Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

infected but not sure with what


  • This topic is locked This topic is locked
13 replies to this topic

#1 wingman1001

wingman1001

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 15 August 2014 - 10:45 AM

I constantly keep having pop ups from mcafee regarding virus protection DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16521 Run by VMarie at 8:33:39 on 2014-08-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3559.1023 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files (x86)\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\axsmqwiahk64.exe C:\Program Files (x86)\Coupons\CouponPrinterService.exe C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\Program Files\004\rqpbhevlkc64.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\windows\system32\svchost.exe -k imgsvc C:\windows\system32\TODDSrv.exe C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\TOSHIBA\TECO\TecoService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\windows\system32\SearchIndexer.exe C:\windows\System32\alg.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\taskhost.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Toshiba\Power Saver\TPwrMain.exe C:\Program Files\Toshiba\FlashCards\TCrdMain.exe C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Toshiba\TECO\Teco.exe C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\windows\splwow64.exe C:\windows\system32\svchost.exe -k SDRSVC c:\Program Files\Microsoft Security Client\MpCmdRun.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\taskeng.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y mStart Page = hxxp://rocket-find.com/?f=1&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyByB0BzyyCtB0AtAzztDtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyCyByB0ByCyCtBtCtG0C0EyEyEtG0ByE0EtDtGzy0DyCyEtGyE0ByDtDtByDyE0F0E0Czy0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtA0CyCyC0DtBtGzz0BzyyDtG0BzzyBtAtG0D0A0EzztGtD0A0CtA0AyDyBtDzyyDyDtD2Q&cr=1383648159&ir= mWinlogon: Userinit = userinit.exe BHO: CouponDownloader: {04b93bad-361d-561a-8b0a-79299d443db4} - C:\Program Files\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\cwmsxutswc.dll BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll BHO: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler uRun: [Internet Security] C:\Users\VMarie\AppData\Roaming\madefender.exe uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A31T0J005KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1 uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{2756F111-7C24-4F68-B09E-FE0B12F80053} : DHCPNameServer = 198.224.173.135 198.224.174.135 TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\259636B6370275962756C6563737F58747 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\64355524F4F4B435 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\659636B69672370296051646 : DHCPNameServer = 198.224.174.135 198.224.173.135 TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\659636B696D4162796562E08993702960586F6E656 : DHCPNameServer = 198.224.173.135 198.224.174.135 TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\84F4D454D263349323 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\E45445745414254313 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{E85577F1-A79F-40F0-BC85-61D3EB5367A7} : DHCPNameServer = 192.168.1.1 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-mStart Page = hxxp://rocket-find.com/?f=1&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyByB0BzyyCtB0AtAzztDtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyCyByB0ByCyCtBtCtG0C0EyEyEtG0ByE0EtDtGzy0DyCyEtGyE0ByDtDtByDyE0F0E0Czy0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtA0CyCyC0DtBtGzz0BzyyDtG0BzzyBtAtG0D0A0EzztGtD0A0CtA0AyDyBtDzyyDyDtD2Q&cr=1383648159&ir= x64-mDefault_Page_URL = hxxp://start.toshiba.com/ x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - x64-SSODL: WebCheck - . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512] R1 AntiLog32;AntiLog32;C:\windows\System32\drivers\AntiLog64.sys [2014-6-10 49752] R1 netfilter64;netfilter64;C:\windows\System32\drivers\netfilter64.sys [2014-7-11 46376] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-5-16 204288] R2 CouponDownloaderService64;CouponDownloaderService64;C:\Program Files (x86)\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\axsmqwiahk64.exe [2014-7-11 172544] R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504] R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-10-15 311184] R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2014-6-25 40240] R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2014-3-23 225792] R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928] R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2013-5-16 123320] R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2013-5-16 126392] R2 rqpbhevlkc64;rqpbhevlkc64;C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 --> C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 [?] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944] R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848] R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-5-16 116752] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872] R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-5-16 38096] R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800] R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568] R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144] R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576] R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840] R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528] R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-5-16 57216] R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152] R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088] S2 ZAPrivacyService;ZoneAlarm Privacy Service;"C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" --> C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [?] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-14 111616] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256] S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-5-6 19456] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-5-16 250984] S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2013-5-16 307304] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-5-16 1109096] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-5-6 56832] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-5-6 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-5-17 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2014-08-11 02:35:13 -------- d-----w- C:\Users\VMarie\AppData\Local\{39C02BF6-8DD1-488E-A25C-02B140639BE5} 2014-08-11 02:34:34 -------- d-----w- C:\Users\VMarie\AppData\Local\{B488E4C4-014B-4A37-ADFB-33CCB9D3ABC7} 2014-08-11 02:00:36 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B207A6E-A9E1-43CD-B628-32405D77AAFB}\mpengine.dll 2014-08-09 02:37:26 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2014-08-09 02:34:09 -------- d-----w- C:\Users\VMarie\AppData\Local\{8FEC948E-2C62-4CA4-8413-06E9765FD89E} 2014-08-09 02:29:38 -------- d-----w- C:\Users\VMarie\AppData\Local\{1152111B-B053-4A89-B92B-A831C163D515} 2014-08-07 23:21:55 -------- d-----w- C:\Program Files\iPod 2014-08-07 23:21:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-08-07 23:21:54 -------- d-----w- C:\Program Files\iTunes 2014-08-07 23:21:54 -------- d-----w- C:\Program Files (x86)\iTunes 2014-08-06 18:51:30 -------- d-----w- C:\Program Files (x86)\Coupons 2014-08-06 17:49:52 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E01A5E38-F936-4733-94B6-C7CCE9DF2C84}\gapaengine.dll 2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll 2014-07-26 02:04:49 -------- d-----w- C:\Users\VMarie\AppData\Local\{3779CE3F-98A5-4CF4-A6DB-108132858CD0} 2014-07-26 02:03:40 -------- d-----w- C:\Users\VMarie\AppData\Local\{7FCD6E49-7F62-45DE-8519-CDAB5045999E} 2014-07-26 01:25:24 -------- d-----w- C:\Users\VMarie\AppData\Local\{994B91B5-51D5-4F37-99D0-5E84076DF311} 2014-07-26 01:23:40 -------- d-----w- C:\Users\VMarie\AppData\Local\{94C301D9-4802-4654-83A8-0BA6C8BA72C2} 2014-07-24 04:09:55 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2014-07-24 04:09:33 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2014-07-24 04:09:20 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll . ==================== Find3M ==================== . 2014-08-06 17:57:12 369168 ----a-w- C:\windows\System32\wpcap.dll 2014-08-06 17:57:12 35344 ----a-w- C:\windows\System32\drivers\npf.sys 2014-08-06 17:57:12 281104 ----a-w- C:\windows\SysWow64\wpcap.dll 2014-08-06 17:57:12 106000 ----a-w- C:\windows\System32\packet.dll 2014-08-06 17:57:11 96784 ----a-w- C:\windows\SysWow64\packet.dll 2014-07-26 01:17:09 49752 ----a-w- C:\windows\System32\drivers\AntiLog64.sys 2014-07-15 18:16:21 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-07-15 18:16:21 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2014-07-11 14:11:42 46376 ----a-w- C:\windows\System32\drivers\netfilter64.sys 2014-06-30 02:09:33 519168 ----a-w- C:\windows\System32\aepdu.dll 2014-06-30 02:04:49 424448 ----a-w- C:\windows\System32\aeinv.dll 2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe 2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe 2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys 2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll 2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll 2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll 2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll 2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll 2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll 2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll 2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll 2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll 2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll 2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll 2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll 2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll 2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll 2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll 2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys 2014-05-23 23:27:57 444912 ----a-w- C:\windows\CouponPrinter.ocx 2014-05-23 23:27:56 659440 ----a-w- C:\windows\couponprinter_x64.ocx . ============= FINISH: 8:35:29.24 ===============

BC AdBot (Login to Remove)

 


#2 wingman1001

wingman1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 15 August 2014 - 11:02 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521
Run by VMarie at 8:33:39 on 2014-08-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3559.1023 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\atieclxx.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\axsmqwiahk64.exe
C:\Program Files (x86)\Coupons\CouponPrinterService.exe
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\Program Files\004\rqpbhevlkc64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\System32\alg.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\splwow64.exe
C:\windows\system32\svchost.exe -k SDRSVC
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
mStart Page = hxxp://rocket-find.com/?
 
f=1&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyByB0BzyyCtB0AtAzztDtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1
 
Qzu2SyCyByB0ByCyCtBtCtG0C0EyEyEtG0ByE0EtDtGzy0DyCyEtGyE0ByDtDtByDyE0F0E0Czy0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtA0CyCyC0DtBtGzz0BzyyDtG0BzzyBtAtG0D0A0EzztGtD
 
