Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly viruses or some general infection (totally clueless)


  • This topic is locked This topic is locked
12 replies to this topic

#1 LostJ

LostJ

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 29 July 2014 - 03:52 PM

Okay before you groan at the title, let me explain that the problem is with my little sister's computer. She seems to download everything she runs into and is a stubborn little soul who won't listen to me when I say not to download everything that looks pretty. Now she has pop ups left and right and I feel like the problem goes deeper than some harmless pop ups. She literally.downloads.everything. 

 

I've deleted several unwanted programs from the Control Panel but my expertise (or lack thereof) ends there. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.40.2
Run by Elzire at 13:42:20 on 2014-07-29
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6056.2153 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbarsvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\dwm.exe
C:\windows\system32\taskhostex.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\windows\Explorer.EXE
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\WinStore\WSHost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
C:\Program Files (x86)\TOSHIBA\Toshiba App Place\ToshibaAppPlace.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrchMn.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon64.exe
C:\windows\ImmersiveControlPanel\SystemSettings.exe
C:\windows\system32\LogonUI.exe
C:\windows\system32\consent.exe
C:\windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.51searchengines.com/?opts=no&hp=g1&d=2014-07-28
uLocal Page = about:blank
uWindow Title = Microsoft Internet Explorer
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://toshiba13.msn.com
uProxyOverride = <local>
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
uURLSearchHooks: <No Name>: {5b9e2a0b-c94b-46a5-b53c-5892834c0d3e} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FindRight: {2c774641-5504-46a8-b63f-6715ae3fe376} - LocalServer32 - <no file>
BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\ips\ipsbho.dll
BHO: SaveSense: {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Elzire\AppData\Local\SaveSense\SaveSenseIE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Search Assistant BHO: {76cab667-1cd5-410f-8047-b08ab01a92a2} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll
BHO: Toolbar BHO: {936d1cc6-4508-4607-9638-8c714e9dc809} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coieplg.dll
TB: CursorMania: {2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coieplg.dll
TB: CursorMania: {2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll
uRun: [CloudSystemBooster] "C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe"  /hide /autorun
uRunOnce: [Application Restart #1] C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe /RestartByRestartManager:57851358-A4E4-4e74-9993-DFD1ABEB3D79 /RestartByRestartManager:4F86D436-7D6A-4aaa-9408-BA2A2C3E589E /RestartByRestartManager:2F622D20-5C0D-4639-A293-FCCE004E286D /RestartByRestartManager:140D2DA1-9B31-4c68-9F1F-9325B59EBE45
mRun: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
mRun: [1.TPUReg] "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [ChromeHelper] C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
mRun: [CursorMania EPM Support] "C:\PROGRA~2\CURSOR~2\bar\1.bin\7lmedint.exe" T8EPMSUP.DLL,S
mRun: [CursorMania Search Scope Monitor] "C:\PROGRA~2\CURSOR~2\bar\1.bin\7lsrchmn.exe" /m=2 /w /h
mRun: [CursorMania_7l Browser Plugin Loader] C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbrmon.exe
mRun: [CursorMania_7l Browser Plugin Loader 64] C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbrmon64.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\140707C656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\27F67756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\457413637323745323 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\84F6D65602E4564777F627B6 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-mStart Page = about:blank
x64-mLocal Page = about:blank
x64-mWindow Title = Microsoft Internet Explorer
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coieplg.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coieplg.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [CursorMania Home Page Guard 64 bit] "C:\PROGRA~2\CURSOR~2\bar\1.bin\AppIntegrator64.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-3-22 678384]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NAVx64\1504000.00D\symds64.sys [2014-7-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NAVx64\1504000.00D\symefa64.sys [2014-7-10 1148120]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-9-13 110976]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\Drivers\thpdrv.sys [2013-2-26 48440]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\Drivers\Thpevm.sys [2012-6-25 18304]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-9-13 499096]
R1 {42e50651-9669-456e-9081-d5a836274274}w64;{42e50651-9669-456e-9081-d5a836274274}w64;C:\windows\System32\Drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys [2014-5-23 61112]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-23 1530160]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\010A000.009\ccSetx64.sys [2013-10-24 150104]
R1 ccSet_NAV;NAV Settings Manager;C:\windows\System32\Drivers\NAVx64\1504000.00D\ccsetx64.sys [2014-7-10 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\Drivers\NSTx64\7DE07030.00C\ccsetx64.sys [2014-7-8 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140728.001\IDSviA64.sys [2014-7-28 525016]
R1 qknfd;qknfd;C:\windows\System32\Drivers\qknfd.sys [2014-2-5 58256]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NAVx64\1504000.00D\ironx64.sys [2014-7-10 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NAVx64\1504000.00D\symnets.sys [2014-7-10 593112]
R2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [2014-5-28 42680]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 BrcmSetSecurity;BrcmSetSecurity;C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [2013-6-28 283296]
R2 ChromeHelperUpdt;ChromeHelperUpdt;C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [2014-5-6 284960]
R2 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [2014-5-6 252928]
R2 CursorMania_7lService;CursorManiaService;C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbarsvc.exe [2014-7-16 88648]
R2 DACoreService;Dragon Assistant Core;C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [2013-9-13 432528]
R2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-5-9 16720]
R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [2013-3-27 163168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-9-12 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-12 169432]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [2013-10-24 232424]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe [2014-7-10 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe [2014-7-8 130104]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [2009-9-11 14344]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-1-28 322400]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-4-24 109336]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0403000.00E\ccSetx64.sys [2013-9-13 168608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-13 142128]
R3 ibtusb;Intel® Wireless Bluetooth® 4.0;C:\windows\System32\Drivers\ibtusb.sys [2013-6-24 114120]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2013-6-28 25568]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2013-2-27 119528]
R3 NETwNe64;Intel® Wireless Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew02.sys [2013-10-8 3648480]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-7-24 33008]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-3-19 53864]
R3 usb3Hub;UoIP Hub;C:\windows\System32\Drivers\usb3Hub.sys [2013-6-20 206744]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NAVx64\1504000.00D\symelam.sys [2014-7-10 23568]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\windows\System32\Drivers\CMUSBDAC.sys [2013-10-15 386560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-11-19 1432400]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2013-6-28 35296]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-7-17 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2013-1-28 4230016]
S4 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [2013-3-26 216976]
SUnknown savesenselive;savesenselive; [x]
SUnknown savesenselivem;savesenselivem; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-29 20:00:22 -------- d-----w- C:\Program Files\CCleaner
2014-07-25 03:18:51 -------- d-----w- C:\ProgramData\iWin
2014-07-25 03:17:50 -------- d-----w- C:\Games
2014-07-25 03:17:18 -------- d-----w- C:\ProgramData\PogoDGC
2014-07-25 03:17:13 -------- d-----w- C:\Program Files (x86)\Pogo Games
2014-07-17 05:58:43 -------- d-----w- C:\Program Files (x86)\CursorMania
2014-07-17 05:58:39 39464 ----a-w- C:\windows\SysWow64\p5PSSavr.scr
2014-07-17 05:58:38 -------- d-----w- C:\Program Files (x86)\PopularScreensavers
2014-07-17 05:58:24 -------- d-----w- C:\Users\Elzire\AppData\Local\CursorMania_7l
2014-07-17 05:58:24 -------- d-----w- C:\Program Files (x86)\CursorMania_7l
2014-07-17 05:58:14 -------- d---a-w- C:\Program Files (x86)\CursorMania_7lEI
2014-07-16 03:05:28 -------- d-----w- C:\Users\Elzire\AppData\Local\Unity
2014-07-13 21:45:52 105440 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-13 21:45:51 703968 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 21:42:41 -------- d-s---w- C:\windows\System32\CompatTel
2014-07-10 23:44:00 875736 ----a-w- C:\windows\System32\drivers\NAVx64\1504000.00D\srtsp64.sys
2014-07-10 23:44:00 593112 ----a-w- C:\windows\System32\drivers\NAVx64\1504000.00D\symnets.sys
2014-07-10 23:44:00 493656 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\symds64.sys
2014-07-10 23:44:00 36952 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\srtspx64.sys
2014-07-10 23:44:00 264280 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\ironx64.sys
2014-07-10 23:44:00 23568 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\symelam.sys
2014-07-10 23:44:00 162392 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\ccsetx64.sys
2014-07-10 23:44:00 1148120 ----a-w- C:\windows\System32\drivers\NAVx64\1504000.00D\symefa64.sys
2014-07-10 23:43:45 -------- d-----w- C:\windows\System32\drivers\NAVx64\1504000.00D
2014-07-10 02:17:59 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2014-07-10 02:17:21 596480 ----a-w- C:\windows\System32\qedit.dll
2014-07-10 02:17:21 497152 ----a-w- C:\windows\SysWow64\qedit.dll
2014-07-08 23:10:41 -------- d-----w- C:\Program Files (x86)\Anvisoft
2014-07-08 22:50:09 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-07-08 22:40:13 -------- d-----w- C:\FRST
2014-07-08 17:19:07 162392 ----a-w- C:\windows\System32\drivers\NSTx64\7DE07030.00C\ccsetx64.sys
2014-07-08 17:19:04 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DE07030.00C
2014-07-01 18:49:23 257704 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10243.bin
.
==================== Find3M  ====================
.
2014-06-30 22:42:56 394240 ----a-w- C:\windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\windows\System32\aepic.dll
2014-06-30 22:42:48 702464 ----a-w- C:\windows\System32\aepdu.dll
2014-06-28 03:35:04 556544 ----a-w- C:\windows\System32\aeinv.dll
2014-06-19 02:12:11 2239488 ----a-w- C:\windows\System32\wininet.dll
2014-06-19 02:12:02 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-06-19 02:12:02 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-06-19 02:10:33 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-06-19 02:10:28 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 02:10:28 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-06-19 02:09:55 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-19 00:53:52 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-19 00:53:42 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-06-19 00:52:46 2863616 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-19 00:52:42 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-19 00:52:42 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-06-19 00:52:19 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-19 00:33:44 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 00:30:35 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 22:05:00 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-06-17 23:27:37 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-17 23:24:48 1557504 ----a-w- C:\windows\System32\osk.exe
2014-06-11 23:55:39 35856 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2014-06-11 23:55:39 269592 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2014-06-11 23:53:48 1287168 ----a-w- C:\windows\System32\schedsvc.dll
2014-06-11 23:51:52 215040 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2014-06-11 23:51:50 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2014-06-11 23:51:49 1120768 ----a-w- C:\windows\System32\gpedit.dll
2014-06-11 23:51:48 1075200 ----a-w- C:\windows\SysWow64\gpedit.dll
2014-06-11 23:51:47 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2014-06-11 04:18:14 4038144 ----a-w- C:\windows\System32\win32k.sys
2014-06-02 22:33:45 265216 ----a-w- C:\windows\System32\InkEd.dll
2014-05-29 23:31:26 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-05-29 23:03:04 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-05-29 23:02:28 439808 ----a-w- C:\windows\System32\lsm.dll
2014-05-29 23:02:27 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-05-23 01:19:38 61112 ----a-w- C:\windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys
2014-05-03 06:34:30 6974808 ----a-w- C:\windows\System32\ntoskrnl.exe
2014-05-03 06:33:02 1824808 ----a-w- C:\windows\System32\ntdll.dll
2014-05-03 05:47:22 3246592 ----a-w- C:\windows\System32\rdpcorets.dll
2014-05-03 04:51:57 1408976 ----a-w- C:\windows\SysWow64\ntdll.dll
2014-05-03 03:34:54 235520 ----a-w- C:\windows\System32\rdpudd.dll
2014-05-01 22:37:16 1023488 ----a-w- C:\windows\System32\localspl.dll
.
============= FINISH: 13:42:41.87 ===============

 

 
 
 
Alright, that takes care of that. If there's anything else I should be posting or whatnot, I'll, of course, get to it. Thanks in advance for any tips and/or help!


