Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware on my comp. Please help!


  • Please log in to reply
18 replies to this topic

#1 elvy

elvy

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 12 June 2014 - 11:59 PM

I ran Malwarebytes in safe mode and I quarantined some things but I am still seeing the conduit folder in my program files directory.

Here are the logs.

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 15 June 2014 - 05:27 PM

Hi elvy

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


Step 1
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
Step 2
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to your Desktop.
  • Double-click the downloaded icon to run the tool. Vista/Windows 7/8 users right-click and select Run As Administrator

    frsticon_zpsdc3cbdc3.png
  • When the tool opens click Yes to disclaimer.

    frstdis_zps7f598f12.png
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    newfrst_zpsa63ffa3d.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply also.
In your next reply, please submit:
JRT.txt
AdwCleaner report
Both reports from FRST


Thanks.

BBPP6nz.png


#3 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 15 June 2014 - 07:01 PM

The forums won't let me attach the log files because they are all over 5.55 kbs so I will copy paste the lists. Hope this is okay.

As for the JRT.txt, I ran it as admin and everything but it would not create a log file. I tried twice with no luck.
 

# AdwCleaner v3.212 - Report created 15/06/2014 at 18:42:44
# Updated 05/06/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : w&sgreen - LARGELAPTOP
# Running from : C:\Users\w&sgreen\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\TubeDimmer
Folder Deleted : C:\ProgramData\Updater
Folder Deleted : C:\Program Files\Level Quality Watcher
Folder Deleted : C:\Users\w&sgreen\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\w&sgreen\AppData\Local\Conduit
Folder Deleted : C:\Users\w&sgreen\AppData\Local\Mobogenie
Folder Deleted : C:\Users\w&sgreen\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\w&sgreen\AppData\Local\WhiteListing
Folder Deleted : C:\Users\w&sgreen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\w&sgreen\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\w&sgreen\Documents\Mobogenie
Folder Deleted : C:\Users\w&sgreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffekppndigniegkobcngkdmaadbhhonj
File Deleted : C:\windows\System32\sasnative64.exe
File Deleted : C:\Users\w&sgreen\daemonprocess.txt
File Deleted : C:\windows\System32\Tasks\Advanced System Protector_startup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ffekppndigniegkobcngkdmaadbhhonj
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE91F9CE-0900-4E2A-B673-F3F6E4FC54D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B8BFA10F-6FFD-44B5-9DBB-E17CBAA107FF}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{28725C03-CBA1-4CF7-ACBE-586DC13286A0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AE3EE8-05D3-4DAF-8A0B-2530394FD8CB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A7C43421-AB2B-4373-AADD-F4B7AE15FDBE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9581658-20F7-405B-B487-5CC26902E218}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F81A9A20-F851-46A7-AD69-C2780DBC377C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{612AD33D-9824-4E87-8396-92374E91C4BB}
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms
Key Deleted : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\Classes\Installer\Features\6BA018E6E43F3A949AF3E90563067F81
Key Deleted : HKLM\Software\Classes\Installer\Products\6BA018E6E43F3A949AF3E90563067F81
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17126
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
 
-\\ Mozilla Firefox v
 
-\\ Google Chrome v35.0.1916.153
 
[ File : C:\Users\w&sgreen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://start.sweetpacks.com?src=6&q={searchTerms}&barid={1FBD3DC2-CBEB-11E2-95BB-DC0EA14104A5}&crg=3.5000006.10043&st=23
Deleted [Search Provider] : hxxp://start.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10043&barid={1FBD3DC2-CBEB-11E2-95BB-DC0EA14104A5}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN11397586413174303&ctid=CT3306058&UM=2
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?ctid=CT3317742&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SPB5DA3510-9B4C-4804-A963-E7C813A99021&q={searchTerms}&SSPV=
Deleted [Search Provider] : hxxp://findwide.com/serp?guid={212C75EF-2069-4022-A859-999ADCC49DFF}&action=default_search&serpv=22&k={searchTerms}
Deleted [Extension] : ffekppndigniegkobcngkdmaadbhhonj
 
*************************
 
AdwCleaner[R0].txt - [11992 octets] - [15/06/2014 18:41:58]
AdwCleaner[S0].txt - [11113 octets] - [15/06/2014 18:42:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11174 octets] ##########
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by w&sgreen (administrator) on LARGELAPTOP on 15-06-2014 18:49:07
Running from C:\Users\w&sgreen\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Advanced Micro Devices, Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr.exe
(Raptr, Inc) C:\Program Files (x86)\Raptr\raptr_im.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\nis.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [NUSB3MON] => C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe [97280 2012-04-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-2069283545-496111956-1863028072-1000\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-05-14] (Raptr, Inc)
HKU\S-1-5-21-2069283545-496111956-1863028072-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-2069283545-496111956-1863028072-1000\...\MountPoints2: {7ad6529f-1af6-11e3-9a7a-dc0ea14104a5} - F:\Startme.exe
HKU\S-1-5-21-2069283545-496111956-1863028072-1000\...\MountPoints2: {bdb1efe0-e0e6-11e1-b342-dc0ea14104a5} - E:\SETUP.EXE
 
==================== Internet (Whitelisted) ====================
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {BC784D6B-A231-4269-9216-CB1F0FB74551} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10755
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.1.3\IPSFF [2014-05-24]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Drive) - C:\Users\w&sgreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-21]
CHR Extension: (TV) - C:\Users\w&sgreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2014-03-22]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\w&sgreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (Norton Identity Safe for Google Chrome™) - C:\Users\w&sgreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-05-24]
CHR Extension: (Google Wallet) - C:\Users\w&sgreen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-05]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\Exts\Chrome.crx [2014-05-24]
 