0A0CtA0AyDyBtDzyyDyDtD2Q&cr=1383648159&ir=
mWinlogon: Userinit = userinit.exe
BHO: CouponDownloader: {04b93bad-361d-561a-8b0a-79299d443db4} - C:\Program Files\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\cwmsxutswc.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Dragon NaturallySpeaking Rich Internet Application Support - Extension: {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance
 
\NaturallySpeaking12\Program\ieShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll
BHO: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [Internet Security] C:\Users\VMarie\AppData\Roaming\madefender.exe
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN1A31T0J005KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -
 
AutoStart 1
uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking12\Ereg.ini"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{2756F111-7C24-4F68-B09E-FE0B12F80053} : DHCPNameServer = 198.224.173.135 198.224.174.135
TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\259636B6370275962756C6563737F58747 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\64355524F4F4B435 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\659636B69672370296051646 : DHCPNameServer = 198.224.174.135 198.224.173.135
TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\659636B696D4162796562E08993702960586F6E656 : DHCPNameServer = 198.224.173.135 198.224.174.135
TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\84F4D454D263349323 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}\E45445745414254313 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E85577F1-A79F-40F0-BC85-61D3EB5367A7} : DHCPNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe" --configure-user-settings --verbose-
 
logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://rocket-find.com/?
 
f=1&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyByB0BzyyCtB0AtAzztDtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1
 
Qzu2SyCyByB0ByCyCtBtCtG0C0EyEyEtG0ByE0EtDtGzy0DyCyEtGyE0ByDtDtByDyE0F0E0Czy0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtA0CyCyC0DtBtGzz0BzyyDtG0BzzyBtAtG0D0A0EzztGtD
 
0A0CtA0AyDyBtDzyyDyDtD2Q&cr=1383648159&ir=
x64-mDefault_Page_URL = hxxp://start.toshiba.com/
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in
 
\x64\TOSHIBAMediaControllerIE.dll
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R1 AntiLog32;AntiLog32;C:\windows\System32\drivers\AntiLog64.sys [2014-6-10 49752]
R1 netfilter64;netfilter64;C:\windows\System32\drivers\netfilter64.sys [2014-7-11 46376]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2013-5-16 204288]
R2 CouponDownloaderService64;CouponDownloaderService64;C:\Program Files (x86)\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\axsmqwiahk64.exe [2014-7-11 172544]
R2 CouponPrinterService;Coupon Printer Service;C:\Program Files (x86)\Coupons\CouponPrinterService.exe [2014-2-13 177136]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2013-10-15 311184]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2014-6-25 40240]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2014-3-23 225792]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-9-27 133928]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe [2013
 
-5-16 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2013-5-16 126392]
R2 rqpbhevlkc64;rqpbhevlkc64;C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 --> 
 
C:\Program Files\004\rqpbhevlkc64.exe run options=01100010040000000000000000000000 sourceguid=7B0A8368-1A6F-48A5-B236-8BD61816B3F9 [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-5-24 294848]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2013-5-16 116752]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2011-2-9 77424]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-5-16 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2013-5-2 1514568]
R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-5-16 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-6-27 828856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 ZAPrivacyService;ZoneAlarm Privacy Service;"C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe" --> C:\Program Files (x86)\CheckPoint\ZoneAlarm
 
\ZAPrivacyService.exe [?]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-3-14 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-5-6 19456]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2013-5-16 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2013-5-16 307304]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-5-16 1109096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-5-6 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2014-5-6 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-5-17 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-08-11 02:35:13 -------- d-----w- C:\Users\VMarie\AppData\Local\{39C02BF6-8DD1-488E-A25C-02B140639BE5}
2014-08-11 02:34:34 -------- d-----w- C:\Users\VMarie\AppData\Local\{B488E4C4-014B-4A37-ADFB-33CCB9D3ABC7}
2014-08-11 02:00:36 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0B207A6E-A9E1-43CD-B628-
 
32405D77AAFB}\mpengine.dll
2014-08-09 02:37:26 10924376 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-08-09 02:34:09 -------- d-----w- C:\Users\VMarie\AppData\Local\{8FEC948E-2C62-4CA4-8413-06E9765FD89E}
2014-08-09 02:29:38 -------- d-----w- C:\Users\VMarie\AppData\Local\{1152111B-B053-4A89-B92B-A831C163D515}
2014-08-07 23:21:55 -------- d-----w- C:\Program Files\iPod
2014-08-07 23:21:54 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-08-07 23:21:54 -------- d-----w- C:\Program Files\iTunes
2014-08-07 23:21:54 -------- d-----w- C:\Program Files (x86)\iTunes
2014-08-06 18:51:30 -------- d-----w- C:\Program Files (x86)\Coupons
2014-08-06 17:49:52 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E01A5E38-F936-4733-94B6-C7CCE9DF2C84}\gapaengine.dll
2014-08-05 17:20:22 227728 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-07-26 02:04:49 -------- d-----w- C:\Users\VMarie\AppData\Local\{3779CE3F-98A5-4CF4-A6DB-108132858CD0}
2014-07-26 02:03:40 -------- d-----w- C:\Users\VMarie\AppData\Local\{7FCD6E49-7F62-45DE-8519-CDAB5045999E}
2014-07-26 01:25:24 -------- d-----w- C:\Users\VMarie\AppData\Local\{994B91B5-51D5-4F37-99D0-5E84076DF311}
2014-07-26 01:23:40 -------- d-----w- C:\Users\VMarie\AppData\Local\{94C301D9-4802-4654-83A8-0BA6C8BA72C2}
2014-07-24 04:09:55 736952 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-07-24 04:09:33 2876528 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-07-24 04:09:20 42168 ----a-w- C:\ProgramData\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
.
==================== Find3M  ====================
.
2014-08-06 17:57:12 369168 ----a-w- C:\windows\System32\wpcap.dll
2014-08-06 17:57:12 35344 ----a-w- C:\windows\System32\drivers\npf.sys
2014-08-06 17:57:12 281104 ----a-w- C:\windows\SysWow64\wpcap.dll
2014-08-06 17:57:12 106000 ----a-w- C:\windows\System32\packet.dll
2014-08-06 17:57:11 96784 ----a-w- C:\windows\SysWow64\packet.dll
2014-07-26 01:17:09 49752 ----a-w- C:\windows\System32\drivers\AntiLog64.sys
2014-07-15 18:16:21 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-15 18:16:21 699056 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-07-11 14:11:42 46376 ----a-w- C:\windows\System32\drivers\netfilter64.sys
2014-06-30 02:09:33 519168 ----a-w- C:\windows\System32\aepdu.dll
2014-06-30 02:04:49 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-06-18 02:18:30 692736 ----a-w- C:\windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-06-18 01:10:36 3157504 ----a-w- C:\windows\System32\win32k.sys
2014-06-06 10:10:34 624128 ----a-w- C:\windows\System32\qedit.dll
2014-06-06 09:44:17 509440 ----a-w- C:\windows\SysWow64\qedit.dll
2014-06-05 14:45:15 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-06-05 14:26:58 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-06-05 14:25:49 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-05-30 08:08:52 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-05-30 08:08:49 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-05-30 08:08:47 340992 ----a-w- C:\windows\System32\schannel.dll
2014-05-30 08:08:41 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-05-30 08:08:41 307200 ----a-w- C:\windows\System32\ncrypt.dll
2014-05-30 08:08:36 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-05-30 08:08:31 22016 ----a-w- C:\windows\System32\credssp.dll
2014-05-30 07:52:51 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-05-30 07:52:49 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-05-30 07:52:45 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2014-05-30 07:52:41 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-05-30 07:52:40 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-05-30 07:52:36 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-05-30 07:52:30 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-05-30 06:45:52 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2014-05-23 23:27:57 444912 ----a-w- C:\windows\CouponPrinter.ocx
2014-05-23 23:27:56 659440 ----a-w- C:\windows\couponprinter_x64.ocx
.
=========

Attached Files



#3 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 AM

Posted 16 August 2014 - 11:29 AM

:welcome:

Hello wingman1001,

my name is Jo and I will help you with your computer problems.



Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
It is important for you to check your topic at least once a day for a reply. You cannot rely on the e-mail notification system to inform you of new replies as it is not completely reliable.