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:10 PM

Posted 03 August 2014 - 03:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/542668 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 LostJ

LostJ
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 04 August 2014 - 01:03 PM

I do not have the original CD unfortunately. And I really don't want to/can't reformat the system as I need a certain software to stay. CAD to be exact. 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.17028  BrowserJavaVersion: 10.40.2
Run by Elzire at 11:01:54 on 2014-08-04
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.6056.2730 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton AntiVirus *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\IDT\WDM\STacSV64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbarsvc.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\LogonUI.exe
C:\windows\System32\dwm.exe
C:\windows\system32\dwm.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\igfxtray.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegrator64.exe
C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon.exe
C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon64.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\windows\system32\wwahost.exe
C:\Program Files\WindowsApps\microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\wwahost.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\WmiApSrv.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.51searchengines.com/?opts=no&hp=g1&d=2014-07-28
uLocal Page = about:blank
uWindow Title = Microsoft Internet Explorer
uDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = about:blank
mLocal Page = about:blank
mWindow Title = Microsoft Internet Explorer
mDefault_Page_URL = hxxp://toshiba13.msn.com
uProxyOverride = <local>
uURLSearchHooks: {D8278076-BC68-4484-9233-6E7F1628B56C} - <orphaned>
uURLSearchHooks: <No Name>: {5b9e2a0b-c94b-46a5-b53c-5892834c0d3e} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: FindRight: {2c774641-5504-46a8-b63f-6715ae3fe376} - LocalServer32 - <no file>
BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\ips\ipsbho.dll
BHO: SaveSense: {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Elzire\AppData\Local\SaveSense\SaveSenseIE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Search Assistant BHO: {76cab667-1cd5-410f-8047-b08ab01a92a2} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll
BHO: Toolbar BHO: {936d1cc6-4508-4607-9638-8c714e9dc809} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coieplg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coieplg.dll
TB: CursorMania: {2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coieplg.dll
TB: CursorMania: {2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll
uRun: [CloudSystemBooster] "C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe"  /hide /autorun
uRunOnce: [Application Restart #1] C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe /RestartByRestartManager:57851358-A4E4-4e74-9993-DFD1ABEB3D79 /RestartByRestartManager:4F86D436-7D6A-4aaa-9408-BA2A2C3E589E /RestartByRestartManager:2F622D20-5C0D-4639-A293-FCCE004E286D /RestartByRestartManager:140D2DA1-9B31-4c68-9F1F-9325B59EBE45
mRun: [AmIcoSinglun64] "C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
mRun: [1.TPUReg] "C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe"
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADSK DLMSession] C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe
mRun: [ChromeHelper] C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe
mRun: [CursorMania EPM Support] "C:\PROGRA~2\CURSOR~2\bar\1.bin\7lmedint.exe" T8EPMSUP.DLL,S
mRun: [CursorMania Search Scope Monitor] "C:\PROGRA~2\CURSOR~2\bar\1.bin\7lsrchmn.exe" /m=2 /w /h
mRun: [CursorMania_7l Browser Plugin Loader] C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbrmon.exe
mRun: [CursorMania_7l Browser Plugin Loader 64] C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbrmon64.exe
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\140707C656 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\27F67756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\457413637323745323 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{AFEC0CAD-B63C-4647-B777-3677680CBA4C}\84F6D65602E4564777F627B6 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
IFEO: bitguard.exe - tasklist.exe
IFEO: bprotect.exe - tasklist.exe
IFEO: bpsvc.exe - tasklist.exe
IFEO: browserdefender.exe - tasklist.exe
IFEO: browserprotect.exe - tasklist.exe
x64-mStart Page = about:blank
x64-mLocal Page = about:blank
x64-mWindow Title = Microsoft Internet Explorer
x64-mDefault_Page_URL = hxxp://toshiba13.msn.com
x64-BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll
x64-BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coieplg.dll
x64-TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coieplg.dll
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [CursorMania Home Page Guard 64 bit] "C:\PROGRA~2\CURSOR~2\bar\1.bin\AppIntegrator64.exe"
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-IFEO: bitguard.exe - tasklist.exe
x64-IFEO: bprotect.exe - tasklist.exe
x64-IFEO: bpsvc.exe - tasklist.exe
x64-IFEO: browserdefender.exe - tasklist.exe
x64-IFEO: browserprotect.exe - tasklist.exe
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-3-22 678384]
R0 SymDS;Symantec Data Store;C:\windows\System32\Drivers\NAVx64\1504000.00D\symds64.sys [2014-7-10 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\Drivers\NAVx64\1504000.00D\symefa64.sys [2014-7-10 1148120]
R0 THAccel;THAccel;C:\windows\System32\Drivers\THAccel.sys [2013-9-13 110976]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\Drivers\thpdrv.sys [2013-2-26 48440]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\Drivers\Thpevm.sys [2012-6-25 18304]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-9-13 499096]
R1 {42e50651-9669-456e-9081-d5a836274274}w64;{42e50651-9669-456e-9081-d5a836274274}w64;C:\windows\System32\Drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys [2014-5-23 61112]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [2014-7-23 1530160]
R1 ccSet_NAT;Norton Anti-Theft Settings Manager;C:\windows\System32\Drivers\NATx64\010A000.009\ccSetx64.sys [2013-10-24 150104]
R1 ccSet_NAV;NAV Settings Manager;C:\windows\System32\Drivers\NAVx64\1504000.00D\ccsetx64.sys [2014-7-10 162392]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\windows\System32\Drivers\NSTx64\7DE07030.00C\ccsetx64.sys [2014-7-8 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140731.001\IDSviA64.sys [2014-8-1 525016]
R1 qknfd;qknfd;C:\windows\System32\Drivers\qknfd.sys [2014-2-5 58256]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\Drivers\NAVx64\1504000.00D\ironx64.sys [2014-7-10 264280]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\Drivers\NAVx64\1504000.00D\symnets.sys [2014-7-10 593112]
R2 AnviCsbSvc;Anvi Cloud System Booster Speed Service;C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [2014-5-28 42680]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-1-31 19232]
R2 BrcmSetSecurity;BrcmSetSecurity;C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [2013-6-28 283296]
R2 ChromeHelperUpdt;ChromeHelperUpdt;C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [2014-5-6 284960]
R2 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [2014-5-6 252928]
R2 CursorMania_7lService;CursorManiaService;C:\PROGRA~2\CURSOR~2\bar\1.bin\7lbarsvc.exe [2014-7-16 88648]
R2 DACoreService;Dragon Assistant Core;C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [2013-9-13 432528]
R2 dts_apo_service;DTS APO Service;C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-5-9 16720]
R2 GFNEXSrv;GFNEX Service;C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [2013-3-27 163168]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-9-12 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-9-12 169432]
R2 NAT;Norton Anti-Theft;C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [2013-10-24 232424]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe [2014-7-10 262968]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe [2014-7-8 130104]
R2 PEGAGFN;PEGAGFN;C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [2009-9-11 14344]
R2 PGMTrusted;PGMTrusted;C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [2013-3-25 520360]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-1-28 322400]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2013-8-28 3378416]
R3 AmUStor;AM USB Stroage Driver;C:\windows\System32\Drivers\AmUStor.sys [2013-4-24 109336]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0403000.00E\ccSetx64.sys [2013-9-13 168608]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-6-13 142128]
R3 ibtusb;Intel® Wireless Bluetooth® 4.0;C:\windows\System32\Drivers\ibtusb.sys [2013-6-24 114120]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2013-6-28 25568]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\windows\System32\Drivers\L1C63x64.sys [2013-2-27 119528]
R3 NETwNe64;Intel® Wireless Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew02.sys [2013-10-8 3648480]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2013-7-24 33008]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-3-19 53864]
R3 usb3Hub;UoIP Hub;C:\windows\System32\Drivers\usb3Hub.sys [2013-6-20 206744]
S0 SymELAM;Symantec ELAM Driver;C:\windows\System32\Drivers\NAVx64\1504000.00D\symelam.sys [2014-7-10 23568]
S2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-10-7 227904]
S3 CMUSBDAC;USB Audio Class 1.0 and 2.0 DAC Device Driver;C:\windows\System32\Drivers\CMUSBDAC.sys [2013-10-15 386560]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-11-19 1432400]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2013-6-28 35296]
S3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-7-17 442368]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2013-8-28 273136]
S3 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2013-1-28 4230016]
S4 THAccelSvc;TOSHIBA HDD Accelerator Service;C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [2013-3-26 216976]
SUnknown savesenselive;savesenselive; [x]
SUnknown savesenselivem;savesenselivem; [x]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2014-07-29 20:00:22 -------- d-----w- C:\Program Files\CCleaner
2014-07-25 03:18:51 -------- d-----w- C:\ProgramData\iWin
2014-07-25 03:17:50 -------- d-----w- C:\Games
2014-07-25 03:17:18 -------- d-----w- C:\ProgramData\PogoDGC
2014-07-25 03:17:13 -------- d-----w- C:\Program Files (x86)\Pogo Games
2014-07-17 05:58:43 -------- d-----w- C:\Program Files (x86)\CursorMania
2014-07-17 05:58:39 39464 ----a-w- C:\windows\SysWow64\p5PSSavr.scr
2014-07-17 05:58:38 -------- d-----w- C:\Program Files (x86)\PopularScreensavers
2014-07-17 05:58:24 -------- d-----w- C:\Users\Elzire\AppData\Local\CursorMania_7l
2014-07-17 05:58:24 -------- d-----w- C:\Program Files (x86)\CursorMania_7l
2014-07-17 05:58:14 -------- d---a-w- C:\Program Files (x86)\CursorMania_7lEI
2014-07-16 03:05:28 -------- d-----w- C:\Users\Elzire\AppData\Local\Unity
2014-07-13 21:45:52 105440 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-13 21:45:51 703968 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-13 21:42:41 -------- d-s---w- C:\windows\System32\CompatTel
2014-07-10 23:44:00 875736 ----a-w- C:\windows\System32\drivers\NAVx64\1504000.00D\srtsp64.sys
2014-07-10 23:44:00 593112 ----a-w- C:\windows\System32\drivers\NAVx64\1504000.00D\symnets.sys
2014-07-10 23:44:00 493656 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\symds64.sys
2014-07-10 23:44:00 36952 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\srtspx64.sys
2014-07-10 23:44:00 264280 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\ironx64.sys
2014-07-10 23:44:00 23568 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\symelam.sys
2014-07-10 23:44:00 162392 ----a-r- C:\windows\System32\drivers\NAVx64\1504000.00D\ccsetx64.sys
2014-07-10 23:44:00 1148120 ----a-w- C:\windows\System32\drivers\NAVx64\1504000.00D\symefa64.sys
2014-07-10 23:43:45 -------- d-----w- C:\windows\System32\drivers\NAVx64\1504000.00D
2014-07-10 02:17:59 576512 ----a-w- C:\windows\System32\drivers\afd.sys
2014-07-10 02:17:21 596480 ----a-w- C:\windows\System32\qedit.dll
2014-07-10 02:17:21 497152 ----a-w- C:\windows\SysWow64\qedit.dll
2014-07-08 23:10:41 -------- d-----w- C:\Program Files (x86)\Anvisoft
2014-07-08 22:50:09 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2014-07-08 22:40:13 -------- d-----w- C:\FRST
2014-07-08 17:19:07 162392 ----a-w- C:\windows\System32\drivers\NSTx64\7DE07030.00C\ccsetx64.sys
2014-07-08 17:19:04 -------- d-----w- C:\windows\System32\drivers\NSTx64\7DE07030.00C
.
==================== Find3M  ====================
.
2014-06-30 22:42:56 394240 ----a-w- C:\windows\System32\devinv.dll
2014-06-30 22:42:48 87552 ----a-w- C:\windows\System32\aepic.dll
2014-06-30 22:42:48 702464 ----a-w- C:\windows\System32\aepdu.dll
2014-06-28 03:35:04 556544 ----a-w- C:\windows\System32\aeinv.dll
2014-06-19 02:12:11 2239488 ----a-w- C:\windows\System32\wininet.dll
2014-06-19 02:12:02 915968 ----a-w- C:\windows\System32\uxtheme.dll
2014-06-19 02:12:02 53760 ----a-w- C:\windows\System32\UXInit.dll
2014-06-19 02:10:33 3959296 ----a-w- C:\windows\System32\jscript9.dll
2014-06-19 02:10:28 67072 ----a-w- C:\windows\System32\iesetup.dll
2014-06-19 02:10:28 136704 ----a-w- C:\windows\System32\iesysprep.dll
2014-06-19 02:09:55 1508864 ----a-w- C:\windows\System32\inetcpl.cpl
2014-06-19 00:53:52 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-06-19 00:53:42 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2014-06-19 00:52:46 2863616 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-06-19 00:52:42 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-06-19 00:52:42 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2014-06-19 00:52:19 1440768 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-06-19 00:33:44 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-06-19 00:30:35 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-06-18 22:05:00 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2014-06-17 23:27:37 1440256 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-17 23:24:48 1557504 ----a-w- C:\windows\System32\osk.exe
2014-06-11 23:55:39 35856 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2014-06-11 23:55:39 269592 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2014-06-11 23:53:48 1287168 ----a-w- C:\windows\System32\schedsvc.dll
2014-06-11 23:51:52 215040 ----a-w- C:\windows\System32\drivers\mrxsmb20.sys
2014-06-11 23:51:50 247808 ----a-w- C:\windows\System32\drivers\srvnet.sys
2014-06-11 23:51:49 1120768 ----a-w- C:\windows\System32\gpedit.dll
2014-06-11 23:51:48 1075200 ----a-w- C:\windows\SysWow64\gpedit.dll
2014-06-11 23:51:47 370688 ----a-w- C:\windows\System32\drivers\mrxsmb.sys
2014-06-11 04:18:14 4038144 ----a-w- C:\windows\System32\win32k.sys
2014-06-02 22:33:45 265216 ----a-w- C:\windows\System32\InkEd.dll
2014-05-29 23:31:26 452608 ----a-w- C:\windows\SysWow64\SHCore.dll
2014-05-29 23:03:04 588288 ----a-w- C:\windows\System32\SHCore.dll
2014-05-29 23:02:28 439808 ----a-w- C:\windows\System32\lsm.dll
2014-05-29 23:02:27 1281536 ----a-w- C:\windows\System32\lsasrv.dll
2014-05-23 01:19:38 61112 ----a-w- C:\windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys
.
============= FINISH: 11:02:12.92 ===============