==================== Services (Whitelisted) =================
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File not signed]
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376 2014-05-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-08-24] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [175296 2014-05-28] ()
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [1530160 2014-05-10] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-16] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20140613.001\IDSvia64.sys [525016 2014-05-23] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20140614.001\ENG64.SYS [126040 2014-05-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\VirusDefs\20140614.001\EX64.SYS [2099288 2014-05-24] (Symantec Corporation)
S3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [24176 2010-10-14] ()
R2 rzpmgrk; C:\windows\system32\drivers\rzpmgrk.sys [37184 2014-05-28] (Razer, Inc.)
R2 rzpnk; C:\windows\system32\drivers\rzpnk.sys [129856 2014-05-28] (Razer, Inc.)
R1 SRTSP; C:\Windows\System32\Drivers\NISx64\1503000.00C\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1503000.00C\SRTSPX64.SYS [36952 2013-07-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMDS64.SYS [493656 2013-07-31] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1503000.00C\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-24] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS [264280 2013-07-30] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 Tosrfcom; No ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-06-15 18:49 - 2014-06-15 18:50 - 00017369 _____ () C:\Users\w&sgreen\Desktop\FRST.txt
2014-06-15 18:49 - 2014-06-15 18:49 - 00000000 ____D () C:\FRST
2014-06-15 18:47 - 2014-06-15 18:47 - 02081280 _____ (Farbar) C:\Users\w&sgreen\Desktop\FRST64.exe
2014-06-15 18:45 - 2014-06-15 18:45 - 00011383 _____ () C:\Users\w&sgreen\Desktop\AdwCleaner[S0].txt
2014-06-15 18:42 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-06-15 18:41 - 2014-06-15 18:43 - 00000000 ____D () C:\AdwCleaner
2014-06-15 18:40 - 2014-06-15 18:41 - 01333465 _____ () C:\Users\w&sgreen\Desktop\AdwCleaner.exe
2014-06-15 18:21 - 2014-06-15 18:21 - 00000000 ____D () C:\windows\ERUNT
2014-06-15 18:20 - 2014-06-15 18:20 - 01016261 _____ (Thisisu) C:\Users\w&sgreen\Desktop\JRT.exe
2014-06-12 23:48 - 2014-06-15 18:44 - 00000112 _____ () C:\windows\setupact.log
2014-06-12 23:48 - 2014-06-12 23:48 - 00000000 _____ () C:\windows\setuperr.log
2014-06-12 23:47 - 2014-06-15 18:44 - 00055484 _____ () C:\windows\PFRO.log
2014-06-12 23:46 - 2014-06-12 23:46 - 00001070 _____ () C:\Users\w&sgreen\Desktop\malwarebytes.txt
2014-06-12 22:53 - 2014-06-12 23:50 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 22:52 - 2014-06-12 22:52 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 22:52 - 2014-06-12 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 22:52 - 2014-06-12 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 22:52 - 2014-06-12 22:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 22:52 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-06-12 22:52 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-06-12 22:52 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-06-12 22:20 - 2014-06-12 22:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\w&sgreen\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-12 21:54 - 2014-06-12 23:54 - 00000000 ____D () C:\Users\w&sgreen\Desktop\hjt
2014-06-12 21:51 - 2014-06-12 21:51 - 00251392 _____ () C:\Users\w&sgreen\Downloads\hijackthis_sfx.exe
2014-06-12 21:39 - 2014-06-12 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-12 19:24 - 2014-06-12 19:24 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\AMD
2014-06-12 19:23 - 2014-06-12 19:23 - 00000000 ____D () C:\ProgramData\ATI
2014-06-12 19:22 - 2014-06-12 19:22 - 00000000 ____D () C:\Users\w&sgreen\Documents\Diablo III
2014-06-12 19:10 - 2014-06-12 19:10 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-06-12 19:09 - 2014-06-12 19:09 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\library_dir
2014-06-12 19:06 - 2014-06-15 18:47 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\Raptr
2014-06-12 19:06 - 2014-06-12 19:09 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-06-12 19:05 - 2014-06-12 19:05 - 00061432 _____ () C:\windows\SysWOW64\CCCInstall_201406121905254442.log
2014-06-12 19:04 - 2014-06-12 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-06-12 19:03 - 2014-06-12 19:06 - 00000000 ____D () C:\ProgramData\AMD
2014-06-12 19:01 - 2014-06-12 19:01 - 00000000 ____D () C:\windows\pss
2014-06-12 18:59 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files\AMD
2014-06-12 18:56 - 2014-06-12 19:04 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-12 18:53 - 2014-06-12 18:53 - 00000000 ____D () C:\AMD
2014-06-12 09:35 - 2014-06-12 09:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-06-12 09:35 - 2014-06-12 09:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-06-12 09:34 - 2014-06-12 09:34 - 00001859 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-06-12 09:34 - 2014-06-12 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-11 18:22 - 2014-05-30 05:02 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-06-11 18:22 - 2014-05-30 05:02 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-06-11 18:22 - 2014-05-30 04:45 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-06-11 18:22 - 2014-05-30 04:39 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-06-11 18:22 - 2014-05-30 04:39 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-06-11 18:22 - 2014-05-30 04:38 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-06-11 18:22 - 2014-05-30 04:28 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-06-11 18:22 - 2014-05-30 04:27 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-06-11 18:22 - 2014-05-30 04:24 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-06-11 18:22 - 2014-05-30 04:21 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-06-11 18:22 - 2014-05-30 04:21 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-06-11 18:22 - 2014-05-30 04:20 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-06-11 18:22 - 2014-05-30 04:18 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-06-11 18:22 - 2014-05-30 04:08 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-06-11 18:22 - 2014-05-30 04:06 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-06-11 18:22 - 2014-05-30 04:02 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-06-11 18:22 - 2014-05-30 03:55 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 18:22 - 2014-05-30 03:46 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-06-11 18:22 - 2014-05-30 03:44 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-06-11 18:22 - 2014-05-30 03:44 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-06-11 18:22 - 2014-05-30 03:43 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-06-11 18:22 - 2014-05-30 03:42 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-06-11 18:22 - 2014-05-30 03:38 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-06-11 18:22 - 2014-05-30 03:35 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-06-11 18:22 - 2014-05-30 03:34 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-06-11 18:22 - 2014-05-30 03:33 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-06-11 18:22 - 2014-05-30 03:30 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-06-11 18:22 - 2014-05-30 03:29 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-06-11 18:22 - 2014-05-30 03:28 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-06-11 18:22 - 2014-05-30 03:27 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-06-11 18:22 - 2014-05-30 03:24 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-06-11 18:22 - 2014-05-30 03:23 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-06-11 18:22 - 2014-05-30 03:16 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-06-11 18:22 - 2014-05-30 03:10 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 18:22 - 2014-05-30 03:06 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-06-11 18:22 - 2014-05-30 03:04 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-06-11 18:22 - 2014-05-30 03:02 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-06-11 18:22 - 2014-05-30 02:56 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-06-11 18:22 - 2014-05-30 02:54 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-06-11 18:22 - 2014-05-30 02:50 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-06-11 18:22 - 2014-05-30 02:49 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-06-11 18:22 - 2014-05-30 02:43 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-06-11 18:22 - 2014-05-30 02:40 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-06-11 18:22 - 2014-05-30 02:30 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-06-11 18:22 - 2014-05-30 02:21 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-06-11 18:22 - 2014-05-30 02:15 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-06-11 18:22 - 2014-05-30 02:13 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-06-11 18:22 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2014-06-11 18:22 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2014-06-11 18:22 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-06-11 18:22 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 18:22 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-06-11 18:22 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-06-11 18:22 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-06-11 18:22 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-06-11 18:22 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-06-11 18:22 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-06-11 18:22 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-06-11 18:22 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-06-11 18:21 - 2014-05-30 05:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-06-11 18:21 - 2014-05-30 04:11 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 18:21 - 2014-05-30 03:49 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-06-11 18:21 - 2014-05-30 02:56 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-06-11 18:21 - 2014-05-30 02:13 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-06-11 18:20 - 2014-06-08 04:13 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-11 18:20 - 2014-06-08 04:08 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-10 16:57 - 2014-06-10 21:35 - 00034816 _____ () C:\Users\w&sgreen\AppData\Roaming\RZR_0020d16947fa8bfa1d9923ba16f0.db
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\Razer
2014-06-10 16:46 - 2014-06-10 16:46 - 00001169 _____ () C:\Users\Public\Desktop\Razer Comms.lnk
2014-06-10 16:46 - 2014-06-10 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-06-10 16:46 - 2014-05-28 16:13 - 00129856 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpnk.sys
2014-06-10 16:45 - 2014-06-10 16:46 - 00000000 ____D () C:\ProgramData\Razer
2014-06-10 16:45 - 2014-06-10 16:46 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-06-10 16:45 - 2014-05-28 19:04 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys
2014-06-02 21:41 - 2014-06-02 21:42 - 00000000 ____D () C:\Program Files (x86)\Sony Media Go Install
2014-05-31 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-05-31 18:24 - 2014-05-31 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-24 21:39 - 2014-05-24 21:39 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-05-24 00:01 - 2014-05-24 21:39 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-05-24 00:01 - 2014-05-24 21:39 - 00002472 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-24 00:01 - 2014-05-24 00:01 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-05-24 00:01 - 2014-05-24 00:01 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-05-24 00:01 - 2014-05-24 00:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-23 23:54 - 2014-05-24 21:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-23 23:54 - 2014-05-24 21:39 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-05-23 23:54 - 2014-05-23 23:54 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-23 17:09 - 2014-05-23 17:19 - 00000000 ____D () C:\Users\w&sgreen\Desktop\Norton Internet Security 2014 - 1 User - 3 Licenses (Download)
2014-05-23 17:08 - 2014-05-23 17:09 - 01054064 _____ (Amazon Services LLC) C:\Users\w&sgreen\Downloads\Norton_Internet_Security_2014_1_User_3_Licenses_Downloader.exe
2014-05-16 18:42 - 2014-06-12 09:33 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
 