***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Download OTL to your desktop.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    Note: These logs can be located in the OTL folder on your C:\ drive if they fail to open automatically.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#4 wingman1001

wingman1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 17 August 2014 - 11:55 AM

here we go

 

 

 Results of screen317's Security Check version 0.99.87  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 Java™ 6 Update 25  
 Java version out of Date!
 Adobe Flash Player 14.0.0.145  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 36.0.1985.143  
 Google Chrome plugins...  
````````Process Check: objlist.exe by Laurent````````
 Norton ccSvcHst.exe 
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 9% 
````````````````````End of Log``````````````````````
 
 

OTL logfile created on: 8/17/2014 9:38:43 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VMarie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.71 Gb Available Physical Memory | 49.22% Memory free
6.95 Gb Paging File | 4.74 Gb Available in Paging File | 68.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.63 Gb Total Space | 288.48 Gb Free Space | 64.16% Space Free | Partition Type: NTFS
 
Computer Name: VMARIE-PC | User Name: VMarie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\VMarie\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
PRC - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Flexera Software LLC.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\1ab52f8951c2ab97592ec25830dd5165\WindowsFormsIntegration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Idena7b556ff#\015abe6306b0573d01ed75bec64cae18\System.IdentityModel.Selectors.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1e5e19d119e04b93da3d45153abd60fd\System.IdentityModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\d7a1bbd56dc15a29c2450b177f9468d7\System.Net.Http.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\24bf0c88c0465485f4b842df043b3f45\System.ServiceModel.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servf73e6522#\0bedc417d3c5dcb1c9a5f15dd733c556\System.ServiceModel.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\b6c7a1ca929c1b10f36b683c9f1a0517\System.Xml.Linq.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\47e7fc401facd4a5d3f2237f16948f36\PresentationFramework-SystemXml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\0d3cb1df8b6af32cebdc6e2cc4948c69\PresentationFramework-SystemXmlLinq.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\af02d03484578dbc357d1df8d1b6fd01\PresentationFramework-SystemData.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\f4354d6580fbb745c0c8acba382a7b84\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\b85a411ce82ba71cd3d77c8c13794f81\System.Web.Services.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\2053b0e14f1e64a5c5d6d1c4d01485a2\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\3fe705796c6a41d4889d9001d1c56af8\System.Xaml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\0893e0e7137e3b2da905da6216b75344\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\a4b45c44490c75bc2fb22780e7ef087d\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\6bbed231aec6fd82547e09474da0b2f9\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f4f6ee0df2aa4189bf36e6335cb92761\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74542efbeb46445949a39026c501132\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\5cd2aee5e7c07227c694d89219688ab3\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\78652b7fa68ee058bff6a118c657f565\SMDiagnostics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f6d7bb59f318c130d68816a89335d05e\System.Runtime.Serialization.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\34b53ecafa1d7ccc7ca961d722b5d983\System.ServiceModel.Internals.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\acf97bfe2a931d4a47253b26b7218991\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\75f8bc4cf08030c4a53b6d5e0ae20046\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Security\fcffb45098807dbf4f96bb133936789a\System.Security.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bada32953bb6b16a53d653eae23d78dc\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\dce99d8de14d8a015313db98c72552ee\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bbc48ec4245e502ae19b0601d3799c9e\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System\ff26cc03e6d57d8abd13b990332e67c6\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (rqpbhevlkc64) -- C:\Program Files\004\rqpbhevlkc64.exe ()
SRV:64bit: - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe (McAfee, Inc.)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (CouponDownloaderService64) -- C:\Program Files (x86)\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\axsmqwiahk64.exe ()
SRV - (IDVaultSvc) -- C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe (White Sky, Inc.)
SRV - (NETGEARGenieDaemon) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NETGEAR)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (AntiLog32) -- C:\Windows\SysNative\drivers\AntiLog64.sys (Zemana Ltd.)
DRV:64bit: - (netfilter64) -- C:\Windows\SysNative\drivers\netfilter64.sys (NetFilterSDK.com)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\drivers\rtwlane.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\..\SearchScopes,DefaultScope = {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{6CCA32BF-8F2B-4324-9E0E-E17EF46E4712}: "URL" = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
IE - HKCU\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\VMarie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013/10/15 11:58:10 | 000,173,427 | ---- | M] ()
 
[2014/04/22 03:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: Xfinity = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb\1_1\
CHR - Extension: Rocket New Tab = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.3.3_0\
CHR - Extension: Google Wallet = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (CouponDownloader) - {04b93bad-361d-561a-8b0a-79299d443db4} - C:\Program Files\7B0A8368-1A6F-48A5-B236-8BD61816B3F9\cwmsxutswc.dll ()
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Dragon NaturallySpeaking Rich Internet Application Support - Extension) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ieShim.dll (Nuance Communications, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Constant Guard Protection Suite) - {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.625.1\NativeBHO.dll (WhiteSky)
O2 - BHO: (no name) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: []  File not found
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\TOSHIBA Sleep Utility\TSleepSrv.exe (TOSHIBA)
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe File not found
O4 - HKCU..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide File not found
O4 - HKCU..\Run: [Google Update] Reg Error: Value error. File not found
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Internet Security] C:\Users\VMarie\AppData\Roaming\madefender.exe File not found
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2756F111-7C24-4F68-B09E-FE0B12F80053}: DhcpNameServer = 198.224.173.135 198.224.174.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E85577F1-A79F-40F0-BC85-61D3EB5367A7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/16 23:58:39 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{059404EB-E762-484C-B224-4082D1FE9845}
[2014/08/16 10:49:12 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/16 10:49:12 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/16 10:49:12 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/16 10:49:12 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/16 10:49:08 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/16 10:49:08 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/16 10:48:38 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/16 10:48:38 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/16 10:02:53 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/16 09:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/16 09:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Users\VMarie\Pavark
[2014/08/16 08:30:05 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{3D3A78B3-83AA-4008-BB29-D128893C7F9C}
[2014/08/16 07:53:57 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/16 07:53:56 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/16 07:53:56 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/16 07:53:55 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/16 07:53:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/16 07:53:55 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/16 07:53:31 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/16 07:53:28 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/16 07:53:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/10 19:35:13 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{39C02BF6-8DD1-488E-A25C-02B140639BE5}
[2014/08/10 19:34:34 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{B488E4C4-014B-4A37-ADFB-33CCB9D3ABC7}
[2014/08/08 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{8FEC948E-2C62-4CA4-8413-06E9765FD89E}
[2014/08/08 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{1152111B-B053-4A89-B92B-A831C163D515}
[2014/08/07 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/07 16:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2014/07/25 19:04:49 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{3779CE3F-98A5-4CF4-A6DB-108132858CD0}
[2014/07/25 19:03:40 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{7FCD6E49-7F62-45DE-8519-CDAB5045999E}
[2014/07/25 18:25:24 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{994B91B5-51D5-4F37-99D0-5E84076DF311}
[2014/07/25 18:23:40 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Local\{94C301D9-4802-4654-83A8-0BA6C8BA72C2}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/17 09:30:00 | 000,000,296 | ---- | M] () -- C:\windows\tasks\Rocket Updater.job
[2014/08/17 09:25:46 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/17 09:22:43 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/17 09:22:43 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/17 09:15:50 | 002,328,194 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/17 09:15:50 | 000,702,736 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/17 09:15:50 | 000,006,434 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/17 09:15:05 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/08/17 08:56:52 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/17 08:56:19 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/17 08:56:14 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/16 09:58:23 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/16 08:30:16 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/15 09:04:34 | 000,002,198 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/08/07 16:23:57 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/06 19:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/06 19:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/06 11:30:02 | 000,000,044 | ---- | M] () -- C:\Users\VMarie\AppData\Roaming\WB.CFG
[2014/08/06 10:57:18 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR Genie.lnk
[2014/08/06 10:57:12 | 000,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\wpcap.dll
[2014/08/06 10:57:12 | 000,281,104 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysWow64\wpcap.dll
[2014/08/06 10:57:12 | 000,106,000 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\packet.dll
[2014/08/06 10:57:12 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\drivers\npf.sys
[2014/08/06 10:57:11 | 000,096,784 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysWow64\packet.dll
[2014/07/25 18:17:09 | 000,049,752 | ---- | M] (Zemana Ltd.) -- C:\windows\SysNative\drivers\AntiLog64.sys
[2014/07/25 18:17:01 | 000,002,218 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
[2014/07/25 18:17:01 | 000,002,200 | ---- | M] () -- C:\Users\Public\Desktop\Constant Guard.lnk
[2014/07/23 21:21:49 | 000,001,175 | ---- | M] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/16 09:58:23 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/07 16:23:57 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/06 11:30:02 | 000,000,044 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\WB.CFG
[2014/07/23 21:21:49 | 000,001,175 | ---- | C] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation.lnk
[2014/06/12 11:56:45 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\Iduninst.dll
[2014/04/22 22:28:03 | 000,015,689 | -H-- | C] () -- C:\windows\SysWow64\BTImages.dat
[2014/04/20 09:40:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/10 21:49:37 | 000,002,075 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\SAS7_000.DAT
[2013/09/08 04:34:30 | 000,008,470 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\UserTile.png
[2013/05/17 05:31:32 | 000,773,940 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/05/16 23:26:22 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/05/16 23:16:40 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/05/16 23:13:44 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/05/16 23:13:44 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/05/16 23:13:44 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/17 13:41:25 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\Book Place
[2014/04/20 10:00:39 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\Canon
[2014/06/28 04:08:29 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\com.sheetmusicplus.DigitalAirPrint2
[2014/01/29 11:30:49 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\Dashlane
[2014/08/17 09:11:03 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\ID Vault
[2013/12/25 10:33:50 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\iStonsoft
[2013/05/21 15:08:11 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\MusE
[2013/06/16 00:54:58 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\Nuance
[2014/06/28 04:30:12 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\RocketUpdater
[2014/06/12 11:55:47 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\SimpleSoftwareSolutions
[2014/02/08 04:14:44 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\SoftGrid Client
[2013/05/27 01:24:43 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\Tific
[2013/05/18 16:22:27 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\Toshiba
[2013/05/17 05:32:47 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\TP
[2014/02/24 18:32:16 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\TuneUp Software
[2013/05/17 00:17:15 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\WinBatch
[2013/09/08 04:43:35 | 000,000,000 | ---D | M] -- C:\Users\VMarie\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:0FF263E8
 