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 04 August 2014 - 04:35 PM

Hello 

LostJ

,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

1.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool .
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

2.

Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on. 

Please download Junkware Removal Tool to your desktop.

 

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.

 

 

3.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

 

Things to include in your next reply::

AdwCleaner log

JRt.txt

FRST.txt

Addition.txt


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 LostJ

LostJ
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 05 August 2014 - 07:18 PM

Thank you for taking me on. Here are the logs as asked.

 

 

AdwCleaner

 

# AdwCleaner v3.302 - Report created 05/08/2014 at 16:55:20
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Elzire - JULIANNA
# Running from : C:\Users\Elzire\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : qknfd
[#] Service Deleted : savesenselive
[#] Service Deleted : savesenselivem
Service Deleted : {42e50651-9669-456e-9081-d5a836274274}w64
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Elzire\Favorites\StumbleUpon
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\iWin
Folder Deleted : C:\ProgramData\SaveSenseLive
Folder Deleted : C:\ProgramData\wincert
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\CursorMania
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\Movies Toolbar
Folder Deleted : C:\Program Files (x86)\Nation Toolbar
Folder Deleted : C:\Program Files (x86)\PopularScreensavers
Folder Deleted : C:\Users\Elzire\AppData\Local\iac
Folder Deleted : C:\Users\Elzire\AppData\Local\SaveSense
Folder Deleted : C:\Users\Elzire\AppData\Local\SaveSenseLive
Folder Deleted : C:\Users\Elzire\AppData\Local\torch
Folder Deleted : C:\Users\Elzire\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Elzire\AppData\LocalLow\iac
Folder Deleted : C:\Users\Elzire\AppData\LocalLow\Mysearchdial
Folder Deleted : C:\Users\Elzire\AppData\LocalLow\searchresultstb
Folder Deleted : C:\Users\Elzire\AppData\Roaming\1H1Q
Folder Deleted : C:\Users\Elzire\AppData\Roaming\SaveSense
Folder Deleted : C:\Users\Elzire\AppData\Roaming\Systweak
Folder Deleted : C:\Users\Elzire\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\Elzire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Folder Deleted : C:\Users\Julianna\Favorites\StumbleUpon
File Deleted : C:\END
File Deleted : C:\windows\SysWOW64\p5PSSavr.scr
File Deleted : C:\windows\System32\roboot64.exe
File Deleted : C:\windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : SaveSense
Task Deleted : SaveSenseLiveUpdateTaskMachineCore
Task Deleted : SaveSenseLiveUpdateTaskMachineUA
Task Deleted : UpdaterEX
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CursorMania_7l Browser Plugin Loader]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CursorMania_7l Browser Plugin Loader 64]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C774641-5504-46A8-B63F-6715AE3FE376}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FB5B50A-863D-4C0D-8E84-92A59565D087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A0-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B2E5F9A4-0587-4525-8602-E08E32510243}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C39937A5-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C774641-5504-46A8-B63F-6715AE3FE376}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C774641-5504-46A8-B63F-6715AE3FE376}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C774641-5504-46A8-B63F-6715AE3FE376}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A916EEFE-6A17-4D7D-A131-2738B260BB55}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D6A34ACB-76FA-4A14-88EA-5D54797A2028}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5957D8D4-6FF0-43FB-B50B-49079FE61659}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C39937A9-C59D-4506-A9FC-0A0138192287}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D1DAC034-9FD9-4C13-A388-D2E10E57707F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DD55C1D4-CE89-4E93-866E-3F4A4962BD68}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8798BBE7-DDF6-448B-AE0E-83C9E28A5598}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1DAC034-9FD9-4C13-A388-D2E10E57707F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F37BCE7B-6055-418C-A301-E715F36F1E79}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BD172BA-3F40-4303-BCA1-0484B5BA2A7B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D1DAC034-9FD9-4C13-A388-D2E10E57707F}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D8278076-BC68-4484-9233-6E7F1628B56C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A73204A3-4E2A-4924-95DA-D5DF58717368}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B5DB5A94-1E55-4E2E-AA50-49C8C8215D56}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C39937A7-C59D-4506-A9FC-0A0138192287}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\FindRight
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Nation Toolbar
Key Deleted : HKCU\Software\SaveSense
Key Deleted : HKCU\Software\SaveSenseLive
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\FindRight
Key Deleted : HKLM\Software\mysearchdial
Key Deleted : HKLM\Software\Nation Toolbar
Key Deleted : HKLM\Software\PopularScreensavers
Key Deleted : HKLM\Software\SaveSenseLive
Key Deleted : HKLM\Software\systweak
Key Deleted : HKLM\Software\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
 
-\\ Google Chrome v36.0.1985.125
 
[ File : C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Julianna\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [17376 octets] - [05/08/2014 16:54:20]
AdwCleaner[S0].txt - [16233 octets] - [05/08/2014 16:55:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16294 octets] ##########
 
 
 