==================== One Month Modified Files and Folders =======
 
2014-06-15 18:50 - 2014-06-15 18:49 - 00017369 _____ () C:\Users\w&sgreen\Desktop\FRST.txt
2014-06-15 18:50 - 2012-04-19 20:04 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\Temp
2014-06-15 18:49 - 2014-06-15 18:49 - 00000000 ____D () C:\FRST
2014-06-15 18:49 - 2014-01-24 03:18 - 01574281 _____ () C:\windows\WindowsUpdate.log
2014-06-15 18:47 - 2014-06-15 18:47 - 02081280 _____ (Farbar) C:\Users\w&sgreen\Desktop\FRST64.exe
2014-06-15 18:47 - 2014-06-12 19:06 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\Raptr
2014-06-15 18:45 - 2014-06-15 18:45 - 00011383 _____ () C:\Users\w&sgreen\Desktop\AdwCleaner[S0].txt
2014-06-15 18:45 - 2014-03-26 19:21 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf495274151316.job
2014-06-15 18:44 - 2014-06-12 23:48 - 00000112 _____ () C:\windows\setupact.log
2014-06-15 18:44 - 2014-06-12 23:47 - 00055484 _____ () C:\windows\PFRO.log
2014-06-15 18:44 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-06-15 18:43 - 2014-06-15 18:41 - 00000000 ____D () C:\AdwCleaner
2014-06-15 18:42 - 2012-04-19 20:04 - 00000000 ____D () C:\Users\w&sgreen
2014-06-15 18:41 - 2014-06-15 18:40 - 01333465 _____ () C:\Users\w&sgreen\Desktop\AdwCleaner.exe
2014-06-15 18:26 - 2012-10-13 09:35 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-06-15 18:24 - 2014-05-31 18:24 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-06-15 18:21 - 2014-06-15 18:21 - 00000000 ____D () C:\windows\ERUNT
2014-06-15 18:20 - 2014-06-15 18:20 - 01016261 _____ (Thisisu) C:\Users\w&sgreen\Desktop\JRT.exe
2014-06-15 18:15 - 2012-01-30 19:53 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-13 15:11 - 2014-05-11 12:09 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\Battle.net
2014-06-12 23:57 - 2013-11-23 13:03 - 00229376 ___SH () C:\Users\w&sgreen\Desktop\Thumbs.db
2014-06-12 23:57 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-12 23:57 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-12 23:54 - 2014-06-12 21:54 - 00000000 ____D () C:\Users\w&sgreen\Desktop\hjt
2014-06-12 23:50 - 2014-06-12 22:53 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 23:48 - 2014-06-12 23:48 - 00000000 _____ () C:\windows\setuperr.log
2014-06-12 23:47 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\tracing
2014-06-12 23:46 - 2014-06-12 23:46 - 00001070 _____ () C:\Users\w&sgreen\Desktop\malwarebytes.txt
2014-06-12 22:52 - 2014-06-12 22:52 - 00001073 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 22:52 - 2014-06-12 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-12 22:52 - 2014-06-12 22:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-12 22:52 - 2014-06-12 22:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-12 22:27 - 2014-06-12 22:20 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\w&sgreen\Downloads\mbam-setup-2.0.2.1012.exe
2014-06-12 21:54 - 2012-04-19 20:07 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\VirtualStore
2014-06-12 21:51 - 2014-06-12 21:51 - 00251392 _____ () C:\Users\w&sgreen\Downloads\hijackthis_sfx.exe
2014-06-12 21:42 - 2012-08-16 20:40 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\uTorrent
2014-06-12 21:41 - 2012-05-13 13:30 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\CrashDumps
2014-06-12 21:39 - 2014-06-12 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-06-12 21:39 - 2013-11-23 13:00 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-06-12 21:39 - 2013-11-23 13:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-06-12 19:24 - 2014-06-12 19:24 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\AMD
2014-06-12 19:23 - 2014-06-12 19:23 - 00000000 ____D () C:\ProgramData\ATI
2014-06-12 19:22 - 2014-06-12 19:22 - 00000000 ____D () C:\Users\w&sgreen\Documents\Diablo III
2014-06-12 19:14 - 2013-04-24 16:42 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\PMB Files
2014-06-12 19:10 - 2014-06-12 19:10 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2014-06-12 19:09 - 2014-06-12 19:09 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\library_dir
2014-06-12 19:09 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files (x86)\Raptr
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-06-12 19:06 - 2014-06-12 19:06 - 00000000 ____D () C:\Program Files (x86)\AMD
2014-06-12 19:06 - 2014-06-12 19:03 - 00000000 ____D () C:\ProgramData\AMD
2014-06-12 19:06 - 2014-06-12 18:59 - 00000000 ____D () C:\Program Files\AMD
2014-06-12 19:06 - 2012-01-30 19:00 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-06-12 19:05 - 2014-06-12 19:05 - 00061432 _____ () C:\windows\SysWOW64\CCCInstall_201406121905254442.log
2014-06-12 19:04 - 2014-06-12 19:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-06-12 19:04 - 2014-06-12 18:56 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-06-12 19:01 - 2014-06-12 19:01 - 00000000 ____D () C:\windows\pss
2014-06-12 19:01 - 2012-04-19 20:07 - 00000000 ___RD () C:\Users\w&sgreen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-06-12 18:56 - 2013-05-31 22:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-12 18:53 - 2014-06-12 18:53 - 00000000 ____D () C:\AMD
2014-06-12 17:58 - 2013-02-01 17:54 - 00000000 ____D () C:\Program Files (x86)\StarCraft II
2014-06-12 09:35 - 2014-06-12 09:35 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-06-12 09:35 - 2014-06-12 09:35 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-06-12 09:34 - 2014-06-12 09:34 - 00001859 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-06-12 09:34 - 2014-06-12 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-12 09:34 - 2013-05-31 22:36 - 00000000 ____D () C:\ProgramData\Garmin
2014-06-12 09:34 - 2013-05-31 22:36 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-06-12 09:33 - 2014-05-16 18:42 - 00003556 _____ () C:\windows\System32\Tasks\GarminUpdaterTask
2014-06-12 09:24 - 2014-05-06 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-06-11 13:59 - 2012-11-23 11:44 - 00003978 _____ () C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan
2014-06-10 21:35 - 2014-06-10 16:57 - 00034816 _____ () C:\Users\w&sgreen\AppData\Roaming\RZR_0020d16947fa8bfa1d9923ba16f0.db
2014-06-10 18:02 - 2014-05-11 12:09 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-06-10 17:05 - 2014-05-11 12:11 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-06-10 16:49 - 2014-06-10 16:49 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\Razer
2014-06-10 16:46 - 2014-06-10 16:46 - 00001169 _____ () C:\Users\Public\Desktop\Razer Comms.lnk
2014-06-10 16:46 - 2014-06-10 16:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2014-06-10 16:46 - 2014-06-10 16:45 - 00000000 ____D () C:\ProgramData\Razer
2014-06-10 16:46 - 2014-06-10 16:45 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-06-08 04:13 - 2014-06-11 18:20 - 00506368 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-06-08 04:08 - 2014-06-11 18:20 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-06-07 14:41 - 2013-05-23 12:10 - 00000000 ____D () C:\Program Files\PeerBlock
2014-06-07 14:24 - 2009-07-14 00:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2014-06-02 21:42 - 2014-06-02 21:41 - 00000000 ____D () C:\Program Files (x86)\Sony Media Go Install
2014-05-31 18:24 - 2014-05-31 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
2014-05-30 05:21 - 2014-06-11 18:21 - 23414784 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-30 05:02 - 2014-06-11 18:22 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-30 05:02 - 2014-06-11 18:22 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-05-30 04:45 - 2014-06-11 18:22 - 02768384 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-05-30 04:39 - 2014-06-11 18:22 - 00548352 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-05-30 04:39 - 2014-06-11 18:22 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-05-30 04:38 - 2014-06-11 18:22 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-05-30 04:28 - 2014-06-11 18:22 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-05-30 04:27 - 2014-06-11 18:22 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-05-30 04:24 - 2014-06-11 18:22 - 00574976 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-05-30 04:21 - 2014-06-11 18:22 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-05-30 04:21 - 2014-06-11 18:22 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-05-30 04:20 - 2014-06-11 18:22 - 00752640 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-05-30 04:18 - 2014-06-11 18:22 - 17271296 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-30 04:11 - 2014-06-11 18:21 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-05-30 04:08 - 2014-06-11 18:22 - 05782528 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-05-30 04:06 - 2014-06-11 18:22 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-05-30 04:02 - 2014-06-11 18:22 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-30 03:55 - 2014-06-11 18:22 - 00038400 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 03:49 - 2014-06-11 18:21 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-05-30 03:46 - 2014-06-11 18:22 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-30 03:44 - 2014-06-11 18:22 - 00455168 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-05-30 03:44 - 2014-06-11 18:22 - 00295424 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-05-30 03:43 - 2014-06-11 18:22 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-05-30 03:42 - 2014-06-11 18:22 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-05-30 03:38 - 2014-06-11 18:22 - 02179072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-05-30 03:35 - 2014-06-11 18:22 - 00608768 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-05-30 03:34 - 2014-06-11 18:22 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-05-30 03:33 - 2014-06-11 18:22 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-05-30 03:30 - 2014-06-11 18:22 - 00440832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-05-30 03:29 - 2014-06-11 18:22 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-05-30 03:28 - 2014-06-11 18:22 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-05-30 03:27 - 2014-06-11 18:22 - 00592896 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-05-30 03:24 - 2014-06-11 18:22 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-05-30 03:23 - 2014-06-11 18:22 - 02040832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-05-30 03:16 - 2014-06-11 18:22 - 00368128 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-05-30 03:10 - 2014-06-11 18:22 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 03:06 - 2014-06-11 18:22 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-05-30 03:04 - 2014-06-11 18:22 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-30 03:02 - 2014-06-11 18:22 - 00242688 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-05-30 02:56 - 2014-06-11 18:22 - 04244992 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-05-30 02:56 - 2014-06-11 18:21 - 02266112 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-05-30 02:54 - 2014-06-11 18:22 - 00526336 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-05-30 02:50 - 2014-06-11 18:22 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-05-30 02:49 - 2014-06-11 18:22 - 01964544 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-05-30 02:43 - 2014-06-11 18:22 - 13522944 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-05-30 02:40 - 2014-06-11 18:22 - 11725312 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-05-30 02:30 - 2014-06-11 18:22 - 01398272 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-05-30 02:21 - 2014-06-11 18:22 - 01790976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-05-30 02:15 - 2014-06-11 18:22 - 01143296 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-05-30 02:13 - 2014-06-11 18:22 - 00704512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-05-30 02:13 - 2014-06-11 18:21 - 00846336 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-05-28 19:04 - 2014-06-10 16:45 - 00037184 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpmgrk.sys
2014-05-28 16:13 - 2014-06-10 16:46 - 00129856 _____ (Razer, Inc.) C:\windows\system32\Drivers\rzpnk.sys
2014-05-27 16:03 - 2013-09-29 14:05 - 00001997 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-05-27 16:03 - 2013-09-29 14:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2014-05-27 16:02 - 2011-11-23 21:55 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-05-24 21:39 - 2014-05-24 21:39 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-05-24 21:39 - 2014-05-24 00:01 - 00003234 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-05-24 21:39 - 2014-05-24 00:01 - 00002472 _____ () C:\Users\Public\Desktop\Norton Internet Security.lnk
2014-05-24 21:39 - 2014-05-23 23:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2014-05-24 21:39 - 2014-05-23 23:54 - 00000000 ____D () C:\windows\system32\Drivers\NISx64
2014-05-24 00:05 - 2012-05-21 16:33 - 00000000 ____D () C:\Users\w&sgreen\Documents\Symantec
2014-05-24 00:01 - 2014-05-24 00:01 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-05-24 00:01 - 2014-05-24 00:01 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-05-24 00:01 - 2014-05-24 00:01 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-05-23 23:54 - 2014-05-23 23:54 - 00000000 ____D () C:\Program Files (x86)\Norton Internet Security
2014-05-23 23:54 - 2012-01-30 19:30 - 00000000 ____D () C:\ProgramData\Norton
2014-05-23 17:19 - 2014-05-23 17:09 - 00000000 ____D () C:\Users\w&sgreen\Desktop\Norton Internet Security 2014 - 1 User - 3 Licenses (Download)
2014-05-23 17:09 - 2014-05-23 17:08 - 01054064 _____ (Amazon Services LLC) C:\Users\w&sgreen\Downloads\Norton_Internet_Security_2014_1_User_3_Licenses_Downloader.exe
2014-05-16 23:49 - 2014-04-24 09:27 - 00000000 ____D () C:\Users\w&sgreen\AppData\Local\NPE
2014-05-16 18:43 - 2013-05-31 22:51 - 00000000 ____D () C:\Users\w&sgreen\AppData\Roaming\Garmin
2014-05-16 18:43 - 2012-06-12 16:56 - 00000000 ____D () C:\Program Files\DIFX
 