< End of report >
 

OTL Extras logfile created on: 8/16/2014 10:23:50 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VMarie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.56 Gb Available Physical Memory | 44.94% Memory free
6.95 Gb Paging File | 4.56 Gb Available in Paging File | 65.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.63 Gb Total Space | 287.20 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
 
Computer Name: VMARIE-PC | User Name: VMarie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BBB61FA-01FE-4332-8F7D-A98D0F75240F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1402FB0C-7FED-4796-B458-40E90EF35086}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"{14B63DC1-7583-4A60-9023-AC650B602051}" = rport=137 | protocol=17 | dir=out | app=system | 
"{15CA432E-D6F7-4229-B4AA-D0C7A60AA02D}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1D18C087-88D3-4C62-A4A4-2A9968026C0E}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{2519929A-93B1-44A2-963B-B63D16611BE6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3A8CB252-BA97-4318-A051-79D59030D4B4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3A90DBB4-835A-4124-B080-29BF9E612357}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{3B87E4F3-FA53-4469-B80D-5183295479D6}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{474EDD0D-7FE0-4504-8C82-9366A9055CB6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{47A62CBA-AE6E-40BB-BF6F-8158CE1ED78B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4B777C67-5930-46ED-A55E-47382F8E7B66}" = lport=139 | protocol=6 | dir=in | app=system | 
"{56E26F02-D61C-4037-897A-EE2A53D4C0FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{58258ADB-3760-4E3F-A82B-5862EF77306C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{5D3A449E-5533-4B3A-A08A-81169BE93640}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{603F0EC7-A189-4F98-AC6B-6F5E8F43A36D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6100F534-8C9F-43AF-ADBE-D230F276E1EB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{66749CD9-4EE2-451D-BFEB-D5282E7D381B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{6824B1BF-B5F8-463D-8231-D06A2ED09BBD}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{719E1842-EA08-4B94-BA17-1AA24728CABA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72C5682C-15C5-40D3-8733-E425EB747837}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7628D229-0ECC-4BBA-BF98-559C4D7926C2}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7CCEB1A8-70D1-448B-962A-A65ABAA2BD13}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7D0DBEE2-5751-4382-B3D5-F4980A8B8AB7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7D97BC53-83B2-4191-AE56-650D80C1CD0E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8146EF53-93E5-4E22-AA68-C99907AA8C97}" = lport=445 | protocol=6 | dir=in | app=system | 
"{82267451-3433-4F11-925F-1B54BC00B4EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{845C3463-80DE-491A-B0C4-998A7982B7B6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{86AD0D29-8F0C-4906-882B-69847E1F6DAE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86F5D82A-6158-4269-A655-614DC3C647D1}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{91664771-2A64-4867-99BF-1B76F49D9008}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9AF46703-DD46-4832-993D-786D2C02E32A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9CEB533E-57D9-4421-8283-EDD4570F7F6F}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{A54D4BED-9746-419D-8BAC-975CA1782BEF}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{A9E9AC34-3152-41CA-BC39-102536A56265}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{AE88F2FE-114B-49D4-8F41-3851F40EA121}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE8BDDC6-4F00-4105-8A22-F0E68E5DEE18}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B96A47AD-F14E-4C30-9C4C-CFF8D259A11B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BAB89855-7E17-4670-A253-4A23B973A03F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C073A218-B18C-44A8-9C5F-A79C279AB391}" = lport=137 | protocol=17 | dir=in | app=system | 
"{CAF69E30-B09E-456B-82B0-7493E3889478}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CE1EBD7A-1D22-4DCC-9A47-036EF2249A54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0009E842-A273-45D2-8656-C64BF100EEB0}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\digitalwizards.exe | 
"{051A6F75-829E-4F7F-833E-C005DE18EB23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{12E01B65-CFCC-4AB2-B077-DDB23ED6B10A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{158D22F3-6E45-4D47-9397-31E96AC97234}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{261CE1C0-AF12-40FD-8F74-F0DAFA7B973F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{2BAAA810-FEF7-481A-8590-B2255EC2CFD0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{2D38BCD0-20A6-4078-9095-539B089BA8A8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3DAEEA3B-3B52-407A-858B-8BF6B1E619A1}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\faxapplications.exe | 
"{47E16E9C-D939-45AA-B775-8E67F3BA824A}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | 
"{48AD58CD-822A-4172-A94D-1D67697DD804}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{4E479561-8693-4081-871D-EADD1E42ACBF}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\sendafax.exe | 
"{4E725E79-3C60-4E2D-A80A-20D5369BB94E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{592B67AC-3E36-45A4-B692-BE264640DFDB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B7E22FC-B912-456A-8A62-4B8493831F5B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5D912CB4-3B67-4115-8F7B-2262AB873897}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{647A6E75-F6BD-4646-B312-9263BB14BA1B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{64CF5FF5-D90B-438B-AF10-11649FE8E6DC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6C0676B5-DFA1-4F5F-8D0B-5E89387836AF}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{75AE8D17-B47D-44A5-9EFF-BF3DDE6CC41E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{78D72C26-A92F-47D2-BA16-200BAE3E071E}" = dir=in | app=c:\program files (x86)\constant guard protection suite\idvault.exe | 
"{7B596834-33E0-47ED-8BA1-74AF7BA8FFCF}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\devicesetup.exe | 
"{7BE965B1-608A-467A-A0EA-0C2FE954A2F6}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | 
"{7F4D12C8-8E5A-46D6-99F2-8064677E3346}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{81506801-9F71-4C2A-BCE1-55365DE79356}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{8343B6AC-8715-4270-BC46-FA42E7335D6E}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{8A973295-E14C-4677-ADA1-15899703045F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{956A0E97-3065-4C09-B9E8-86219C2BE3B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9ABA6689-9945-40AA-B94B-546C6E60E65C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A93057F9-DC18-4155-96A9-7ABEA88C0E27}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B247EFF9-8F79-482D-A7BF-516346D962C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BABEE893-2267-4C79-8347-2BB08F7B2838}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe | 
"{BBC28F36-5982-49DE-8DA8-206639CF6402}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{BBE6F8EB-11B4-456F-B30D-3BD5B2E4F444}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{BCEB6B99-8568-4666-8E13-9ECB1E73A028}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2014\avgmfapx.exe | 
"{BE30FDC6-7327-4389-9EFD-DA70D5BB2451}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C0FF1383-F1C0-4852-B549-FA06BC53B3AA}" = protocol=6 | dir=out | app=system | 
"{C3F58E7F-E55F-45E5-A23C-D7F3CE577E16}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C3F81F5E-C1FB-4CD1-9FC2-86D465591903}" = dir=in | app=c:\program files (x86)\constant guard protection suite\idvault.exe | 
"{C4840544-DEAC-4056-A89E-628792D3F0B4}" = dir=in | app=c:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe | 
"{C51D1978-B0A9-4A5E-AD3B-B34C3B7BBF5E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C66D96DB-4C10-48CF-8F47-0D5FBA83B9DF}" = protocol=6 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | 
"{C8E3712E-AB4D-46D2-8F5B-8B4436D78EF1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{DAE74750-26FB-43DF-98CE-398AAA0A94ED}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{DDA8BE18-3D3F-40AC-A038-53969B2D0972}" = dir=in | app=c:\program files (x86)\constant guard protection suite\idvault.exe | 
"{E2D2551A-534A-4A92-8E18-F2B7F4B29C04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E981766D-3FC5-465E-A9AE-19B6724F9B30}" = protocol=17 | dir=in | app=c:\program files (x86)\checkpoint\zonealarm\vsmon.exe | 