 
JRt
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Elzire on Tue 08/05/2014 at 17:02:34.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1C9AC645-4A0B-4DB8-A8A3-3144A9C972F1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B187A959-52A2-4F82-929E-D4879D5E7996}
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\bigfishcache"
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 08/05/2014 at 17:09:21.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-08-2014
Ran by Elzire (administrator) on JULIANNA on 05-08-2014 17:14:47
Running from C:\Users\Elzire\Downloads
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
() C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbarsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\nst.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TCrdKBB.exe
( ) C:\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegrator64.exe
(Anvisoft) C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\nav.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Thisisu) C:\Users\Elzire\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Elzire\Downloads\frst64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1549392 2013-03-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2565472 2013-04-22] (TOSHIBA Corporation)
HKLM\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [415680 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CursorMania Home Page Guard 64 bit] => C:\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegrator64.exe [485960 2014-07-16] ( )
HKLM-x32\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [374784 2013-04-18] (Alcor Micro Corp.)
HKLM-x32\...\Run: [1.TPUReg] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ADSK DLMSession] => C:\Program Files (x86)\Common Files\Autodesk Shared\Autodesk Download Manager\DLMSession.exe [1641368 2013-02-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [ChromeHelper] => C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelper.exe [737568 2014-05-06] ()
HKLM-x32\...\Run: [CursorMania EPM Support] => C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lmedint.exe [12872 2014-07-16] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [CursorMania Search Scope Monitor] => C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrchMn.exe [55368 2014-07-16] (Mindspark)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4150042245-607552300-2321086869-1001\...\Run: [CloudSystemBooster] => C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe [527544 2014-05-28] (Anvisoft)
HKU\S-1-5-21-4150042245-607552300-2321086869-1001\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\TOSHIBA\PasswordUtility\readLM.exe [2216800 2013-03-27] (TOSHIBA)
HKU\S-1-5-21-4150042245-607552300-2321086869-1001\...\Policies\Explorer: [] 
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\windows\system32\AcSignIcon.dll (Autodesk, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.51searchengines.com/?opts=no&hp=g1&d=2014-07-28
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - (No Name) - {5b9e2a0b-c94b-46a5-b53c-5892834c0d3e} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll (Mindspark)
SearchScopes: HKLM-x32 - {B187A959-52A2-4F82-929E-D4879D5E7996} URL = http://search.nation.com/?orig=DS&affid=14000&cztbid=1684106338&q={searchTerms}
BHO: ConvertFilesforFree -> {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -> C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ConvertFilesforFree -> {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -> C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Search Assistant BHO -> {76cab667-1cd5-410f-8047-b08ab01a92a2} -> C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll (Mindspark)
BHO-x32: Toolbar BHO -> {936d1cc6-4508-4607-9638-8c714e9dc809} -> C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll (Mindspark)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - CursorMania - {2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll (Mindspark)
Toolbar: HKCU - Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.3.12\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - CursorMania - {2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll (Mindspark)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
FireFox:
========
FF Plugin-x32: @CursorMania_7l.com/Plugin -> C:\Program Files (x86)\CursorMania_7l\bar\1.bin\NP7lStub.dll (Mindspark)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 -> C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Elzire\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_21.1.0.18\IPSFF [2013-12-23]
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.6.0.27\coFFPlgn [2014-08-05]
 