Some content of TEMP:
====================
C:\Users\w&sgreen\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\w&sgreen\AppData\Local\Temp\Quarantine.exe
C:\Users\w&sgreen\AppData\Local\Temp\raptrpatch.exe
C:\Users\w&sgreen\AppData\Local\Temp\raptr_stub.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-06-09 19:02
 
==================== End Of Log ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by w&sgreen at 2014-06-15 18:51:12
Running from C:\Users\w&sgreen\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
µTorrent (HKLM-x32\...\uTorrent) (Version: 1.8.5 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKCU\...\23ab716f18849b6f) (Version: 2.1.2013.1340 - Amazon)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61110.2305 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.07.0000 - AMD) Hidden
AMD USB 3.0 Device Detector (Version: 2.1.29.0 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Atheros Bluetooth Filter Driver Package (HKLM\...\{65486209-5C54-439C-8383-8AC9BBE25932}) (Version: 1.00.007 - Atheros Communications)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)
calibre (HKLM-x32\...\{17787BE3-4E5B-4D50-89BD-77E0C23B5C78}) (Version: 0.9.15 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.7) (Version: 5.0.0.7 - Coupons.com Incorporated)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0315 - DT Soft Ltd)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.59.2 - JMicron Technology Corp.)
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.3.0.12 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.4.49.0 - Symantec Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.9 - Pando Networks Inc.)
PeerBlock 1.0+ (r484) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.0.0.484 - PeerBlock, LLC)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Razer Comms (HKLM-x32\...\Razer Comms) (Version: 2.0 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6316 - Realtek Semiconductor Corp.)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Sony Ericsson Update Engine (HKLM-x32\...\Update Engine) (Version: 2.13.11.201309191111 - Sony Ericsson Communications AB)
Sony PC Companion 2.10.206 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.206 - Sony)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer)
The Weather Channel App (HKLM-x32\...\The Weather Channel App) (Version:  - )
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.5 - TOSHIBA CORPORATION)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.3C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.3C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
Tuner Internet Update Application (HKLM-x32\...\{AE18D5D6-8BEC-4E77-AE7E-A538180D43A6}) (Version: 6.2.0 - Tuner Updates)
Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.43 - Creative Island Media, LLC) <==== ATTENTION
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\2DC0AA065FA83047D7ECD51C7000C1620D79A4C5) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - FTDI CDM Driver Package (02/17/2009 2.04.16) (HKLM\...\51A4D522DD31538335EF5736F0E7F588C70BCB12) (Version: 02/17/2009 2.04.16 - FTDI)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
12-06-2014 23:56:23 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
 