"{E99C6054-1FD2-4312-A549-7CD0A72C9B7C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{EC5FAC68-FE3C-4C5C-8751-93911CA51227}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{9259C60B-CE1F-49EC-B122-430C05E056F6}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"TCP Query User{A454A6F6-350D-4A59-9B5A-0AED26B23362}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"TCP Query User{AE71152C-24EE-4CF9-ABFC-5C22E475E239}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"TCP Query User{E990EA0F-5DFC-4551-ACB7-E0357C6C8BA0}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{4370E049-4C2C-45BF-92BA-A14A79CB579F}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{A2DA6129-E369-4268-945D-4DE7C1807B1C}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe | 
"UDP Query User{BCAD64A9-39BD-48A8-B4FB-3749F276170B}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
"UDP Query User{FD0959F2-6C5D-4C4C-A26C-1DF37303713A}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{16EA5479-5CE2-F045-8D65-3F1FC41B90E5}" = AMD Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}" = HP Officejet Pro 8600 Product Improvement Study
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5C76ED0D-0F6F-4985-8B34-F9AE7834848F}" = HP Unified IO
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support
"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes
"{791A06E2-340F-43B0-8FAB-62D151339362}" = HP Officejet Pro 8600 Basic Device Software
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{81E20D41-C277-4526-934D-F2380AF91B78}" = iCloud
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C775E70-A791-4DA8-BCC3-6AB7136F4484}" = Visual Studio 2012 x64 Redistributables
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{91F676A5-8CDD-ADF7-AA9D-B7C99CD701C8}" = ccc-utility64
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor
"{BB5D40EF-0339-D00C-90EC-9BEF19C779D0}" = AMD Media Foundation Decoders
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{BFAE8D5B-F918-486F-B74E-90762DF11C5C}" = Microsoft Security Client
"{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility
"{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft Security Client" = Microsoft Security Essentials
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BF04C08-CBCD-BCB1-97D6-5C56D33679FD}" = Catalyst Control Center InstallProxy
"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0
"{111EE7DF-FC45-40C7-98A7-753AC46B12FB}" = QuickTime 7
"{1175C84E-14F8-8AE3-550F-497B273030FB}" = CCC Help Norwegian
"{1315D983-68E3-8632-5FFA-5BC55DB521EA}" = Catalyst Control Center Localization All
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java™ 6 Update 25
"{2794875B-6CCF-48B8-84A5-5B10DB98BEE6}" = HP ePrint
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3111F1DB-E89B-93BB-8CDF-A60715977A62}" = CCC Help Finnish
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{394624E4-459D-8E7F-5C57-2C2309A06F51}" = CCC Help Danish
"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2
"{4381B431-5E6C-375E-AD95-DA89A7531F21}" = CCC Help Spanish
"{45165601-DCEB-FB1D-B6DF-A4E014437767}" = CCC Help Chinese Traditional
"{46235FF7-2CBE-4A84-BEDA-87348D1F7850}" = HP Officejet Pro 8600 Help
"{4962F4E2-C1FA-1051-1504-28B8FE63946E}" = Sheet Music Plus Digital Print
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1" = AntiLogger SDK version 1.7.6.367
"{4EACE966-0179-ECB9-32EC-32F07F5497B8}" = CCC Help Chinese Standard
"{51A8A9FA-17D4-48F9-8425-C5F51ECFE123}" = Paraben's iRecovery Stick Driver Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration
"{5EDBF020-B888-FB4E-51E5-792CB2C9E352}" = CCC Help English
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A}" = Netwaiting
"{763688D9-3297-ACBF-AD13-4C07D36FD41D}" = CCC Help German
"{772605F3-E0A3-C78C-4272-ECFD12D6847E}" = CCC Help Dutch
"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support
"{78444EA3-10EC-E016-820E-BA2353A42504}" = AMD VISION Engine Control Center
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79b22d0a-c7ba-4c33-9a03-f05ea1b48adb}" = Box Sync
"{7AB837B4-1F6C-471B-5519-9775EA223C60}" = CCC Help Russian
"{7B69C60A-A148-4572-978C-729029390651}" = Catalyst Control Center - Branding
"{8172DEE4-5FF3-92FB-E9CD-722468857C7B}" = CCC Help Japanese
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{868291A4-229E-4795-B0B0-E60E87AF53CD}" = Sibelius Scorch (ActiveX Only)
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D58E199-34B5-D738-A308-2A10BAA0C1AD}" = CCC Help Swedish
"{8D94A4A6-67E0-EEAE-0729-A6A531727244}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}" = Visual Studio 2012 x86 Redistributables
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}" = Toshiba Book Place
"{A26F8BBD-EC10-4bdc-8AD8-F146825A8A63}_is1" = Wondershare Dr.Fone for iOS(Build 4.5.1.6)
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AABED73D-4E9D-89C2-6C2B-E9BFA09D2B6D}" = CCC Help Korean
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.08)
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B20856DC-8427-4C6D-FC7D-5BBAEC51ED15}" = Catalyst Control Center Graphics Previews Common
"{B46E6F20-FA4C-299F-C1DA-98867458F828}" = CCC Help Thai
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{B81652DF-ABFE-68FF-9280-A801F61A18AD}" = CCC Help Polish
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C349A5B2-DF27-34B4-06A4-03A0E7AEC5A6}" = CCC Help Czech
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAB61DE3-9FD1-CF77-755D-557321060C52}" = CCC Help Greek
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5D422B9-6976-4E98-8DDF-9632CB515D7E}" = Dragon NaturallySpeaking 12
"{D6A1F63D-F968-DF5E-ABAC-C2ECD10E26D5}" = CCC Help Hungarian
"{D85CDAE9-53D9-DCCD-EC80-78B13DB25D84}" = CCC Help Italian
"{D8EF84C2-4648-F978-0134-B0CD47BE3903}" = CCC Help French
"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application
"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1390872-2500-4408-A46C-CD16C960C661}" = HP Unified IO
"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in
"{FC21D022-819D-440A-EDA1-2042966CF0ED}" = CCC Help Turkish
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"7-Zip 9.20" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 14 Plugin
"Canon MG3200 series On-screen Manual" = Canon MG3200 series On-screen Manual
"Canon_IJ_Scan_Utility" = Canon IJ Scan Utility
"com.sheetmusicplus.DigitalAirPrint2" = Sheet Music Plus Digital Print
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ID Vault" = Constant Guard Protection Suite
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}" = TOSHIBA Bulletin Board
"InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}" = TOSHIBA Hardware Setup
"InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}" = TOSHIBA Supervisor Password
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"MuseScore" = MuseScore 1.3
"NETGEAR Genie" = NETGEAR Genie
"NortonPCCheckup" = Toshiba Laptop Checkup
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Summitsoft Website Creator - Evolution" = Summitsoft Website Creator - Evolution
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WTA-0214d1f8-3bce-4827-8462-6f90365226a7" = Plants vs. Zombies - Game of the Year
"WTA-38328fe3-daed-4643-b211-9b4f780e2548" = Tales of Lagoona
"WTA-42c7d3b2-8c11-406c-89f3-2fba1354d566" = Bejeweled 3
"WTA-4b13c2a6-38da-4b3f-bffb-1c7b8370c4e2" = Polar Bowler
"WTA-5a86b8af-5ff0-409e-ac13-5d4218ea0ac5" = Penguins!
"WTA-6fb94e5f-2311-40f0-8934-3b8c60cf3149" = Letters from Nowhere 2
"WTA-9a45b35a-1b06-46fb-953c-8c47837e8b40" = RollerCoaster Tycoon 3: Platinum
"WTA-dd80047e-08db-4735-9ced-6c041a6c3699" = Zuma's Revenge
"WTA-ed975c68-86f4-471a-afd3-d6feab74123a" = FATE - The Traitor Soul
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"iStonsoft iTunes Data Recovery" = iStonsoft iTunes Data Recovery
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 7/3/2014 2:34:19 AM | Computer Name = VMarie-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 172.16.0.3:5353   19 3.0.16.172.in-addr.arpa.
 PTR VMarie-PC-2.local.
 
Error - 7/3/2014 2:34:19 AM | Computer Name = VMarie-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   17 3.0.16.172.in-addr.arpa.
 PTR VMarie-PC.local.
 
Error - 7/3/2014 2:36:38 AM | Computer Name = VMarie-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 7/3/2014 2:36:38 AM | Computer Name = VMarie-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 7/3/2014 4:34:45 AM | Computer Name = VMarie-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 172.16.0.3:5353   19 3.0.16.172.in-addr.arpa.
 PTR VMarie-PC-2.local.
 
Error - 7/3/2014 4:34:45 AM | Computer Name = VMarie-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   17 3.0.16.172.in-addr.arpa.
 PTR VMarie-PC.local.
 