Chrome: 
=======
CHR HomePage: 
CHR Extension: (Google Docs) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (AdBlock) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Norton Security Toolbar) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Elzire\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\Exts\Chrome.crx [2014-07-08]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42680 2014-05-28] (Anvisoft)
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-06-28] (Intel Corporation)
R2 ChromeHelperUpdt; C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe [284960 2014-05-06] ()
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-05-06] () [File not signed]
R2 CursorMania_7lService; C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbarsvc.exe [88648 2014-07-16] (COMPANYVERS_NAME)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-05-09] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-07] (WildTangent)
R2 GFNEXSrv; C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe [163168 2013-03-27] ()
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-01] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-01] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\NAV.exe [262968 2014-06-26] (Symantec Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\NST.exe [130104 2014-06-26] (Symantec Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [520360 2013-03-25] (iWin Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [332800 2013-04-25] (IDT, Inc.) [File not signed]
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-06-11] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\BASHDefs\20140801.001\BHDrvx64.sys [1530160 2014-05-09] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1504000.00D\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE07030.00C\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 CMUSBDAC; C:\Windows\system32\DRIVERS\CMUSBDAC.sys [386560 2013-10-15] (C-Media Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-06-10] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-06-10] (Symantec Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [114120 2013-06-24] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\IPSDefs\20140804.003\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99800 2013-05-01] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140805.002\ENG64.SYS [126040 2014-07-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\21.1.0.18\Definitions\VirusDefs\20140805.002\EX64.SYS [2099288 2014-07-11] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [3648480 2013-10-08] (Intel Corporation)
R2 npf; C:\windows\System32\drivers\npf.sys [36600 2014-04-28] (Riverbed Technology, Inc.)
R2 PEGAGFN; C:\Program Files (x86)\TOSHIBA\PasswordUtility\PEGAGFN.sys [14344 2009-09-11] (PEGATRON)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-05-02] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1504000.00D\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1504000.00D\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1504000.00D\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1504000.00D\SymELAM.sys [23568 2013-09-09] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1504000.00D\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1504000.00D\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 17:14 - 2014-08-05 17:14 - 02094080 _____ (Farbar) C:\Users\Elzire\Downloads\frst64 (1).exe
2014-08-05 17:09 - 2014-08-05 17:09 - 00001091 _____ () C:\Users\Elzire\Desktop\JRT.txt
2014-08-05 17:02 - 2014-08-05 17:02 - 00000000 ____D () C:\windows\ERUNT
2014-08-05 17:01 - 2014-08-05 17:01 - 01016261 _____ (Thisisu) C:\Users\Elzire\Downloads\JRT.exe
2014-08-05 16:57 - 2014-08-05 16:57 - 00355520 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-05 16:57 - 2014-08-05 16:57 - 00005678 _____ () C:\windows\PFRO.log
2014-08-05 16:54 - 2014-08-05 16:55 - 00000000 ____D () C:\AdwCleaner
2014-08-05 16:54 - 2014-08-05 16:54 - 01361309 _____ () C:\Users\Elzire\Downloads\AdwCleaner.exe
2014-08-05 16:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-08-04 11:01 - 2014-08-04 11:01 - 00688992 ____R (Swearware) C:\Users\Elzire\Downloads\dds (1).com
2014-07-30 09:04 - 2014-07-30 09:04 - 00000794 _____ () C:\windows\setupact.log
2014-07-30 09:04 - 2014-07-30 09:04 - 00000000 _____ () C:\windows\setuperr.log
2014-07-29 13:44 - 2014-07-29 13:44 - 00006691 _____ () C:\Users\Elzire\Documents\Attach.txt
2014-07-29 13:43 - 2014-07-29 13:43 - 00027553 _____ () C:\Users\Elzire\Documents\DDS.txt
2014-07-29 13:42 - 2014-08-04 11:02 - 00025171 _____ () C:\Users\Elzire\Desktop\dds.txt
2014-07-29 13:42 - 2014-08-04 11:02 - 00007059 _____ () C:\Users\Elzire\Desktop\attach.txt
2014-07-29 13:41 - 2014-07-29 13:41 - 00688992 ____R (Swearware) C:\Users\Elzire\Downloads\dds.com
2014-07-29 13:33 - 2014-07-29 14:26 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4150042245-607552300-2321086869-1004
2014-07-29 13:31 - 2014-07-29 13:31 - 00056160 _____ () C:\Users\Elzire\Documents\cc_20140729_133123.reg
2014-07-29 13:28 - 2014-07-29 13:28 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Toshiba
2014-07-29 13:28 - 2014-07-29 13:28 - 00000000 ____D () C:\Users\Julianna\AppData\Local\CursorMania_7l
2014-07-29 13:28 - 2014-07-29 13:28 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Autodesk
2014-07-29 13:27 - 2014-07-29 13:27 - 00001441 _____ () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-29 13:27 - 2014-07-29 13:27 - 00000000 ____D () C:\Users\Julianna\AppData\Roaming\Adobe
2014-07-29 13:27 - 2014-07-29 13:27 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Google
2014-07-29 13:26 - 2014-07-29 13:27 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Packages
2014-07-29 13:26 - 2014-07-29 13:27 - 00000000 ____D () C:\Users\Julianna
2014-07-29 13:26 - 2014-07-29 13:26 - 00000020 ___SH () C:\Users\Julianna\ntuser.ini
2014-07-29 13:26 - 2014-07-29 13:26 - 00000000 ____D () C:\Users\Julianna\AppData\Roaming\Intel
2014-07-29 13:26 - 2014-07-29 13:26 - 00000000 ____D () C:\Users\Julianna\AppData\Local\VirtualStore
2014-07-29 13:26 - 2014-07-13 14:42 - 00000000 ___RD () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-29 13:26 - 2014-07-13 14:42 - 00000000 ___RD () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-29 13:26 - 2013-09-13 00:01 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Pokki
2014-07-29 13:26 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-29 13:26 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-29 13:18 - 2014-08-05 16:56 - 00398718 _____ () C:\windows\WindowsUpdate.log
2014-07-29 13:00 - 2014-07-29 13:01 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-29 13:00 - 2014-07-29 13:01 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-29 13:00 - 2014-07-29 13:00 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-07-29 13:00 - 2014-07-29 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-29 12:59 - 2014-07-29 12:59 - 04813544 _____ (Piriform Ltd) C:\Users\Elzire\Downloads\ccsetup416.exe
2014-07-29 12:59 - 2014-07-29 12:59 - 04813544 _____ (Piriform Ltd) C:\Users\Elzire\Downloads\ccsetup416 (1).exe
2014-07-24 21:41 - 2014-07-24 21:41 - 00074592 _____ () C:\Users\Elzire\Downloads\plants-vs-zombies-game-of-the-year-edition-setup (2).exe
2014-07-24 21:40 - 2014-07-24 21:40 - 00074592 _____ () C:\Users\Elzire\Downloads\plants-vs-zombies-game-of-the-year-edition-setup (1).exe
2014-07-24 20:18 - 2014-07-24 20:18 - 00002139 _____ () C:\Users\Public\Desktop\Plants Vs Zombies Game of the Year Edition.lnk
2014-07-24 20:18 - 2014-07-24 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC
2014-07-24 20:17 - 2014-07-24 21:49 - 00003414 _____ () C:\windows\System32\Tasks\RunAsStdUser Task
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\ProgramData\PogoDGC
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\Program Files (x86)\Pogo Games
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\Games
2014-07-24 20:16 - 2014-07-24 20:16 - 00074592 _____ () C:\Users\Elzire\Downloads\plants-vs-zombies-game-of-the-year-edition-setup.exe
2014-07-22 14:37 - 2014-07-22 14:37 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0421 - Shortcut.lnk
2014-07-22 14:33 - 2014-07-22 14:33 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0386 - Shortcut.lnk
2014-07-22 14:28 - 2014-07-22 14:28 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0342 - Shortcut.lnk
2014-07-22 14:13 - 2014-07-22 14:13 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0213 - Shortcut.lnk
2014-07-20 16:45 - 2014-07-22 14:30 - 00000000 ____D () C:\Users\Elzire\Desktop\100D5100
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Elzire\AppData\Local\CursorMania_7l
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Program Files (x86)\CursorMania_7l
2014-07-15 20:05 - 2014-07-15 20:05 - 00000000 ____D () C:\Users\Elzire\AppData\Local\Unity
2014-07-13 14:45 - 2014-06-26 13:53 - 00703968 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-07-13 14:45 - 2014-06-26 13:53 - 00105440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-13 14:42 - 2014-07-13 14:42 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-11 12:59 - 2014-07-11 12:59 - 00000000 ____D () C:\windows\System32\Tasks\Norton AntiVirus
2014-07-09 19:18 - 2014-06-30 15:42 - 00702464 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-07-09 19:18 - 2014-06-30 15:42 - 00394240 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-07-09 19:18 - 2014-06-30 15:42 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-07-09 19:18 - 2014-06-27 20:35 - 00556544 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-07-09 19:18 - 2014-06-18 19:12 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-07-09 19:18 - 2014-06-18 19:12 - 01366528 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-07-09 19:18 - 2014-06-18 19:12 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-07-09 19:18 - 2014-06-18 19:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-07-09 19:18 - 2014-06-18 19:12 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-07-09 19:18 - 2014-06-18 19:11 - 19277312 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-07-09 19:18 - 2014-06-18 19:11 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-07-09 19:18 - 2014-06-18 19:11 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 15369728 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 02650624 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00452096 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-07-09 19:18 - 2014-06-18 19:10 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-07-09 19:18 - 2014-06-18 19:09 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-07-09 19:18 - 2014-06-18 17:53 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-07-09 19:18 - 2014-06-18 17:53 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-07-09 19:18 - 2014-06-18 17:53 - 01141760 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-07-09 19:18 - 2014-06-18 17:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-07-09 19:18 - 2014-06-18 17:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-07-09 19:18 - 2014-06-18 17:53 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-07-09 19:18 - 2014-06-18 17:53 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 13732352 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 02863616 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-07-09 19:18 - 2014-06-18 17:52 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-07-09 19:18 - 2014-06-18 17:52 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-07-09 19:18 - 2014-06-18 17:33 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-07-09 19:18 - 2014-06-18 17:30 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-07-09 19:18 - 2014-06-18 15:05 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-07-09 19:18 - 2014-06-17 16:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-07-09 19:18 - 2014-06-17 16:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-07-09 19:18 - 2014-06-10 21:18 - 04038144 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-07-09 19:18 - 2014-06-02 15:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-07-09 19:18 - 2014-05-29 16:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-07-09 19:18 - 2014-05-29 16:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-07-09 19:18 - 2014-05-29 16:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-07-09 19:18 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-07-09 19:18 - 2014-05-02 23:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-07-09 19:18 - 2014-05-02 23:33 - 01824808 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-07-09 19:18 - 2014-05-02 21:51 - 01408976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-07-09 19:18 - 2014-05-01 15:37 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-07-09 19:18 - 2014-04-29 15:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-07-09 19:18 - 2014-04-29 15:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-07-09 19:18 - 2014-04-23 16:51 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-07-09 19:18 - 2014-04-23 16:51 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 19:18 - 2014-04-23 16:38 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-07-09 19:18 - 2014-04-23 16:38 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 19:18 - 2014-02-07 21:34 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-07-09 19:17 - 2014-06-06 07:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-07-09 19:17 - 2014-06-06 03:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-07-09 19:17 - 2014-05-29 15:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-07-08 16:10 - 2014-07-08 16:10 - 15847248 _____ (Anvisoft) C:\Users\Elzire\Downloads\csbsetup.exe
2014-07-08 16:10 - 2014-07-08 16:10 - 00774560 _____ (AirInstaller ) C:\Users\Elzire\Downloads\Setup.exe
2014-07-08 16:10 - 2014-07-08 16:10 - 00001283 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-08 15:50 - 2014-07-08 15:50 - 00001275 _____ () C:\Users\Elzire\Desktop\Revo Uninstaller.lnk
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-08 15:49 - 2014-08-05 17:15 - 00024381 _____ () C:\Users\Elzire\Downloads\FRST.txt
2014-07-08 15:49 - 2014-07-08 15:55 - 00030806 _____ () C:\Users\Elzire\Downloads\Addition.txt
2014-07-08 15:49 - 2014-07-08 15:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Elzire\Downloads\revosetup.exe
2014-07-08 15:40 - 2014-08-05 17:14 - 00000000 ____D () C:\FRST
2014-07-08 15:39 - 2014-07-08 15:39 - 02084352 _____ (Farbar) C:\Users\Elzire\Downloads\FRST64.exe
2014-07-08 12:24 - 2014-07-08 12:24 - 00003098 _____ () C:\windows\System32\Tasks\{CC090146-334F-4ACC-B291-814C990F1A43}
2014-07-08 12:13 - 2014-07-17 20:19 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-08 12:13 - 2014-07-08 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 12:12 - 2014-08-05 16:58 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 12:12 - 2014-08-05 14:17 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 12:12 - 2014-07-08 12:12 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-08 12:12 - 2014-07-08 12:12 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-08-05 17:15 - 2014-07-08 15:49 - 00024381 _____ () C:\Users\Elzire\Downloads\FRST.txt
2014-08-05 17:14 - 2014-08-05 17:14 - 02094080 _____ (Farbar) C:\Users\Elzire\Downloads\frst64 (1).exe
2014-08-05 17:14 - 2014-07-08 15:40 - 00000000 ____D () C:\FRST
2014-08-05 17:09 - 2014-08-05 17:09 - 00001091 _____ () C:\Users\Elzire\Desktop\JRT.txt
2014-08-05 17:09 - 2013-10-09 20:28 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4150042245-607552300-2321086869-1001
2014-08-05 17:03 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-08-05 17:02 - 2014-08-05 17:02 - 00000000 ____D () C:\windows\ERUNT
2014-08-05 17:02 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-08-05 17:01 - 2014-08-05 17:01 - 01016261 _____ (Thisisu) C:\Users\Elzire\Downloads\JRT.exe
2014-08-05 17:00 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-08-05 16:58 - 2014-07-08 12:12 - 00000912 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-05 16:58 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-08-05 16:57 - 2014-08-05 16:57 - 00355520 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-05 16:57 - 2014-08-05 16:57 - 00005678 _____ () C:\windows\PFRO.log
2014-08-05 16:56 - 2014-07-29 13:18 - 00398718 _____ () C:\windows\WindowsUpdate.log
2014-08-05 16:56 - 2012-07-25 22:26 - 00524288 ___SH () C:\windows\system32\config\BBI
2014-08-05 16:55 - 2014-08-05 16:54 - 00000000 ____D () C:\AdwCleaner
2014-08-05 16:54 - 2014-08-05 16:54 - 01361309 _____ () C:\Users\Elzire\Downloads\AdwCleaner.exe
2014-08-05 14:17 - 2014-07-08 12:12 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-05 12:48 - 2013-10-14 17:30 - 00000000 ____D () C:\Users\Elzire\AppData\Local\CrashDumps
2014-08-05 12:14 - 2013-10-13 12:08 - 00000000 ____D () C:\Users\Elzire\AppData\Roaming\.minecraft
2014-08-04 11:02 - 2014-07-29 13:42 - 00025171 _____ () C:\Users\Elzire\Desktop\dds.txt
2014-08-04 11:02 - 2014-07-29 13:42 - 00007059 _____ () C:\Users\Elzire\Desktop\attach.txt
2014-08-04 11:01 - 2014-08-04 11:01 - 00688992 ____R (Swearware) C:\Users\Elzire\Downloads\dds (1).com
2014-08-01 11:56 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-07-30 09:04 - 2014-07-30 09:04 - 00000794 _____ () C:\windows\setupact.log
2014-07-30 09:04 - 2014-07-30 09:04 - 00000000 _____ () C:\windows\setuperr.log
2014-07-29 22:32 - 2013-10-09 20:20 - 00000000 ____D () C:\Users\Elzire
2014-07-29 14:26 - 2014-07-29 13:33 - 00003598 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4150042245-607552300-2321086869-1004
2014-07-29 13:44 - 2014-07-29 13:44 - 00006691 _____ () C:\Users\Elzire\Documents\Attach.txt
2014-07-29 13:43 - 2014-07-29 13:43 - 00027553 _____ () C:\Users\Elzire\Documents\DDS.txt
2014-07-29 13:41 - 2014-07-29 13:41 - 00688992 ____R (Swearware) C:\Users\Elzire\Downloads\dds.com
2014-07-29 13:31 - 2014-07-29 13:31 - 00056160 _____ () C:\Users\Elzire\Documents\cc_20140729_133123.reg
2014-07-29 13:29 - 2014-05-10 20:45 - 00000000 ____D () C:\ProgramData\ChromeHelper
2014-07-29 13:28 - 2014-07-29 13:28 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Toshiba
2014-07-29 13:28 - 2014-07-29 13:28 - 00000000 ____D () C:\Users\Julianna\AppData\Local\CursorMania_7l
2014-07-29 13:28 - 2014-07-29 13:28 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Autodesk
2014-07-29 13:27 - 2014-07-29 13:27 - 00001441 _____ () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-07-29 13:27 - 2014-07-29 13:27 - 00000000 ____D () C:\Users\Julianna\AppData\Roaming\Adobe
2014-07-29 13:27 - 2014-07-29 13:27 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Google
2014-07-29 13:27 - 2014-07-29 13:26 - 00000000 ____D () C:\Users\Julianna\AppData\Local\Packages
2014-07-29 13:27 - 2014-07-29 13:26 - 00000000 ____D () C:\Users\Julianna
2014-07-29 13:27 - 2013-10-09 20:23 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-07-29 13:26 - 2014-07-29 13:26 - 00000020 ___SH () C:\Users\Julianna\ntuser.ini
2014-07-29 13:26 - 2014-07-29 13:26 - 00000000 ____D () C:\Users\Julianna\AppData\Roaming\Intel
2014-07-29 13:26 - 2014-07-29 13:26 - 00000000 ____D () C:\Users\Julianna\AppData\Local\VirtualStore
2014-07-29 13:20 - 2013-10-09 20:21 - 00000000 ____D () C:\Users\Elzire\AppData\Local\Packages
2014-07-29 13:19 - 2013-10-25 14:55 - 00082432 ___SH () C:\Users\Elzire\Desktop\Thumbs.db
2014-07-29 13:07 - 2014-02-16 07:40 - 00000000 ____D () C:\windows\Minidump
2014-07-29 13:01 - 2014-07-29 13:00 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-29 13:01 - 2014-07-29 13:00 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-29 13:00 - 2014-07-29 13:00 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-07-29 13:00 - 2014-07-29 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-29 12:59 - 2014-07-29 12:59 - 04813544 _____ (Piriform Ltd) C:\Users\Elzire\Downloads\ccsetup416.exe
2014-07-29 12:59 - 2014-07-29 12:59 - 04813544 _____ (Piriform Ltd) C:\Users\Elzire\Downloads\ccsetup416 (1).exe
2014-07-25 13:40 - 2013-07-17 09:30 - 00000000 ____D () C:\ProgramData\Origin
2014-07-25 13:40 - 2013-07-17 09:29 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-24 21:49 - 2014-07-24 20:17 - 00003414 _____ () C:\windows\System32\Tasks\RunAsStdUser Task
2014-07-24 21:44 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\NDF
2014-07-24 21:41 - 2014-07-24 21:41 - 00074592 _____ () C:\Users\Elzire\Downloads\plants-vs-zombies-game-of-the-year-edition-setup (2).exe
2014-07-24 21:40 - 2014-07-24 21:40 - 00074592 _____ () C:\Users\Elzire\Downloads\plants-vs-zombies-game-of-the-year-edition-setup (1).exe
2014-07-24 20:18 - 2014-07-24 20:18 - 00002139 _____ () C:\Users\Public\Desktop\Plants Vs Zombies Game of the Year Edition.lnk
2014-07-24 20:18 - 2014-07-24 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PogoDGC
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\ProgramData\PogoDGC
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\Program Files (x86)\Pogo Games
2014-07-24 20:17 - 2014-07-24 20:17 - 00000000 ____D () C:\Games
2014-07-24 20:16 - 2014-07-24 20:16 - 00074592 _____ () C:\Users\Elzire\Downloads\plants-vs-zombies-game-of-the-year-edition-setup.exe
2014-07-22 14:37 - 2014-07-22 14:37 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0421 - Shortcut.lnk
2014-07-22 14:33 - 2014-07-22 14:33 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0386 - Shortcut.lnk
2014-07-22 14:30 - 2014-07-20 16:45 - 00000000 ____D () C:\Users\Elzire\Desktop\100D5100
2014-07-22 14:28 - 2014-07-22 14:28 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0342 - Shortcut.lnk
2014-07-22 14:13 - 2014-07-22 14:13 - 00001438 _____ () C:\Users\Elzire\Desktop\DSC_0213 - Shortcut.lnk
2014-07-17 20:19 - 2014-07-08 12:13 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Elzire\AppData\Local\CursorMania_7l
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Program Files (x86)\CursorMania_7l
2014-07-15 20:05 - 2014-07-15 20:05 - 00000000 ____D () C:\Users\Elzire\AppData\Local\Unity
2014-07-15 20:05 - 2014-02-12 14:41 - 00000000 ____D () C:\Users\Elzire\AppData\Local\Deployment
2014-07-13 18:59 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-07-13 14:44 - 2012-07-26 01:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-07-13 14:42 - 2014-07-29 13:26 - 00000000 ___RD () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-13 14:42 - 2014-07-29 13:26 - 00000000 ___RD () C:\Users\Julianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 14:42 - 2014-07-13 14:42 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-07-13 14:42 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-07-13 14:42 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-11 12:59 - 2014-07-11 12:59 - 00000000 ____D () C:\windows\System32\Tasks\Norton AntiVirus
2014-07-11 12:58 - 2013-12-23 12:43 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus
2014-07-11 12:58 - 2013-11-19 14:23 - 00002408 _____ () C:\Users\Public\Desktop\Norton AntiVirus.lnk
2014-07-11 12:58 - 2013-09-13 00:03 - 00003218 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-07-11 12:58 - 2013-09-13 00:02 - 00000000 ____D () C:\windows\system32\Drivers\NAVx64
2014-07-10 13:38 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-07-10 13:34 - 2013-10-15 13:59 - 00000000 ____D () C:\windows\system32\MRT
2014-07-10 13:33 - 2013-10-15 13:59 - 96441528 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-07-08 16:13 - 2013-07-17 22:25 - 00000000 ____D () C:\windows\Panther
2014-07-08 16:10 - 2014-07-08 16:10 - 15847248 _____ (Anvisoft) C:\Users\Elzire\Downloads\csbsetup.exe
2014-07-08 16:10 - 2014-07-08 16:10 - 00774560 _____ (AirInstaller ) C:\Users\Elzire\Downloads\Setup.exe
2014-07-08 16:10 - 2014-07-08 16:10 - 00001283 _____ () C:\Users\Public\Desktop\Cloud System Booster.lnk
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2014-07-08 16:10 - 2014-07-08 16:10 - 00000000 ____D () C:\Program Files (x86)\Anvisoft
2014-07-08 15:55 - 2014-07-08 15:49 - 00030806 _____ () C:\Users\Elzire\Downloads\Addition.txt
2014-07-08 15:50 - 2014-07-08 15:50 - 00001275 _____ () C:\Users\Elzire\Desktop\Revo Uninstaller.lnk
2014-07-08 15:50 - 2014-07-08 15:50 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-08 15:49 - 2014-07-08 15:49 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Elzire\Downloads\revosetup.exe
2014-07-08 15:39 - 2014-07-08 15:39 - 02084352 _____ (Farbar) C:\Users\Elzire\Downloads\FRST64.exe
2014-07-08 14:52 - 2013-12-26 13:17 - 00000000 ____D () C:\windows\System32\Tasks\Norton Identity Safe
2014-07-08 13:03 - 2013-10-29 17:48 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-07-08 12:24 - 2014-07-08 12:24 - 00003098 _____ () C:\windows\System32\Tasks\{CC090146-334F-4ACC-B291-814C990F1A43}
2014-07-08 12:21 - 2013-07-17 09:30 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-08 12:19 - 2014-03-15 21:00 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-07-08 12:13 - 2014-07-08 12:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 12:13 - 2014-02-12 14:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-08 12:12 - 2014-07-08 12:12 - 00003888 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-07-08 12:12 - 2014-07-08 12:12 - 00003652 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-07-08 10:27 - 2013-12-23 12:43 - 00000000 ____D () C:\windows\system32\Drivers\NSTx64
 