==================== Hosts content: ==========================
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {014F7106-8F7B-4BF3-92AD-A27F2E267EC2} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-06-09] ()
Task: {081F7744-BA22-4864-B0FB-97BFC657C247} - System32\Tasks\GoogleUpdateTaskMachineCore1cf495274151316 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30] (Google Inc.)
Task: {238001BA-89B9-4F47-8CD8-5D10F3F700E5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {28118425-C4E8-4D4E-9347-30198F8F0E37} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {29529254-36CD-4951-B43C-15E328D60C5A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30] (Google Inc.)
Task: {3F084C3C-A5EF-4242-96A3-2179D6E2012C} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {4C06247F-BB2A-4525-B74E-78913AD18E4D} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-08-24] (Symantec Corporation)
Task: {54BA6AD9-1D9A-46E4-9759-08FF28B77117} - System32\Tasks\TubeSaver-1-chromeinstaller => C:\Program Files (x86)\TubeSaver-1\TubeSaver-1-chromeinstaller.exe
Task: {5D62254E-BF2F-49CF-A232-244A084AEB6B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\WSCStub.exe [2014-05-10] (Symantec Corporation)
Task: {8565B701-684C-451A-8F0F-B70148A31BC6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-01-30] (Google Inc.)
Task: {AB956C9E-F3B4-44BB-89F0-B8E54AFFBEC1} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Task: {DB6FD01A-C661-44EE-90AB-9C4D77A03CB4} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {DF2916B4-9BED-4FB4-B1CC-B1E74A8981E4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore1cf495274151316.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-17 22:29 - 2014-04-17 22:29 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-04-17 22:29 - 2014-04-17 22:29 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-05-28 19:04 - 2014-05-28 19:05 - 00175296 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2010-11-22 17:56 - 2010-11-22 17:56 - 00087040 _____ () C:\Program Files (x86)\Raptr\_ctypes.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00043008 _____ () C:\Program Files (x86)\Raptr\_socket.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00805376 _____ () C:\Program Files (x86)\Raptr\_ssl.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 05812736 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtGui.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00067584 _____ () C:\Program Files (x86)\Raptr\sip.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 01662464 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtCore.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00494592 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtNetwork.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00096256 _____ () C:\Program Files (x86)\Raptr\win32api.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00110592 _____ () C:\Program Files (x86)\Raptr\pywintypes26.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00324608 _____ () C:\Program Files (x86)\Raptr\PIL._imaging.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00356864 _____ () C:\Program Files (x86)\Raptr\_hashlib.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00036352 _____ () C:\Program Files (x86)\Raptr\win32process.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00111104 _____ () C:\Program Files (x86)\Raptr\win32file.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00124928 _____ () C:\Program Files (x86)\Raptr\_elementtree.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00127488 _____ () C:\Program Files (x86)\Raptr\pyexpat.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00031744 _____ () C:\Program Files (x86)\Raptr\Crypto.Cipher.AES.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00010752 _____ () C:\Program Files (x86)\Raptr\Crypto.Random.OSRNG.winrandom.pyd
2012-02-06 15:28 - 2012-02-06 15:28 - 00011264 _____ () C:\Program Files (x86)\Raptr\Crypto.Util._counter.pyd
2011-05-10 14:01 - 2011-05-10 14:01 - 00030208 _____ () C:\Program Files (x86)\Raptr\simplejson._speedups.pyd
2014-05-13 18:26 - 2014-05-13 18:26 - 00313856 _____ () C:\Program Files (x86)\Raptr\PyQt4.QtWebKit.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00044544 _____ () C:\Program Files (x86)\Raptr\_sqlite3.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 00417501 _____ () C:\Program Files (x86)\Raptr\sqlite3.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00354304 _____ () C:\Program Files (x86)\Raptr\pythoncom26.dll
2010-11-22 17:57 - 2010-11-22 17:57 - 00016384 _____ () C:\Program Files (x86)\Raptr\win32trace.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00167936 _____ () C:\Program Files (x86)\Raptr\win32gui.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00009216 _____ () C:\Program Files (x86)\Raptr\winsound.pyd
2010-11-22 17:56 - 2010-11-22 17:56 - 00010240 _____ () C:\Program Files (x86)\Raptr\select.pyd
2013-11-20 19:05 - 2013-11-20 19:05 - 00256000 _____ () C:\Program Files (x86)\Raptr\amd_ags.dll
2010-11-22 17:56 - 2010-11-22 17:56 - 00583680 _____ () C:\Program Files (x86)\Raptr\unicodedata.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00263168 _____ () C:\Program Files (x86)\Raptr\win32com.shell.shell.pyd
2010-11-22 17:57 - 2010-11-22 17:57 - 00141312 _____ () C:\Program Files (x86)\Raptr\gobject._gobject.pyd
2012-10-27 02:53 - 2012-10-27 02:53 - 02717595 _____ () C:\Program Files (x86)\Raptr\heliotrope._purple.pyd
2011-02-15 13:17 - 2011-02-15 13:17 - 01213633 _____ () C:\Program Files (x86)\Raptr\libxml2-2.dll
2010-11-22 18:06 - 2010-11-22 18:06 - 00055808 _____ () C:\Program Files (x86)\Raptr\zlib1.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00495680 _____ () C:\Program Files (x86)\Raptr\plugins\libaim.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 01183699 _____ () C:\Program Files (x86)\Raptr\liboscar.dll
2013-05-09 18:52 - 2013-05-09 18:52 - 00483306 _____ () C:\Program Files (x86)\Raptr\plugins\libicq.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00655356 _____ () C:\Program Files (x86)\Raptr\plugins\libirc.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 01306387 _____ () C:\Program Files (x86)\Raptr\plugins\libmsn.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00565461 _____ () C:\Program Files (x86)\Raptr\plugins\libxmpp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01640221 _____ () C:\Program Files (x86)\Raptr\libjabber.dll
2013-05-03 13:56 - 2013-05-03 13:56 - 00506276 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoo.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 01053730 _____ () C:\Program Files (x86)\Raptr\libymsg.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00497782 _____ () C:\Program Files (x86)\Raptr\plugins\libyahoojp.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00603326 _____ () C:\Program Files (x86)\Raptr\plugins\ssl-nss.dll
2013-05-03 13:57 - 2013-05-03 13:57 - 00474199 _____ () C:\Program Files (x86)\Raptr\plugins\ssl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== EXE Association (whitelisted) =============
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
MSCONFIG\startupfolder: C:^Users^w&sgreen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Amazon Cloud Drive.lnk => C:\windows\pss\Amazon Cloud Drive.lnk.Startup
MSCONFIG\startupfolder: C:^Users^w&sgreen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe => C:\windows\pss\PowerReg Scheduler V3.exe.Startup
MSCONFIG\startupfolder: C:^Users^w&sgreen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Updater.lnk => C:\windows\pss\Updater.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: DW7 => "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
MSCONFIG\startupreg: GarminExpressTrayApp => "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_FF5D277A154C118D5793CB431AC46630 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: HWSetup => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KeNotify => "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PeerBlock => C:\Program Files\PeerBlock\peerblock.exe
MSCONFIG\startupreg: RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: SPMTray => "C:\Program Files (x86)\PC Speed Maximizer\SPMTray.exe"
MSCONFIG\startupreg: SVPWUTIL => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TBHostSupport => "C:\windows\SysWOW64\Rundll32.exe" "C:\Users\w&sgreen\AppData\Local\TBHostSupport\TBHostSupport.dll",DLLRunTBHostSupportPlugin
MSCONFIG\startupreg: TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Teco => "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r
MSCONFIG\startupreg: ThpSrv => C:\windows\system32\thpsrv /logon
MSCONFIG\startupreg: Tiny download manager => "C:\Users\w&sgreen\AppData\Local\DM\TinyDM.exe" /M
MSCONFIG\startupreg: ToshibaServiceStation => "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
MSCONFIG\startupreg: TosNC => %ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe
MSCONFIG\startupreg: TosReelTimeMonitor => %ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
MSCONFIG\startupreg: TosSENotify => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
MSCONFIG\startupreg: TosVolRegulator => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
MSCONFIG\startupreg: TPwrMain => %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
MSCONFIG\startupreg: TSleepSrv => %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: 
Manufacturer: 
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/15/2014 06:46:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 11:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 11:03:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 09:34:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 07:18:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 06:17:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/12/2014 02:30:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/12/2014 11:31:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CouponPrinterService.exe, version: 6.0.1.0, time stamp: 0x52fd5bb4
Faulting module name: ole32.DLL, version: 6.1.7601.17514, time stamp: 0x4ce7c92c
Exception code: 0xc0000005
Fault offset: 0x000000000000d89e
Faulting process id: 0x600
Faulting application start time: 0xCouponPrinterService.exe0
Faulting application path: CouponPrinterService.exe1
Faulting module path: CouponPrinterService.exe2
Report Id: CouponPrinterService.exe3
 