Error - 7/3/2014 4:34:48 AM | Computer Name = VMarie-PC | Source = Toshiba App Place | ID = 0
Description = 
 
Error - 7/3/2014 4:34:57 AM | Computer Name = VMarie-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 7/3/2014 4:38:19 AM | Computer Name = VMarie-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
 when process Performance extension counter provider. The BaseIndex value from the
 Performance registry is the first DWORD in the Data section, LastCounter value 
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
 the Data section.
 
Error - 7/3/2014 4:38:19 AM | Computer Name = VMarie-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
[ Media Center Events ]
Error - 7/16/2014 9:39:24 AM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 6:39:24 AM - Error connecting to the internet.  6:39:24 AM -     Unable
 to contact server..  
 
Error - 7/16/2014 9:39:55 AM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 6:39:53 AM - Error connecting to the internet.  6:39:53 AM -     Unable
 to contact server..  
 
Error - 7/16/2014 10:40:48 AM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 7:40:48 AM - Error connecting to the internet.  7:40:48 AM -     Unable
 to contact server..  
 
Error - 7/16/2014 10:41:18 AM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 7:41:17 AM - Error connecting to the internet.  7:41:17 AM -     Unable
 to contact server..  
 
Error - 7/16/2014 7:22:01 PM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 4:22:01 PM - Error connecting to the internet.  4:22:01 PM -     Unable
 to contact server..  
 
Error - 7/16/2014 7:22:32 PM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 4:22:30 PM - Error connecting to the internet.  4:22:30 PM -     Unable
 to contact server..  
 
Error - 7/16/2014 8:23:24 PM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 5:23:24 PM - Error connecting to the internet.  5:23:24 PM -     Unable
 to contact server..  
 
Error - 7/16/2014 8:23:55 PM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 5:23:53 PM - Error connecting to the internet.  5:23:53 PM -     Unable
 to contact server..  
 
Error - 7/16/2014 9:24:47 PM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 6:24:47 PM - Error connecting to the internet.  6:24:47 PM -     Unable
 to contact server..  
 
Error - 7/16/2014 9:25:18 PM | Computer Name = VMarie-PC | Source = MCUpdate | ID = 0
Description = 6:25:16 PM - Error connecting to the internet.  6:25:16 PM -     Unable
 to contact server..  
 
[ System Events ]
Error - 7/17/2014 12:53:26 PM | Computer Name = VMarie-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 7/17/2014 12:53:26 PM | Computer Name = VMarie-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 7/17/2014 12:53:28 PM | Computer Name = VMarie-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 7/17/2014 12:53:28 PM | Computer Name = VMarie-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 7/17/2014 2:07:35 PM | Computer Name = VMarie-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 7/17/2014 2:07:50 PM | Computer Name = VMarie-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Privacy Service service failed to start due to the following
 error:   %%2
 
Error - 7/24/2014 12:00:36 AM | Computer Name = VMarie-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start.    Module Path: C:\windows\system32\Rtlihvs.dll
Error
 Code: 126  
 
Error - 7/24/2014 12:00:51 AM | Computer Name = VMarie-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
 the following error:   %%-2147014847
 
Error - 7/24/2014 12:00:53 AM | Computer Name = VMarie-PC | Source = Service Control Manager | ID = 7000
Description = The ZoneAlarm Privacy Service service failed to start due to the following
 error:   %%2
 
Error - 7/24/2014 12:00:53 AM | Computer Name = VMarie-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
 Publication service which failed to start because of the following error:   %%-2147014847
 
 
< End of report >
 
 

 



#5 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 AM

Posted 17 August 2014 - 12:18 PM

Hello wingman1001,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 wingman1001

wingman1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 17 August 2014 - 08:06 PM

here we go

 

malwarebytes

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16659
 
Java version: 1.6.0_25
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 3731742720, free: 1646981120
 
Downloaded database version: v2014.08.17.06
Downloaded database version: v2014.08.16.01
=======================================
Initializing...
------------ Kernel report ------------
     08/17/2014 17:32:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\netfilter64.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\windows\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046392d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80040f9680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046392d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800463a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046392d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80040f9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8626B9E8
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 942948352
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 946022400  Numsec = 30750720
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: HKU\S-1-5-21-2659838741-1186510262-2548316083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^❤ --> [Trojan.Zaccess]
Infected: HKU\S-1-5-21-2659838741-1186510262-2548316083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Internet Security --> [Trojan.FakeAV.Gen]
 
 
 
and adwcleaner
 
# AdwCleaner v3.307 - Report created 17/08/2014 at 18:02:58
# Updated 17/08/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : VMarie - VMARIE-PC
# Running from : C:\Users\VMarie\Downloads\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : CouponDownloaderService64
Service Found : netfilter64
Service Found : rqpbhevlkc64
Service Found : rqpbhevlkc64
 
***** [ Files / Folders ] *****
 
File Found : C:\windows\System32\drivers\netfilter64.sys
Folder Found : C:\Program Files\004
Folder Found : C:\Program Files\004
Folder Found : C:\Program Files\coupon downloader
Folder Found : C:\Program Files\CouponDownloader
Folder Found : C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Folder Found : C:\Users\VMarie\AppData\Local\Rocket
Folder Found : C:\Users\VMarie\AppData\Local\WeatherAlerts
Folder Found : C:\Users\VMarie\AppData\Roaming\RocketUpdater
 
***** [ Scheduled Tasks ] *****
 
Task Found : Rocket Updater
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\Software\xfin_portal
Key Found : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKCU\Software\Rocket Browser
Key Found : HKCU\Software\RocketUpdater
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Rocket Browser
Key Found : [x64] HKCU\Software\RocketUpdater
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Found : HKLM\SOFTWARE\CouponDownloader
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Found : [x64] HKLM\SOFTWARE\coupon downloader
Key Found : [x64] HKLM\SOFTWARE\CouponDownloader
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16521
 
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyByB0BzyyCtB0AtAzztDtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyCyByB0ByCyCtBtCtG0C0EyEyEtG0ByE0EtDtGzy0DyCyEtGyE0ByDtDtByDyE0F0E0Czy0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtA0CyCyC0DtBtGzz0BzyyDtG0BzzyBtAtG0D0A0EzztGtD0A0CtA0AyDyBtDzyyDyDtD2Q&cr=1383648159&ir=
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://rocket-find.com/?f=1&a=rckt_dsites03_14_26_ch&cd=2XzuyEtN2Y1L1Qzuzy0C0ByBtD0DyByB0BzyyCtB0AtAzztDtN0D0Tzu0SzytDzytN1L2XzutBtFtBtCtFzztFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyCyByB0ByCyCtBtCtG0C0EyEyEtG0ByE0EtDtGzy0DyCyEtGyE0ByDtDtByDyE0F0E0Czy0B2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0DtA0CyCyC0DtBtGzz0BzyyDtG0BzzyBtAtG0D0A0EzztGtD0A0CtA0AyDyBtDzyyDyDtD2Q&cr=1383648159&ir=
 
-\\ Google Chrome v36.0.1985.143
 
[ File : C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Found [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Found [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
 
*************************
 
AdwCleaner[R0].txt - [7042 octets] - [17/08/2014 18:02:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7102 octets] ##########
 

 



#7 wingman1001

wingman1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 17 August 2014 - 08:09 PM

new malware

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16659
 
Java version: 1.6.0_25
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 3731742720, free: 1646981120
 
Downloaded database version: v2014.08.17.06
Downloaded database version: v2014.08.16.01
=======================================
Initializing...
------------ Kernel report ------------
     08/17/2014 17:32:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\netfilter64.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\rtwlane.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\QIOMem.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\serscan.sys
\SystemRoot\system32\DRIVERS\pgeffect.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\??\C:\windows\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\System32\drivers\ipnat.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\psapi.dll
\Windows\System32\comdlg32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\difxapi.dll
\Windows\System32\user32.dll
\Windows\System32\imm32.dll
\Windows\System32\iertutil.dll
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\ws2_32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\normaliz.dll
\Windows\System32\gdi32.dll
\Windows\System32\lpk.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
\Windows\System32\msctf.dll
\Windows\System32\oleaut32.dll
\Windows\System32\shell32.dll
\Windows\System32\setupapi.dll
\Windows\System32\shlwapi.dll
\Windows\System32\nsi.dll
\Windows\System32\imagehlp.dll
\Windows\System32\kernel32.dll
\Windows\System32\advapi32.dll
\Windows\System32\sechost.dll
\Windows\System32\urlmon.dll
\Windows\System32\ole32.dll
\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
\Windows\System32\devobj.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046392d0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80040f9680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046392d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800463a040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046392d0, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80040f9680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8626B9E8
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 942948352
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 946022400  Numsec = 30750720
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500107862016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-976753168-976773168)...
Done!
Infected: HKU\S-1-5-21-2659838741-1186510262-2548316083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^‮❤ --> [Trojan.Zaccess]
Infected: HKU\S-1-5-21-2659838741-1186510262-2548316083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Internet Security --> [Trojan.FakeAV.Gen]
Infected: C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a64728c8-f294-cf99-f7f9-b331203f51f8} --> [Trojan.0Access]
Infected: C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a64728c8-f294-cf99-f7f9-b331203f51f8}\L --> [Trojan.0Access]
Infected: C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{a64728c8-f294-cf99-f7f9-b331203f51f8}\U --> [Trojan.0Access]
Infected: C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8} --> [Trojan.0Access]
Scan finished
User declined to cleanup malware.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 AM