Some content of TEMP:
====================
C:\Users\Elzire\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-08-01 14:31
 
==================== End Of Log ============================
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-08-2014
Ran by Elzire at 2014-08-05 17:15:23
Running from C:\Users\Elzire\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton AntiVirus (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
A Wizard's Curse (x32 Version: 3.0.2.51 - WildTangent) Hidden
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 4.7.1245.73473 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 4.7.1245.73473 - Alcor Micro Corp.) Hidden
AutoCAD 2013 - English (HKLM\...\AutoCAD 2013 - English) (Version: 19.0.55.0 - Autodesk)
AutoCAD 2013 - English (Version: 19.0.55.0 - Autodesk) Hidden
AutoCAD 2013 Language Pack - English (Version: 19.0.55.0 - Autodesk) Hidden
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.0.84.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.0.84.0 - Autodesk) Hidden
Autodesk Design Review 2013 (HKLM-x32\...\Autodesk Design Review 2013) (Version: 13.0.0.82 - Autodesk, Inc.)
Autodesk Design Review 2013 (x32 Version: 13.0.0.82 - Autodesk, Inc.) Hidden
Autodesk Download Manager (HKLM-x32\...\{2F48C80C-3A76-495A-A4B5-C0CC946FEEBD}) (Version: 2.0.6.0 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (HKLM\...\Autodesk Inventor Fusion 2013) (Version: 2.0.0.206 - Autodesk, Inc.)
Autodesk Inventor Fusion 2013 (Version: 2.0.0.206 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (HKLM\...\Autodesk Inventor Fusion plug-in for AutoCAD 2013) (Version: 0.2.0.230 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2013 (Version: 0.2.0.230 - Autodesk) Hidden
Autodesk Material Library 2013 (HKLM-x32\...\{117EBEEB-5DB0-43C8-9FD6-DD583DB152DD}) (Version: 3.0.13 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2013 (HKLM-x32\...\{606E12B9-641F-4644-A22A-FF38AE980AFD}) (Version: 3.0.13 - Autodesk)
Autodesk Sync (HKLM\...\{EE5F74BC-5CD5-4EF2-86BA-81E6CF46A18F}) (Version: 3.5.24.0 - Autodesk, Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Christmas Wonderland 4 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.3 - Anvisoft)
CursorMania Internet Explorer Toolbar (HKLM-x32\...\CursorMania_7lbar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Dragon Assistant Application en-US version 1.5.7 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.7 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.7 - Nuance Communications, Inc.)
Dreamscapes: The Sandman Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DTS Studio Sound (HKLM-x32\...\{F8EB8FFC-C535-49A1-A84D-CC75CB2D6ADA}) (Version: 1.00.0071 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fantastic Finds Triple Pack (x32 Version: 3.0.2.51 - WildTangent) Hidden
Farmington Tales 2 - Winter Crop (x32 Version: 3.0.2.59 - WildTangent) Hidden
FARO LS 1.1.406.58 (HKLM-x32\...\{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}) (Version: 4.6.58.2 - FARO Scanner Production)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.0 - SaveSense) Hidden <==== ATTENTION
Holiday Jigsaw Christmas (x32 Version: 3.0.2.59 - WildTangent) Hidden
IDT Audio Driver (HKLM\...\{11424B27-C16B-4505-9667-82A10AD1B1DC}) (Version: 6.10.6472.0 - IDT)
Inbetween Land (x32 Version: 3.0.2.51 - WildTangent) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.0.1428 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3111 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.5.0.1066 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.5.0.1066 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® WiDi (HKLM\...\{24A36A7A-108C-4846-BE1F-2CD05497B998}) (Version: 4.2.15.0 - Intel Corporation)
Intel® Wireless Bluetooth® 4.0 (HKLM-x32\...\{5832C0C9-5D17-429E-A6E9-F89650BC15EE}) (Version: 3.0.1326.01 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.400 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jet Set Go (x32 Version: 2.2.0.98 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lunch Rush HD (x32 Version: 3.0.2.51 - WildTangent) Hidden
Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minecraft - 1.7.5 Packages (HKCU\...\Minecraft - 1.7.5 Packages) (Version:  - ) <==== ATTENTION
Mod Manager Packages (HKCU\...\Mod Manager Packages) (Version:  - ) <==== ATTENTION
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
New Yankee in Santa's Service (x32 Version: 3.0.2.59 - WildTangent) Hidden
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 21.4.0.13 - Symantec Corporation)
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.3.12 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants Vs Zombies: Game of the Year Edition (HKLM-x32\...\Plants Vs Zombies: Game of the Year Edition) (Version: 1.2.0.1073 - Pogo.com)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
Questerium: Sinister Trinity (x32 Version: 3.0.2.59 - WildTangent) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.21 - Synaptics Incorporated)
The Fog (x32 Version: 3.0.2.59 - WildTangent) Hidden
The Haunted House Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.57.62 - Electronic Arts)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6630.6403 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.5.1.2 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{78931270-BC9E-441A-A52B-73ECD4ACFAB5}) (Version: 3.00.343 - Toshiba Corporation)
TOSHIBA Password Utility (x32 Version: 3.00.343 - Toshiba Corporation) Hidden
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.6.0 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.7.63 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-4150042245-607552300-2321086869-1001_Classes\CLSID\{6A221957-2D85-42A7-8E19-BE33950D1DEB}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4150042245-607552300-2321086869-1001_Classes\CLSID\{BD0DEB94-63DB-4392-9420-6EEE05094B1F}\localserver32 -> C:\Program Files\Autodesk\AutoCAD 2013\acad.exe (Autodesk, Inc.)
CustomCLSID: HKU\S-1-5-21-4150042245-607552300-2321086869-1001_Classes\CLSID\{E2C40589-DE61-11ce-BAE0-0020AF6D7005}\InprocServer32 -> C:\Program Files\Autodesk\AutoCAD 2013\en-US\acadficn.dll (Autodesk, Inc.)
 