Error: (06/11/2014 01:53:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (06/10/2014 09:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
System errors:
=============
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068
 
Error: (06/12/2014 11:02:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netman{BA126AD1-2166-11D1-B1D0-00805FC1270E}
 
Error: (06/12/2014 11:02:11 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1068netprofm{A47979D2-C419-11D9-A5B4-001185AD2B89}
 
 
Microsoft Office Sessions:
=========================
Error: (06/15/2014 06:46:17 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 11:49:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 11:03:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 09:34:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 07:18:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (06/12/2014 06:17:27 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (06/12/2014 02:30:45 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (06/12/2014 11:31:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CouponPrinterService.exe6.0.1.052fd5bb4ole32.DLL6.1.7601.175144ce7c92cc0000005000000000000d89e60001cf851d0e693971C:\Program Files (x86)\Coupons\CouponPrinterService.exeC:\windows\system32\ole32.DLL0bb5e536-f24f-11e3-8d25-dc0ea14104a5
 
Error: (06/11/2014 01:53:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe
 
Error: (06/10/2014 09:31:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 34%
Total physical RAM: 5608.67 MB
Available physical RAM: 3697.82 MB
Total Pagefile: 11215.52 MB
Available Pagefile: 9323.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI106338W0C) (Fixed) (Total:682.64 GB) (Free:576.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 699 GB) (Disk ID: 7E17517C)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=683 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=17)
 
==================== End Of Log ============================
 


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 16 June 2014 - 12:36 AM

Hi elvy

Unfortunately i am just off to work.
I will reply with a fix when i return.

Thanks

BBPP6nz.png


#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 16 June 2014 - 11:43 AM

Hi elvy


You do have a lot of entries that have been stopped, using MsConfig.
This is bad practice.
MsConfig is for diagnostic purposes..... not for stopping programs permanently.
It always best to use a programs options for stopping them running.
Or just uninstall them.


P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, U Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait.

frstfix_zps7db0c905.png

The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply.




Step 2
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
    .
    Java 6 Update 25
    .
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
In your next reply, please submit:
Fixlog.txt
and let me know of any problems updating Java.


Thanks.

Attached Files


BBPP6nz.png


#6 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 16 June 2014 - 03:40 PM

Fixlog attached. No problems re-installing java.
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by w&sgreen at 2014-06-16 15:26:50 Run:1
Running from C:\Users\w&sgreen\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [NPSStartup] => [X]
HKU\S-1-5-21-2069283545-496111956-1863028072-1000\...\MountPoints2: {7ad6529f-1af6-11e3-9a7a-dc0ea14104a5} - F:\Startme.exe
HKU\S-1-5-21-2069283545-496111956-1863028072-1000\...\MountPoints2: {bdb1efe0-e0e6-11e1-b342-dc0ea14104a5} - E:\SETUP.EXE
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://search.coupons.com/
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {BC784D6B-A231-4269-9216-CB1F0FB74551} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=10755
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)
2014-05-31 18:24 - 2014-06-15 18:24 - 00000000 ____D () C:\Program Files (x86)\Coupons
2014-05-31 18:24 - 2014-05-31 18:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons
C:\Users\w&sgreen\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe
C:\Users\w&sgreen\AppData\Local\Temp\Quarantine.exe
C:\Users\w&sgreen\AppData\Local\Temp\raptrpatch.exe
C:\Users\w&sgreen\AppData\Local\Temp\raptr_stub.exe
Task: {3F084C3C-A5EF-4242-96A3-2179D6E2012C} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {AB956C9E-F3B4-44BB-89F0-B8E54AFFBEC1} - \BackgroundContainer Startup Task No Task File <==== ATTENTION
Hosts:
Reboot:
 
*****************
 
[1672] C:\Program Files (x86)\Coupons\CouponPrinterService.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\NPSStartup => value deleted successfully.
'HKU\S-1-5-21-2069283545-496111956-1863028072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad6529f-1af6-11e3-9a7a-dc0ea14104a5}' => Key deleted successfully.
'HKCR\CLSID\{7ad6529f-1af6-11e3-9a7a-dc0ea14104a5}'=> Key not found.
'HKU\S-1-5-21-2069283545-496111956-1863028072-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bdb1efe0-e0e6-11e1-b342-dc0ea14104a5}' => Key deleted successfully.
'HKCR\CLSID\{bdb1efe0-e0e6-11e1-b342-dc0ea14104a5}'=> Key not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}' => Key deleted successfully.
'HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}'=> Key not found.
'HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F080893A-C8DA-4CFD-B3F1-2A81E5EA04E1}' => Key deleted successfully.
'HKCR\CLSID\{F080893A-C8DA-4CFD-B3F1-2A81E5EA04E1}'=> Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}'=> Key not found.
'HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{F080893A-C8DA-4CFD-B3F1-2A81E5EA04E1}' => Key deleted successfully.
'HKCR\Wow6432Node\CLSID\{F080893A-C8DA-4CFD-B3F1-2A81E5EA04E1}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0D0972D7-9A67-4017-A271-F077C722571D}' => Key deleted successfully.
'HKCR\CLSID\{0D0972D7-9A67-4017-A271-F077C722571D}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{17534191-3EA5-4D91-8CE9-94043CC2EED5}' => Key deleted successfully.
'HKCR\CLSID\{17534191-3EA5-4D91-8CE9-94043CC2EED5}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5CA86F5E-4784-4CA1-8C88-24992F0BBF3E}' => Key deleted successfully.
'HKCR\CLSID\{5CA86F5E-4784-4CA1-8C88-24992F0BBF3E}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BC784D6B-A231-4269-9216-CB1F0FB74551}' => Key deleted successfully.
'HKCR\CLSID\{BC784D6B-A231-4269-9216-CB1F0FB74551}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ef80d754-fb77-4a7f-be75-489beebb20c9}' => Key deleted successfully.
'HKCR\CLSID\{ef80d754-fb77-4a7f-be75-489beebb20c9}'=> Key not found.
'HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F080893A-C8DA-4CFD-B3F1-2A81E5EA04E1}' => Key deleted successfully.
'HKCR\CLSID\{F080893A-C8DA-4CFD-B3F1-2A81E5EA04E1}'=> Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
'HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}'=> Key not found.
'HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin' => Key deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll => Moved successfully.
CouponPrinterService => Service stopped successfully.
CouponPrinterService => Service deleted successfully.
C:\Program Files (x86)\Coupons => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons => Moved successfully.
C:\Users\w&sgreen\AppData\Local\Temp\14-4-mobility-win7-win8-win8.1-64-dd-ccc-whql.exe => Moved successfully.
C:\Users\w&sgreen\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\w&sgreen\AppData\Local\Temp\raptrpatch.exe => Moved successfully.
C:\Users\w&sgreen\AppData\Local\Temp\raptr_stub.exe => Moved successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F084C3C-A5EF-4242-96A3-2179D6E2012C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F084C3C-A5EF-4242-96A3-2179D6E2012C}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB956C9E-F3B4-44BB-89F0-B8E54AFFBEC1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB956C9E-F3B4-44BB-89F0-B8E54AFFBEC1}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BackgroundContainer Startup Task' => Key deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Edited by elvy, 16 June 2014 - 03:41 PM.