Posted 18 August 2014 - 04:15 AM

Hello wingman1001,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.
 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 wingman1001

wingman1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 18 August 2014 - 10:45 PM

here we go 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.08.18.08
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16659
VMarie :: VMARIE-PC [administrator]
 
8/18/2014 10:53:23 AM
mbar-log-2014-08-18 (10-53-23).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 328678
Time elapsed: 32 minute(s), 1 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 2
HKU\S-1-5-21-2659838741-1186510262-2548316083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Google Update^❤ (Trojan.Zaccess) -> Data:  -> Delete on reboot. [c97eab1c621966d063edfe04837d33cd]
HKU\S-1-5-21-2659838741-1186510262-2548316083-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Internet Security (Trojan.FakeAV.Gen) -> Data: C:\Users\VMarie\AppData\Roaming\madefender.exe -> Delete on reboot. [e66171569dde6cca6f027da6f311ac54]
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 7
C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙ (Trojan.0Access) -> Delete on reboot. [da6d3b8c106be056d97207fb8f71a65a]
C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot. [da6d3b8c106be056d97207fb8f71a65a]
C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\ﯹ๛ (Trojan.0Access) -> Delete on reboot. [da6d3b8c106be056d97207fb8f71a65a]
C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{a64728c8-f294-cf99-f7f9-b331203f51f8} (Trojan.0Access) -> Delete on reboot. [da6d3b8c106be056d97207fb8f71a65a]
C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{a64728c8-f294-cf99-f7f9-b331203f51f8}\L (Trojan.0Access) -> Delete on reboot. [da6d3b8c106be056d97207fb8f71a65a]
C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{a64728c8-f294-cf99-f7f9-b331203f51f8}\U (Trojan.0Access) -> Delete on reboot. [da6d3b8c106be056d97207fb8f71a65a]
C:\Users\VMarie\AppData\Local\Google\Desktop\Install\{a64728c8-f294-cf99-f7f9-b331203f51f8} (Trojan.0Access) -> Delete on reboot. [93b47651fa81fa3cc983a35fc937c937]
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 

Attached Files



#10 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 AM

Posted 19 August 2014 - 03:40 AM

Hello wingman1001,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run OTL again.
  • Double click on the icon to run it.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • don't check the boxes beside LOP Check and Purity Check this time.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window OTL.Txt.
  • Please copy (Edit->Select All, Edit->Copy) the content of the file and post it with your next reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 wingman1001

wingman1001
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:58 PM

Posted 20 August 2014 - 10:20 AM

here we go .....

 

OTL logfile created on: 8/20/2014 8:02:34 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VMarie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 54.33% Memory free
6.95 Gb Paging File | 5.02 Gb Available in Paging File | 72.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.63 Gb Total Space | 287.24 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
Drive D: | 60.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: VMARIE-PC | User Name: VMarie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\VMarie\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\VMarie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Flexera Software LLC.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Users\VMarie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplawjzv.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()
MOD - C:\Users\VMarie\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Users\VMarie\AppData\Roaming\Dropbox\bin\libcef.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NETGEARGenieDaemon) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NETGEAR)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\drivers\rtwlane.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6CCA32BF-8F2B-4324-9E0E-E17EF46E4712}: "URL" = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\VMarie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013/10/15 11:58:10 | 000,173,427 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/18 22:41:48 | 000,000,000 | ---D | M]
 