==================== Restore Points  =========================
 
18-07-2014 01:57:19 Scheduled Checkpoint
25-07-2014 19:45:02 Scheduled Checkpoint
03-08-2014 23:15:02 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {035E6DF0-FE7F-4558-B2CB-ADD6788B1E16} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2AAF432F-2F2D-41C6-8FFF-A3F277E268FE} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Pogo Games\PogoDGC.exe [2013-03-25] (iWin Inc.)
Task: {39E3A06B-F7B9-4645-B3D6-D00F06C4E246} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {53720575-D17B-44FA-9232-718835B89783} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {615C6115-08D3-4F1F-BAB2-8D8DBE19CB53} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {65271665-BDB5-40D2-895A-5DA70868DD8F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {7BA777C8-E3B6-4F31-8EAD-4AF94376DE86} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {87438B8A-6D14-4DB2-91BE-06036F54A584} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {8E7EA195-DF62-4948-B7ED-08ADA0C7A984} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\WSCStub.exe [2014-06-26] (Symantec Corporation)
Task: {90AA60CD-483C-4A52-975B-1F03EE68AEE4} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9C1869CE-D61D-4421-A516-E0DEC38A1534} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\21.4.0.13\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A28C1D17-4B22-4C5D-B035-92BE5F0CFBA4} - System32\Tasks\Norton Online Backup ARA => C:\Program Files (x86)\Norton Online Backup ARA\Engine\4.3.0.14\\Ara.exe [2013-08-27] (Symantec Corporation)
Task: {A3263053-CADC-4C72-80C7-0D9444C6CBC0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-07-08] (Google Inc.)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C44C5780-FD16-447A-983A-E40591386CD3} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.3.12\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C824A30F-83E5-45B5-B321-9F801302EB9F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-08-28] (Synaptics Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F0E05F86-8639-4B71-96D6-494AE1617426} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {F2700E0E-2D41-4229-B548-9005685DABF2} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
Task: {F274B7D8-C750-438F-AC0C-25A5828E7051} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-27 14:53 - 2013-03-27 14:53 - 00163168 _____ () C:\Program Files (x86)\TOSHIBA\PasswordUtility\GFNEXSrv.exe
2014-05-06 02:25 - 2014-05-06 02:25 - 00284960 _____ () C:\Program Files (x86)\Common Files\ChromeHelper\ChromeHelperUpdt.exe
2014-05-06 02:24 - 2014-05-06 02:24 - 00252928 _____ () C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
2013-05-09 09:49 - 2013-05-09 09:49 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2014-05-25 09:05 - 2014-05-25 09:05 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-04 15:01 - 2012-08-04 15:01 - 00213136 _____ () C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2011-08-12 14:57 - 2011-08-12 14:57 - 00437632 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
2014-07-16 20:33 - 2014-07-16 20:33 - 01179136 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\cce138051887d83dccffdc206031b09f\Windows.UI.ni.dll
2014-07-22 13:02 - 2014-07-22 13:02 - 00351232 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\c355b610137057eab41db4660c5c19e1\Windows.Data.ni.dll
2014-07-16 20:33 - 2014-07-16 20:33 - 00295936 _____ () C:\windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\674a093211b1f8a3e570f640741e3b98\Windows.Foundation.ni.dll
2013-09-13 00:05 - 2013-05-02 11:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-09-13 00:05 - 2013-05-02 11:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-09-13 00:05 - 2013-05-02 11:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-09-13 00:05 - 2013-05-02 11:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-09-13 00:05 - 2013-05-02 11:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-09-13 00:05 - 2013-05-02 11:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-09-13 00:05 - 2013-05-02 11:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2014-05-28 23:47 - 2014-05-28 23:47 - 00018616 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\Public.dll
2013-11-27 02:33 - 2013-11-27 02:33 - 00156344 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\ui.dll
2013-11-27 02:33 - 2013-11-27 02:33 - 00090808 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\libglognc.dll
2014-05-28 23:47 - 2014-05-28 23:47 - 00028856 _____ () C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\TestExtention.dll
2013-09-12 23:32 - 2013-05-01 14:52 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-07-17 20:19 - 2014-07-15 02:24 - 00718664 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libglesv2.dll
2014-07-17 20:19 - 2014-07-15 02:24 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\libegl.dll
2014-07-17 20:19 - 2014-07-15 02:24 - 08537928 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\pdf.dll
2014-07-17 20:19 - 2014-07-15 02:24 - 00353096 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ppGoogleNaClPluginChrome.dll
2014-07-17 20:19 - 2014-07-15 02:24 - 01732936 _____ () C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:EF460F24
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
==================== Faulty Device Manager Devices =============
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/05/2014 05:13:14 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
Error: (08/05/2014 05:13:14 PM) (Source: ConvertFilesforFree) (EventID: 2) (User: )
Description: Can't parse JSON update object
 
 
CodeIntegrity Errors:
===================================
  Date: 2013-10-25 18:48:19.885
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files (x86)\Common Files\Toshiba Shared\TosQEP64.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 38%
Total physical RAM: 6056.3 MB
Available physical RAM: 3729.67 MB
Total Pagefile: 7016.3 MB
Available Pagefile: 4562.47 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI10671000C) (Fixed) (Total:684.89 GB) (Free:625.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 05 August 2014 - 11:18 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   3.04KB   2 downloads

 

How is your machine running after this fix?

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 LostJ

LostJ
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 06 August 2014 - 12:09 PM

Yep, the pop ups seem to have gone. I can't be sure that everything is fine, but it sure seems like it. Could you tell me what you found wrong with the PC in those logs?

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-08-2014
Ran by Elzire at 2014-08-06 10:02:09 Run:1
Running from C:\Users\Elzire\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Program Files (x86)\CursorMania_7l
HKLM\...\Run: [CursorMania Home Page Guard 64 bit] => C:\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegrator64.exe [485960 2014-07-16] ( )
HKLM-x32\...\Run: [CursorMania EPM Support] => C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lmedint.exe [12872 2014-07-16] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [CursorMania Search Scope Monitor] => C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrchMn.exe [55368 2014-07-16] (Mindspark)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.51searchengines.com/?opts=no&hp=g1&d=2014-07-28
SearchScopes: HKLM-x32 - {B187A959-52A2-4F82-929E-D4879D5E7996} URL = http://search.nation.com/?orig=DS&affid=14000&cztbid=1684106338&q={searchTerms}
BHO: ConvertFilesforFree -> {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -> C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO-x32: ConvertFilesforFree -> {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} -> C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
C:\Program Files (x86)\Convert Files for Free
BHO-x32: Search Assistant BHO -> {76cab667-1cd5-410f-8047-b08ab01a92a2} -> C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll (Mindspark)
BHO-x32: Toolbar BHO -> {936d1cc6-4508-4607-9638-8c714e9dc809} -> C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll (Mindspark)
Toolbar: HKLM-x32 - CursorMania - {2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll (Mindspark)
Toolbar: HKLM-x32 - CursorMania - {2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll (Mindspark)Toolbar: HKCU - CursorMania - {2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7} - C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll (Mindspark)
FF Plugin-x32: @CursorMania_7l.com/Plugin -> C:\Program Files (x86)\CursorMania_7l\bar\1.bin\NP7lStub.dll (Mindspark)
FF Plugin-x32: @popularscreensavers.com/Plugin -> C:\Program Files (x86)\PopularScreensavers\NPp5Stub.dll No File
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-05-06] () [File not signed]
R2 CursorMania_7lService; C:\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbarsvc.exe [88648 2014-07-16] (COMPANYVERS_NAME)
2014-07-16 22:58 - 2014-07-16 22:58 - 00000000 ____D () C:\Users\Elzire\AppData\Local\CursorMania_7l
2014-07-29 13:28 - 2014-07-29 13:28 - 00000000 ____D () C:\Users\Julianna\AppData\Local\CursorMania_7l
C:\Users\Elzire\AppData\Local\Temp\Quarantine.exe
*****************
 
C:\Program Files (x86)\CursorMania_7l => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\CursorMania Home Page Guard 64 bit => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CursorMania EPM Support => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CursorMania Search Scope Monitor => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B187A959-52A2-4F82-929E-D4879D5E7996}" => Key deleted successfully.
"HKCR\CLSID\{B187A959-52A2-4F82-929E-D4879D5E7996}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{B187A959-52A2-4F82-929E-D4879D5E7996}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{B187A959-52A2-4F82-929E-D4879D5E7996}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}" => Key deleted successfully.
"HKCR\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB}" => Key deleted successfully.
C:\Program Files (x86)\Convert Files for Free => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76cab667-1cd5-410f-8047-b08ab01a92a2}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{76cab667-1cd5-410f-8047-b08ab01a92a2}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{936d1cc6-4508-4607-9638-8c714e9dc809}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{936d1cc6-4508-4607-9638-8c714e9dc809}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7} => Value not found.
"HKCR\Wow6432Node\CLSID\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7}" => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@CursorMania_7l.com/Plugin" => Key deleted successfully.
FF Plugin-x32: @CursorMania_7l.com/Plugin -> C:\Program Files (x86)\CursorMania_7l\bar\1.bin\NP7lStub.dll (Mindspark) not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@popularscreensavers.com/Plugin" => Key deleted successfully.
ConvertFilesforFreeUpdt => Unable to stop service
ConvertFilesforFreeUpdt => Service deleted successfully.
CursorMania_7lService => Unable to stop service
CursorMania_7lService => Service deleted successfully.
C:\Users\Elzire\AppData\Local\CursorMania_7l => Moved successfully.
C:\Users\Julianna\AppData\Local\CursorMania_7l => Moved successfully.
C:\Users\Elzire\AppData\Local\Temp\Quarantine.exe => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====


#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 06 August 2014 - 02:31 PM

Hello,

The computer was massively infected with multiple adwares and viruses. Let's do a final check for any leftovers.

 

1.

Please download Malwarebytes Anti-Malware photo.jpg?sz=48 and save it to your desktop.

  • Double-click on the setup file (mbam-setup.exe), then click on Run to install.
  • Malwarebytes will automatically open to it's Dashboard. If you have never run this version, you should see a red note at the top indicating "A scan has never been run on your system"
     
    malwarebytes-anti-malware-fix-now.jpg
    .
  • Click on Update Now to download the current database definitions, then click the Scan Now >> button.
    .
  • If you have run this version before, you should see a green note at the top indicating "Your system is fully protected".
  • You will be prompted to update Malwarebytes...click on the Update Now button.
     
    malwarebytes-anti-malware-2-0-update-now
    .
  • The THREAT SCAN will automatically begin.
     
    malwarebytes-anti-malware-scan.jpg
    .
  • When the scan has completed, the results will be displayed. Click on Quarantine All, then click on Apply Actions.
     
    malwarebytes-anti-malware-potential-thre
    .
  • To complete any actions taken you will be prompted to restart your computer...click on Yes. Failure to reboot normally will prevent Malwarebytes from removing all the malware.
     
    mbam4_zps490948cc.png
    .
  • After rebooting the computer, copy and past the mbam.log in your next reply.