#7 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 16 June 2014 - 06:34 PM

Hi elvy


Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please copy and paste the contents of that document in your next reply.

    Also let me know how your system is running and whether there are any issues.

    Thanks

BBPP6nz.png


#8 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 17 June 2014 - 12:58 PM

I ran the program but the log file was empty afterwards.



#9 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 17 June 2014 - 02:04 PM

Hi elvy

I ran the program but the log file was empty afterwards.

That's odd.
2 programs now have failed to produce logs. (JRT and Security Check)
I think we should look a little deeper just incase there's something on the system that is trying to hide from us.

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Vista/Windows 7 users right-click and select Run As Administrator. on Combo-Fix.exe
  • Please follow any prompts
  • Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    Thanks

BBPP6nz.png


#10 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 17 June 2014 - 08:37 PM

ComboFix 14-06-16.01 - w&sgreen 06/17/2014  20:12:35.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5609.3843 [GMT -5:00]
Running from: c:\users\w&sgreen\Desktop\Combo-Fix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-05-18 to 2014-06-18  )))))))))))))))))))))))))))))))
.
.
2014-06-16 20:39 . 2014-06-16 20:39 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-06-16 20:39 . 2014-06-16 20:38 313256 ----a-w- c:\windows\system32\javaws.exe
2014-06-16 20:39 . 2014-06-16 20:38 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2014-06-16 20:39 . 2014-06-16 20:38 191400 ----a-w- c:\windows\system32\javaw.exe
2014-06-16 20:39 . 2014-06-16 20:38 190888 ----a-w- c:\windows\system32\java.exe
2014-06-16 20:38 . 2014-06-16 20:38 -------- d-----w- c:\program files\Java
2014-06-15 23:49 . 2014-06-16 20:27 -------- d-----w- C:\FRST
2014-06-15 23:42 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-06-15 23:41 . 2014-06-15 23:43 -------- d-----w- C:\AdwCleaner
2014-06-15 23:21 . 2014-06-15 23:21 -------- d-----w- c:\windows\ERUNT
2014-06-13 03:53 . 2014-06-13 04:50 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-13 03:52 . 2014-06-13 03:52 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-06-13 03:52 . 2014-06-13 03:52 -------- d-----w- c:\programdata\Malwarebytes
2014-06-13 03:52 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-13 03:52 . 2014-05-12 12:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-13 03:52 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-13 00:24 . 2014-06-13 00:24 -------- d-----w- c:\users\w&sgreen\AppData\Local\AMD
2014-06-13 00:23 . 2014-06-13 00:23 -------- d-----w- c:\programdata\ATI
2014-06-13 00:09 . 2014-06-13 00:09 -------- d-----w- c:\users\w&sgreen\AppData\Roaming\library_dir
2014-06-13 00:06 . 2014-06-18 01:23 -------- d-----w- c:\users\w&sgreen\AppData\Roaming\Raptr
2014-06-13 00:06 . 2014-06-16 16:29 -------- d-----w- c:\program files (x86)\Raptr
2014-06-13 00:06 . 2014-06-13 00:06 -------- d-----w- c:\program files (x86)\AMD AVT
2014-06-13 00:06 . 2014-06-13 00:06 -------- d-----w- c:\program files (x86)\AMD
2014-06-13 00:03 . 2014-06-13 00:06 -------- d-----w- c:\programdata\AMD
2014-06-12 23:59 . 2014-06-13 00:06 -------- d-----w- c:\program files\AMD
2014-06-12 23:56 . 2014-06-13 00:04 -------- d-----w- c:\program files\ATI Technologies
2014-06-12 23:53 . 2014-06-12 23:53 -------- d-----w- C:\AMD
2014-06-12 14:35 . 2014-06-12 14:35 -------- d-----w- c:\users\Default\AppData\Roaming\Garmin
2014-06-11 23:21 . 2014-06-02 06:03 293080 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2014-06-11 23:21 . 2014-05-30 10:22 871936 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2014-06-11 23:21 . 2014-05-30 08:49 195584 ----a-w- c:\windows\system32\msrating.dll
2014-06-11 23:21 . 2014-05-30 07:56 2266112 ----a-w- c:\windows\system32\wininet.dll
2014-06-11 23:21 . 2014-05-30 07:20 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-06-11 23:21 . 2014-05-30 07:13 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-06-11 23:21 . 2014-05-30 10:21 23414784 ----a-w- c:\windows\system32\mshtml.dll
2014-06-11 23:21 . 2014-05-30 09:11 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-06-11 23:21 . 2014-05-30 08:46 977408 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-06-11 23:20 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 23:20 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-10 21:49 . 2014-06-10 21:49 -------- d-----w- c:\users\w&sgreen\AppData\Local\Razer
2014-06-10 21:46 . 2014-05-28 21:13 129856 ----a-w- c:\windows\system32\drivers\rzpnk.sys
2014-06-10 21:45 . 2014-05-29 00:04 37184 ----a-w- c:\windows\system32\drivers\rzpmgrk.sys
2014-06-10 21:45 . 2014-06-10 21:46 -------- d-----w- c:\programdata\Razer
2014-06-10 21:45 . 2014-06-10 21:46 -------- d-----w- c:\program files (x86)\Razer
2014-06-03 02:41 . 2014-06-03 02:42 -------- d-----w- c:\program files (x86)\Sony Media Go Install
2014-05-24 05:01 . 2014-05-24 05:01 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-05-24 05:01 . 2014-05-24 05:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-05-24 04:54 . 2014-05-25 02:39 -------- d-----w- c:\windows\system32\drivers\NISx64
2014-05-24 04:54 . 2014-05-24 04:54 -------- d-----w- c:\program files (x86)\Norton Internet Security
2014-05-23 09:34 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32DD250D-C13E-45C9-B958-2F0B83D64DE8}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-14 17:32 . 2012-10-13 14:35 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-14 17:32 . 2011-11-24 02:56 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-18 03:33 . 2014-04-18 03:33 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-04-18 03:28 . 2014-04-18 03:28 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-04-18 02:43 . 2014-04-18 02:43 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-04-18 02:43 . 2014-04-18 02:43 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-04-18 02:43 . 2012-01-31 00:00 143304 ----a-w- c:\windows\system32\atiuxp64.dll
2014-04-18 02:42 . 2012-01-31 00:00 126336 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-04-18 02:42 . 2012-01-31 00:00 117584 ----a-w- c:\windows\system32\atiu9p64.dll
2014-04-18 02:42 . 2012-01-31 00:00 99520 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-04-18 02:42 . 2012-01-31 00:00 1343272 ----a-w- c:\windows\system32\aticfx64.dll
2014-04-18 02:42 . 2012-01-31 00:00 1117184 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-04-18 02:42 . 2012-01-31 00:00 10335208 ----a-w- c:\windows\system32\atidxx64.dll
2014-04-18 02:42 . 2014-04-18 02:42 8866928 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-04-18 02:42 . 2012-01-31 00:00 6796592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-04-18 02:42 . 2012-01-31 00:00 6799688 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-04-18 02:42 . 2012-01-31 00:00 7520200 ----a-w- c:\windows\system32\atiumd6a.dll
2014-04-18 02:42 . 2012-01-31 00:00 8010968 ----a-w- c:\windows\system32\atiumd64.dll
2014-04-18 02:36 . 2014-04-18 02:36 15376384 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-04-18 02:23 . 2014-04-18 02:23 231424 ----a-w- c:\windows\system32\clinfo.exe
2014-04-18 02:22 . 2014-04-18 02:22 1187342 ----a-w- c:\windows\system32\amdocl_as64.exe
2014-04-18 02:22 . 2014-04-18 02:22 1061902 ----a-w- c:\windows\system32\amdocl_ld64.exe
2014-04-18 02:22 . 2014-04-18 02:22 995342 ----a-w- c:\windows\SysWow64\amdocl_as32.exe
2014-04-18 02:22 . 2014-04-18 02:22 798734 ----a-w- c:\windows\SysWow64\amdocl_ld32.exe
2014-04-18 02:22 . 2014-04-18 02:22 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-04-18 02:22 . 2014-04-18 02:22 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-04-18 02:22 . 2014-04-18 02:22 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-04-18 02:22 . 2014-04-18 02:22 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-04-18 02:22 . 2014-04-18 02:22 28685824 ----a-w- c:\windows\system32\amdocl64.dll
2014-04-18 02:19 . 2014-04-18 02:19 24107520 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-04-18 02:17 . 2014-04-18 02:17 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-04-18 02:17 . 2014-04-18 02:17 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-04-18 02:13 . 2014-04-18 02:13 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-04-18 02:13 . 2014-04-18 02:13 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-04-18 02:12 . 2014-04-18 02:12 27907584 ----a-w- c:\windows\system32\atio6axx.dll
2014-04-18 02:12 . 2014-04-18 02:12 5442048 ----a-w- c:\windows\system32\amdmantle64.dll
2014-04-18 01:58 . 2014-04-18 01:58 4358656 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-04-18 01:51 . 2014-04-18 01:51 23409152 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-04-18 01:46 . 2014-04-18 01:46 368128 ----a-w- c:\windows\system32\atiapfxx.exe
2014-04-18 01:46 . 2014-04-18 01:46 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-04-18 01:46 . 2014-04-18 01:46 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-04-18 01:46 . 2014-04-18 01:46 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-04-18 01:46 . 2014-04-18 01:46 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-04-18 01:46 . 2014-04-18 01:46 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-04-18 01:45 . 2014-04-18 01:45 91136 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-04-18 01:45 . 2014-04-18 01:45 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-04-18 01:42 . 2014-04-18 01:42 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-04-18 01:33 . 2014-04-18 01:33 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-04-18 01:33 . 2014-04-18 01:33 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-04-18 01:30 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-04-18 01:30 . 2014-04-18 01:30 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-04-18 01:29 . 2014-04-18 01:29 586240 ----a-w- c:\windows\system32\atieclxx.exe
2014-04-18 01:29 . 2014-04-18 01:29 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-04-18 01:28 . 2014-04-18 01:28 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-04-18 01:21 . 2014-04-18 01:21 806912 ----a-w- c:\windows\system32\coinst_14.100.dll
2014-04-18 01:09 . 2012-01-31 00:00 1177600 ----a-w- c:\windows\system32\atiadlxx.dll
2014-04-18 01:09 . 2014-04-18 01:09 848896 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-04-18 01:07 . 2014-04-18 01:07 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-04-18 01:07 . 2014-04-18 01:07 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-04-18 01:07 . 2014-04-18 01:07 638976 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-04-18 01:04 . 2014-04-18 01:04 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-04-12 02:22 . 2014-05-14 05:43 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 05:43 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 05:43 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 05:43 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 05:43 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 05:43 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 05:43 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 05:43 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 05:43 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 14:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-25 02:43 . 2014-05-14 05:44 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-05-14 55360]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-18 1967616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-18 767200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-18 224128]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2014-06-09 122200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys;c:\program files\PeerBlock\pbfilter.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys;c:\windows\SYSNATIVE\Drivers\TFsExDisk.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys;c:\windows\SYSNATIVE\DRIVERS\amd_xata.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20140606.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\BASHDefs\20140606.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20140617.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.1.3\Definitions\IPSDefs\20140617.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]
S2 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\amdhub30.sys;c:\windows\SYSNATIVE\DRIVERS\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\amdxhc.sys;c:\windows\SYSNATIVE\DRIVERS\amdxhc.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 14:23 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-13 17:32]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cf495274151316.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 00:53]
.
2014-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 00:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe" [2012-04-11 97280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-Coupon Printer for Windows5.0.0.7 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B} - c:\programdata\Updater\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
.
**************************************************************************
.
Completion time: 2014-06-17  20:35:54 - machine was rebooted
ComboFix-quarantined-files.txt  2014-06-18 01:35
.
Pre-Run: 614,073,671,680 bytes free
Post-Run: 613,739,802,624 bytes free
.
- - End Of File - - 2001131A4008F11846E166F13A5DCE60
5B5E648D12FCADC244C1EC30318E1EB9


