Toolbar.SearchSuite.Q potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\syskldr_u.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemk.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Settings Manager\systemk\x64\systemkbho.dll a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application
C:\FRST\Quarantine\C\Program Files (x86)\Wajam\Updater\update.exe a variant of Win32/Wajam.G potentially unwanted application
C:\FRST\Quarantine\C\Users\Elliott\AppData\Roaming\OpenCandy\A98AC80210454DCEB9A5DCAE7B3C5ED1\PureLeadsSetupx21701.exe a variant of Win32/AdWare.Sendori.A application
C:\FRST\Quarantine\C\Windows\SysWOW64\plsapp.dll.xBAD a variant of Win32/AdWare.Sendori.A application
C:\Qoobox\Quarantine\C\ProgramData\Wincert\WIN32C~1.DLL.vir Win32/Toolbar.SearchSuite.M potentially unwanted application
C:\Users\Elliott\AppData\LocalLow\BFFC.tmp a variant of Win64/Olmarik.AY trojan
 


#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 24 April 2014 - 03:16 AM

No need to delete these files yet.

 

 

Fix with FRST (normal mode)

WARNING: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 

  • Download the attached fixlist.txt and save it to the location where FRST is saved to.
  • Run FRST.exe (on 64bit, run FRST64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.




SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

 

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 PSL649

PSL649
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 24 April 2014 - 02:32 PM

FRST

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-04-2014
Ran by Elliott at 2014-04-24 14:37:08 Run:2
Running from C:\Users\Elliott\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Elliott\AppData\LocalLow\BFFC.tmp
*****************
 
C:\Users\Elliott\AppData\LocalLow\BFFC.tmp => Moved successfully.
 
==== End of Fixlog ====
 
AdwCleaner

# AdwCleaner v3.202 - Report created 24/04/2014 at 14:49:32
# Updated 23/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Elliott - ELLIOTT-PC
# Running from : C:\Users\Elliott\Desktop\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\AOL Toolbar
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\ProgramData\systemk
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\AOL Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Elliott\AppData\Local\AOL Toolbar
Folder Deleted : C:\Users\Elliott\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\DataMngr
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4B5C-9287-DA72D38F4FE6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\Software\firstsearch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\Elliott\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://www.fathead.com/search-results/?term={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [4919 octets] - [24/04/2014 14:45:53]
AdwCleaner[S0].txt - [4819 octets] - [24/04/2014 14:49:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4879 octets] ##########
 
JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Elliott on Thu 04/24/2014 at 15:00:05.46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\aol toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3EF64538-8B54-4573-B48F-4D34B0238AB2}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/24/2014 at 15:07:33.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
SecurityCheck

 Results of screen317's Security Check version 0.99.82  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java™ 6 Update 25  
 Java version out of Date! 
  Adobe Flash Player 12.0.0.77 Flash Player out of Date!  
 Google Chrome 33.0.1750.154  
 Google Chrome 34.0.1847.116  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 11% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log`````````````````````` 
 
 


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 25 April 2014 - 04:43 AM

Your system is clean now! :)

 

 

 

Adobe Flash Player out of date

Your Adobe flash player is outdated. We will fix this.

  • Get the actual player from here. Important: Uncheck any optional software (for example Google Chrome, etc.) offered.
  • Click upon Start-->control panel-->add/remove programs.
  • Search for and remove any older reader versions.

 

 

 

Java runtime Environment out of date

Your Java runtime environment is outdated. We will fix this.

  • Get the actual JRE from here
  • Save jxpiinstall.exe to your desktop
  • Close all running programs, especially your browser(s)
  • Run jxpiinstall.exe. This will download the newest JRE installer and install the software
  • when finished, go to
    Start-->control panel-->add/remove programs and remove all older Java versions. (if existing)
  • When finished, reboot your computer.

After the reboot
  • Open control panel again and click the java symbol.
  • Click Settings under Temporary Internet Files.
    The Temporary Files Settings dialog box appears.
  • Click Delete Files.
    The Delete Temporary Files dialog box appears
  • Click OK on Delete Temporary Files window.
  • Click OK again.

 

 

 

Defrag your hard drive
 
Your hard drive is heavily fragmented. This may result in performance losses. If it is NOT an SSD drive, use a tool like Auslogic DiskDefrag to defrag the drive.

 

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  • In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  • In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  • In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process
  • If there is still something left please delete it manualy.




Delete System Restore Points

To ensure your System Restore Points are free of malware, we will delete all of them but the most recent or create a new one.

On Windows Vista: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows 7/8: Please follow these instructions to delete all but the most common System Protection Restore Points.
On Windows XP: Please follow these instructions to delete all but the most common System Protection Restore Points.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.

  • Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

  • Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system.
  • Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.
    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 PSL649

PSL649
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:08:52 AM

Posted 26 April 2014 - 11:38 AM

Thank for all the help Marius everything is running great. :thumbup2:  



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 PM

Posted 28 April 2014 - 09:34 AM

You´re welcome! :)


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users