.
To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 1)

  • Open Malwarebytes Anti-Malware.
  • Click the History Tab at the top and select Application Logs.
  • Select (check) the box next to Scan Log. Choose the most current scan.
  • Click the View button.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

To retrieve the Malwarebytes Anti-Malware 2.0 scan log information (Method 2)

  • Open Malwarebytes Anti-Malware.
  • Click the Scan Tab at the top.
  • Click the View detailed log link on the right.
  • Click Copy to Clipboard at the bottom...come back to this thread, click Add Reply, then right-click and choose Paste.
  • Alternatively, you can click Export and save the log as a .txt file on your Desktop or another location.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.

Logs are named by the date of scan in the following format: mbam-log-yyyy-mm-dd and automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7/8: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

 

 

2.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
 

  • Please go here then click on: EOLS1.gif

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option   YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is checked, and the option Scan archives is  checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
 

Things to include in your next reply::

MBAM log

Eset log

How is your machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 LostJ

LostJ
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 08 August 2014 - 02:12 AM

After the Malwarebytes program found some things, it continued on to delete those nuisances. However, after the computer tried restarting, it failed twice, citing some error with the boot up process. It proceeded to ask if I wanted to restore to a restore point to which I said cancel. From then on the computer stuck in a loading phase and would not move on. I felt like I had no choice but to power it off and then on. 

 

As for the ESET tool, the log looks quite empty and I'm not sure if that's teh effect your'e going for so I'll put up the stuff that was removed as well. 

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
 
 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Temp\nsy658.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\del_DM_LL_nsn3950.dll.vir a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Movies Toolbar\Datamngr\x64\del_DM_LL_nsn3950.dll.vir a variant of Win64/Toolbar.SearchSuite.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5cjpeg.dll.vir a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5Html.dll.vir a variant of Win32/Toolbar.MyWebSearch.F potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5Plugin.dll.vir a variant of Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5PSSavr.scr.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PopularScreensavers\p5ScrCtr.dll.vir a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir Win32/Toolbar.SearchSuite.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir Win64/Toolbar.SearchSuite.B potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Elzire\AppData\Local\SaveSense\SaveSenseIE.dll.vir Win32/SaveSense.A potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Elzire\AppData\Local\SaveSense\SaveSenseUpdateVer.exe.vir a variant of Win32/DealPly.M potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Elzire\AppData\Roaming\1H1Q\Minecraft - 1.7.5 Packages\uninstaller.exe.vir Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Elzire\AppData\Roaming\Systweak\ssd\SSDPTstub.exe.vir Win32/Systweak.G potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\windows\System32\drivers\{42e50651-9669-456e-9081-d5a836274274}w64.sys.vir Win64/Riskware.NetFilter.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\windows\SysWOW64\p5PSSavr.scr.vir Win32/Toolbar.MyWebSearch potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lauxstb.dll a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lauxstb64.dll a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbar.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbarsvc.exe a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbprtct.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon.exe a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrmon64.exe a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrstub.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lbrstub64.dll a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7ldatact.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7ldlghk.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7ldlghk64.dll a variant of Win64/Toolbar.MyWebSearch.B potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lfeedmg.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lhtmlmu.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lhttpct.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lidle.dll a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lieovr.dll Win32/Toolbar.MyWebSearch.AG potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lmlbtn.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lPlugin.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lradio.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lregfft.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lregiet.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lscript.dll a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lskin.dll probably a variant of Win32/Toolbar.MyWebSearch.P potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lSrcAs.dll a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7lsrchmr.dll a variant of Win32/Toolbar.MyWebSearch.AE potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\7ltpinst.dll a variant of Win32/Toolbar.MyWebSearch.AA potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegrator64.exe a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\AppIntegratorStub64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\ASSISTMONITOR.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\ASSISTMONITOR64.DLL a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\CREXT.DLL a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\CrExtP7l.exe a variant of Win32/Toolbar.MyWebSearch.Z potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\Hpg64.dll a variant of Win64/Toolbar.MyWebSearch.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\T8EPMSUP.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\T8EXTEX.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\T8EXTPEX.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\T8HTML.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\T8TICKER.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\VERIFY.DLL a variant of Win32/Toolbar.MyWebSearch.AC potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Program Files (x86)\CursorMania_7l\bar\1.bin\assists\ie_default_search_provider\ASSIST.EXE Win32/Toolbar.MyWebSearch.AF potentially unwanted application deleted - quarantined
C:\Users\Elzire\AppData\LocalLow\CursorMania_7lEI\Installr\Cache\113749DE.exe a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application deleted - quarantined
C:\Users\Elzire\AppData\LocalLow\GuffinsEI\Installr\Cache\D8E06B4B.exe a variant of Win32/Toolbar.MyWebSearch.V potentially unwanted application deleted - quarantined
C:\Users\Elzire\AppData\Roaming\0S1F1O2Z0S2Y1H1T\Mod Manager Packages\uninstaller.exe Win32/InstallCore.AZ potentially unwanted application deleted - quarantined
C:\Users\Elzire\Downloads\ccsetup416 (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Elzire\Downloads\ccsetup416.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Temp\nsy658.tmp\Helper.dll a variant of Win32/Toolbar.SearchSuite.C potentially unwanted application deleted - quarantined
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/7/2014
Scan Time: 9:27:02 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.08.08.01
Rootkit Database: v2014.08.04.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: Elzire
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344192
Time Elapsed: 10 min, 15 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 20
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CLSID\{2d38d9ef-b94e-4ed8-8564-3ac2cf8b88f7}, Quarantined, [9a877153f58663d33041356c38ca6e92], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [9a877153f58663d33041356c38ca6e92], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [9a877153f58663d33041356c38ca6e92], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CLSID\{76cab667-1cd5-410f-8047-b08ab01a92a2}, Quarantined, [0c159e266b10de58cd999b06bb47d927], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{76CAB667-1CD5-410F-8047-B08AB01A92A2}, Quarantined, [0c159e266b10de58cd999b06bb47d927], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{76CAB667-1CD5-410F-8047-B08AB01A92A2}, Quarantined, [0c159e266b10de58cd999b06bb47d927], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\CLSID\{936d1cc6-4508-4607-9638-8c714e9dc809}, Quarantined, [a67b992b037887af3632534e0cf6c63a], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{936D1CC6-4508-4607-9638-8C714E9DC809}, Quarantined, [a67b992b037887af3632534e0cf6c63a], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{936D1CC6-4508-4607-9638-8C714E9DC809}, Quarantined, [a67b992b037887af3632534e0cf6c63a], 
PUP.Optional.SaveSense.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{71e129ff-6c2a-4984-818c-7e2c998b8d99}, Quarantined, [879a982cd7a4f2448bdd7fe9679b5da3], 
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\ConvertFilesforFree.1, Quarantined, [9a872e960873f3433012e38599699868], 
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConvertFilesforFree.1, Quarantined, [c160ffc50e6de155ee54bdab8d7512ee], 
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [ae73f3d158231d198e881f1c13f1b44c], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CursorMania_7l, Quarantined, [cf52ecd892e9d4628a06be754fb5cf31], 
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\Guffins, Quarantined, [53cefaca2a5150e6987635ff60a4718f], 
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\ZUPDATER\ConvertFilesforFreeUpdt.exe, Quarantined, [b36e6d57304b3afcd783e1140ef437c9], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CursorMania_7l, Quarantined, [5bc601c3a8d3a19541509a99b351738d], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Guffins, Quarantined, [54cdbb09780375c144cbc074996b9a66], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CursorMania_7l, Quarantined, [8998f4d02952c86e396d6c7b7191f20e], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Guffins, Quarantined, [61c02f95afcc77bfc6ede7007290ce32], 
 
Registry Values: 4
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, ïÃ8-N¹ÃNâ¦d:ÃÃâ¹Ë÷, Quarantined, [9a877153f58663d33041356c38ca6e92]
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{2D38D9EF-B94E-4ED8-8564-3AC2CF8B88F7}, Quarantined, [2100d6ee0a711224442ddfc2ed157c84], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{5b9e2a0b-c94b-46a5-b53c-5892834c0d3e}, Quarantined, [48d9c20295e623136ef4d1d04fb3a759], 
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4150042245-607552300-2321086869-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{5B9E2A0B-C94B-46A5-B53C-5892834C0D3E}, Quarantined, [48d9c20295e623136ef4d1d04fb3a759], 
 
Registry Data: 0
(No malicious items detected)
 
Folders: 8
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\History, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Settings, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Julianna\AppData\LocalLow\CursorMania_7l, Quarantined, [4fd2ac18ccaf45f130a7645e91710bf5], 
PUP.Optional.MindSpark.A, C:\Users\Julianna\AppData\LocalLow\CursorMania_7l\bar, Quarantined, [4fd2ac18ccaf45f130a7645e91710bf5], 
PUP.Optional.MindSpark.A, C:\Users\Julianna\AppData\LocalLow\CursorMania_7l\bar\Settings, Quarantined, [4fd2ac18ccaf45f130a7645e91710bf5], 
 
Files: 21
PUP.Optional.Quiknowledge.A, C:\Windows\System32\Drivers\qknfd.sys, Quarantined, [2bf6477d18632e08f8be5e0f20e1f709], 
PUP.Optional.OptimumInstaller.A, C:\Users\Elzire\Downloads\Flash_Player_Pro_Setup (1).exe, Quarantined, [c958b311314a0c2aab5ac791629f7b85], 
PUP.Optional.OptimumInstaller.A, C:\Users\Elzire\Downloads\Flash_Player_Pro_Setup (2).exe, Quarantined, [021fcff5eb909d996f960553c140f709], 
PUP.Optional.OptimumInstaller.A, C:\Users\Elzire\Downloads\Flash_Player_Pro_Setup.exe, Quarantined, [c9589e260477082e33d24b0d4eb3c838], 
PUP.Optional.AirAdInstaller, C:\Users\Elzire\Downloads\Setup.exe, Quarantined, [b96810b4aecdd95d88a4ba803cc4f30d], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137C8D2, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CA1A, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CB05.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CB62.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CBDF.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CC3D.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CCBA.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CD18.cab, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CDE3.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CE12.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CE7F.cab, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CEFC.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\1137CF5A.bmp, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Cache\files.ini, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\History\search3, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
PUP.Optional.MindSpark.A, C:\Users\Elzire\AppData\LocalLow\CursorMania_7l\bar\Settings\prevcfg2.htm, Quarantined, [2100a4205b200c2a90479a28f50dcf31], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 08 August 2014 - 09:52 AM

So does the computer boot fine now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 LostJ

LostJ
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:10 AM

Posted 11 August 2014 - 12:03 PM

I suppose it does. It really does all seem clear. Hopefully this won't happen again. Thank you so much for your help and time. 



#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 11 August 2014 - 07:46 PM

Please run Malwarebytes again and post the log. we like to see all 0's.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#13 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:10 PM

Posted 15 August 2014 - 05:37 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users