#11 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 18 June 2014 - 12:22 PM

Hi elvy

Nothing in the report to suggest anything hidden.
Maybe the problem is down to those programs being stopped by your security program.

Please remove the copy of Security Check by right clicking on the icon and selecting delete.
Now disable Norton Internet Security, then download a fresh copy of Security Check as per the instructions in post #7.
See if you get a report this time.

Thanks

BBPP6nz.png


#12 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 19 June 2014 - 11:47 AM

Still nothing :/



#13 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 19 June 2014 - 05:43 PM

Still nothing :/

Ok elvy

I can check your installed program manually, so big problem.

Adobe Reader X (Version: 10.0.0 - Adobe Systems Incorporated) .... out of date
Version XI (11.0.07) .... Latest version.
Go to http://get.adobe.com/reader/
Untick the optional offer to install McAfee Security Scan Plus.
Then click on Install Now.
Please check all install pages to make sure no third party programs are being offered/installed..... you only need this program.

Adobe Flash Player 13 (Version: 13.0.0.214 - Adobe Systems Incorporated) ... Out of Date
Version 14.0.0.125 ..... Latest version.
Go to http://get.adobe.com/flashplayer/
Untick the optional offer to install McAfee Security Scan Plus.
Then click on Install Now.
Please check all install pages to make sure no third party programs are being offered/installed..... you only need this program.

As only PUP's were found, it does seem that the only issue was Adware.
These are normally added as third party programs to 'free' programs and also to updates like Adobe etc.
Please check all install pages when updating any program or installing 'free' programs.
You may have to UNtick certain lines for the third party programs to not be installed. ( the warnings are not always the same)

Let me know when you have updated the out of date programs above...... then we can start to finish off the cleaning procedure.

Thanks

BBPP6nz.png


#14 elvy

elvy
  • Topic Starter

  • Members
  • 82 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 22 June 2014 - 05:19 PM

When I try to install them I get an error saying: The program can't start because MSVCR110.dll is missing from your computer.

I tried installing microsoft visual c++ 2010 service pack 1 redistributable package but its still giving me the same error.

The file MSVCR110.dll is still in system 32 folder so I don't know why it is giving me the error.



#15 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:05:44 AM

Posted 23 June 2014 - 11:33 AM

Hi elvy

Try this: Visual Studio 2012 Update 4
After you click on the download button make sure that you select the 64bit version.

Edited by Starbuck, 26 July 2014 - 09:06 AM.

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users