[2014/04/22 03:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Search By ZoneAlarm ()
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: avast! Online Security = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Google Wallet = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/08/18 20:28:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (no name) - {04b93bad-361d-561a-8b0a-79299d443db4} - No CLSID value found.
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (no name) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r welcome /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w File not found
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
O4 - Startup: C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\VMarie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2756F111-7C24-4F68-B09E-FE0B12F80053}: DhcpNameServer = 198.224.173.135 198.224.174.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E85577F1-A79F-40F0-BC85-61D3EB5367A7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/29 13:16:31 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/19 22:01:06 | 000,000,000 | R--D | C] -- C:\Users\VMarie\Dropbox
[2014/08/19 07:51:31 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2014/08/19 07:51:31 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2014/08/19 07:51:30 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2014/08/19 07:51:04 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2014/08/19 07:51:04 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2014/08/19 07:51:04 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2014/08/19 07:51:04 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2014/08/19 07:51:03 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2014/08/19 07:51:03 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2014/08/19 07:50:49 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2014/08/19 07:50:49 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2014/08/19 07:50:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2014/08/19 07:50:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2014/08/18 23:33:16 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/08/18 23:31:44 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Roaming\Dropbox
[2014/08/18 22:43:27 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Roaming\AVAST Software
[2014/08/18 22:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/08/18 22:42:11 | 000,092,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014/08/18 22:42:08 | 001,041,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/08/18 22:42:06 | 000,427,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014/08/18 22:42:03 | 000,079,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/08/18 22:41:59 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/08/18 22:41:52 | 000,307,344 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/08/18 22:41:46 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014/08/18 22:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/08/18 22:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/08/18 20:28:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/18 20:26:26 | 000,000,000 | ---D | C] -- C:\windows\temp
[2014/08/18 20:14:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/08/18 20:14:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/08/18 20:14:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/08/18 20:12:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/08/18 20:05:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/08/18 10:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Merge Excel Files
[2014/08/18 10:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Merge Excel Files
[2014/08/17 18:04:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/08/17 17:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/17 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/08/17 17:32:10 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/17 17:29:21 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/17 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\VMarie\Desktop\mbar
[2014/08/17 17:27:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/16 10:49:12 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/16 10:49:12 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/16 10:49:12 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/16 10:49:12 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/16 10:49:08 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/16 10:49:08 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/16 10:48:38 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/16 10:48:38 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/16 10:02:53 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/16 09:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/16 09:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Users\VMarie\Pavark
[2014/08/16 07:53:57 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/16 07:53:56 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/16 07:53:56 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/16 07:53:55 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/16 07:53:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/16 07:53:55 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/16 07:53:31 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/16 07:53:28 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/16 07:53:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/07 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/07 16:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/20 07:31:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 07:31:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 07:29:26 | 002,505,042 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/20 07:29:26 | 000,764,392 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/20 07:29:26 | 000,006,434 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/20 07:27:23 | 000,001,063 | ---- | M] () -- C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/08/20 07:26:54 | 000,001,033 | ---- | M] () -- C:\Users\VMarie\Desktop\Dropbox.lnk
[2014/08/20 07:25:30 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/20 07:23:29 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/20 07:23:12 | 000,000,437 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2014/08/20 07:22:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/20 07:22:16 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/19 22:15:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/08/19 03:07:37 | 000,002,355 | ---- | M] () -- C:\Users\VMarie\Desktop\Chrome App Launcher.lnk
[2014/08/19 03:07:37 | 000,002,355 | ---- | M] () -- C:\Users\VMarie\Desktop\Chrome App Launcher (2).lnk
[2014/08/19 03:07:20 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/19 03:07:20 | 000,001,398 | ---- | M] () -- C:\Users\VMarie\Desktop\Internet Explorer.lnk
[2014/08/19 03:07:20 | 000,001,398 | ---- | M] () -- C:\Users\VMarie\Desktop\Internet Explorer (2).lnk
[2014/08/19 03:07:19 | 000,002,258 | ---- | M] () -- C:\Users\VMarie\Desktop\Google Chrome.lnk
[2014/08/19 03:07:19 | 000,002,258 | ---- | M] () -- C:\Users\VMarie\Desktop\Google Chrome (3).lnk
[2014/08/19 03:07:19 | 000,002,182 | ---- | M] () -- C:\Users\VMarie\Desktop\Google Chrome (2).lnk
[2014/08/18 22:44:24 | 000,002,052 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/08/18 22:43:18 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/08/18 22:43:11 | 000,427,360 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014/08/18 22:41:46 | 001,041,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/08/18 22:41:46 | 000,307,344 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/08/18 22:41:46 | 000,224,896 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/08/18 22:41:46 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/08/18 22:41:46 | 000,092,008 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014/08/18 22:41:46 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/08/18 22:41:46 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/08/18 22:41:46 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014/08/18 22:41:46 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/08/18 21:21:37 | 000,002,299 | ---- | M] () -- C:\Users\VMarie\Desktop\Resume ZoneAlarm Security Install.lnk
[2014/08/18 20:28:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/08/18 17:27:28 | 000,000,498 | ---- | M] () -- C:\Users\VMarie\Desktop\Workspace 3.ds - Shortcut.lnk
[2014/08/18 17:27:28 | 000,000,498 | ---- | M] () -- C:\Users\VMarie\Desktop\Workspace 1.ds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,002,799 | ---- | M] () -- C:\Users\VMarie\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2014/08/18 17:27:27 | 000,002,373 | ---- | M] () -- C:\Users\VMarie\Desktop\Canon MG3200 series On-screen Manual.lnk
[2014/08/18 17:27:27 | 000,002,359 | ---- | M] () -- C:\Users\VMarie\Desktop\Toshiba Laptop Checkup.lnk
[2014/08/18 17:27:27 | 000,002,200 | ---- | M] () -- C:\Users\VMarie\Desktop\Constant Guard.lnk
[2014/08/18 17:27:27 | 000,002,171 | ---- | M] () -- C:\Users\VMarie\Desktop\HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,002,065 | ---- | M] () -- C:\Users\VMarie\Desktop\NETGEAR Genie.lnk
[2014/08/18 17:27:27 | 000,002,030 | ---- | M] () -- C:\Users\VMarie\Desktop\Adobe Reader XI.lnk
[2014/08/18 17:27:27 | 000,001,999 | ---- | M] () -- C:\Users\VMarie\Desktop\HTML - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,984 | ---- | M] () -- C:\Users\VMarie\Desktop\CSV - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,902 | ---- | M] () -- C:\Users\VMarie\Desktop\McAfee Security Scan Plus.lnk
[2014/08/18 17:27:27 | 000,001,856 | ---- | M] () -- C:\Users\VMarie\Desktop\QuickTime Player.lnk
[2014/08/18 17:27:27 | 000,001,794 | ---- | M] () -- C:\Users\VMarie\Desktop\iTunes.lnk
[2014/08/18 17:27:27 | 000,001,602 | ---- | M] () -- C:\Users\VMarie\Desktop\Backup Files 2013-01-27 190001 - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,451 | ---- | M] () -- C:\Users\VMarie\Desktop\iStonsoft iTunes Data Recovery (2).lnk
[2014/08/18 17:27:27 | 000,001,375 | ---- | M] () -- C:\Users\VMarie\Desktop\Norton Installation Files (2).lnk
[2014/08/18 17:27:27 | 000,001,270 | ---- | M] () -- C:\Users\VMarie\Desktop\SheetMusicPlusDigitalPrint.lnk
[2014/08/18 17:27:27 | 000,001,175 | ---- | M] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation (2).lnk
[2014/08/18 17:27:27 | 000,001,140 | ---- | M] () -- C:\Users\VMarie\Desktop\CrackerAccountingAug1 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,123 | ---- | M] () -- C:\Users\VMarie\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,001,115 | ---- | M] () -- C:\Users\VMarie\Desktop\Checkbook july3excel - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,083 | ---- | M] () -- C:\Users\VMarie\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | M] () -- C:\Users\VMarie\Desktop\3edf5b4256fb7a7b4af1b304ce2248ab4b3d819f - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | M] () -- C:\Users\VMarie\Desktop\0bba40f017f496c301ba3714fe6383eabee2f697 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,064 | ---- | M] () -- C:\Users\VMarie\Desktop\Website Creator.lnk
[2014/08/18 17:27:27 | 000,001,048 | ---- | M] () -- C:\Users\VMarie\Desktop\Merge Excel Files.lnk
[2014/08/18 17:27:27 | 000,001,025 | ---- | M] () -- C:\Users\VMarie\Desktop\107514_OpenBoxCoupon - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | M] () -- C:\Users\VMarie\Desktop\FixExec - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | M] () -- C:\Users\VMarie\Desktop\checkup - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | M] () -- C:\Users\VMarie\Desktop\Extras - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | M] () -- C:\Users\VMarie\Desktop\attach - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,862 | ---- | M] () -- C:\Users\VMarie\Desktop\Money - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,860 | ---- | M] () -- C:\Users\VMarie\Desktop\My Shared Folder - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | M] () -- C:\Users\VMarie\Desktop\OTL - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | M] () -- C:\Users\VMarie\Desktop\dds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,811 | ---- | M] () -- C:\Users\VMarie\Desktop\Wondershare - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,793 | ---- | M] () -- C:\Users\VMarie\Desktop\CCleaner.lnk
[2014/08/18 17:27:27 | 000,000,748 | ---- | M] () -- C:\Users\VMarie\Desktop\mbar - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,359 | ---- | M] () -- C:\Users\VMarie\Desktop\Recycle Bin - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,355 | ---- | M] () -- C:\Users\VMarie\Desktop\Computer - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,351 | ---- | M] () -- C:\Users\VMarie\Desktop\Network - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,338 | ---- | M] () -- C:\Users\VMarie\Desktop\Congratulations! You've installed Wondershare Dr.Fone for iOS! (2).url
[2014/08/18 17:27:27 | 000,000,216 | ---- | M] () -- C:\Users\VMarie\Desktop\Sell - ListingConfirmed (2).url
[2014/08/18 17:27:27 | 000,000,203 | ---- | M] () -- C:\Users\VMarie\Desktop\Outlook - vicki_marie@live.com (2).url
[2014/08/18 17:27:27 | 000,000,104 | ---- | M] () -- C:\Users\VMarie\Desktop\Control Panel - Shortcut.lnk
[2014/08/18 10:53:05 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 10:52:33 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/18 10:39:49 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Merge Excel Files.lnk
[2014/08/16 09:58:23 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/07 16:23:57 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/06 19:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/06 19:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/06 11:30:02 | 000,000,044 | ---- | M] () -- C:\Users\VMarie\AppData\Roaming\WB.CFG
[2014/08/06 10:57:18 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR Genie.lnk
[2014/08/06 10:57:12 | 000,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\wpcap.dll
[2014/08/06 10:57:12 | 000,106,000 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\packet.dll
[2014/08/06 10:57:12 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\drivers\npf.sys
[2014/07/23 21:21:49 | 000,001,175 | ---- | M] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/19 22:01:06 | 000,001,033 | ---- | C] () -- C:\Users\VMarie\Desktop\Dropbox.lnk
[2014/08/19 21:59:50 | 000,001,063 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/08/18 22:43:18 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/08/18 22:42:09 | 000,224,896 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/08/18 22:42:05 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/08/18 22:42:01 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/08/18 20:59:37 | 000,002,299 | ---- | C] () -- C:\Users\VMarie\Desktop\Resume ZoneAlarm Security Install.lnk
[2014/08/18 20:14:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/08/18 20:14:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/08/18 20:14:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/08/18 20:14:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/08/18 20:14:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/08/18 17:27:28 | 000,000,498 | ---- | C] () -- C:\Users\VMarie\Desktop\Workspace 3.ds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,002,799 | ---- | C] () -- C:\Users\VMarie\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2014/08/18 17:27:27 | 000,002,373 | ---- | C] () -- C:\Users\VMarie\Desktop\Canon MG3200 series On-screen Manual.lnk
[2014/08/18 17:27:27 | 000,002,359 | ---- | C] () -- C:\Users\VMarie\Desktop\Toshiba Laptop Checkup.lnk
[2014/08/18 17:27:27 | 000,002,355 | ---- | C] () -- C:\Users\VMarie\Desktop\Chrome App Launcher (2).lnk
[2014/08/18 17:27:27 | 000,002,258 | ---- | C] () -- C:\Users\VMarie\Desktop\Google Chrome (3).lnk
[2014/08/18 17:27:27 | 000,002,200 | ---- | C] () -- C:\Users\VMarie\Desktop\Constant Guard.lnk
[2014/08/18 17:27:27 | 000,002,182 | ---- | C] () -- C:\Users\VMarie\Desktop\Google Chrome (2).lnk
[2014/08/18 17:27:27 | 000,002,171 | ---- | C] () -- C:\Users\VMarie\Desktop\HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,002,065 | ---- | C] () -- C:\Users\VMarie\Desktop\NETGEAR Genie.lnk
[2014/08/18 17:27:27 | 000,002,030 | ---- | C] () -- C:\Users\VMarie\Desktop\Adobe Reader XI.lnk
[2014/08/18 17:27:27 | 000,001,999 | ---- | C] () -- C:\Users\VMarie\Desktop\HTML - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,984 | ---- | C] () -- C:\Users\VMarie\Desktop\CSV - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,902 | ---- | C] () -- C:\Users\VMarie\Desktop\McAfee Security Scan Plus.lnk
[2014/08/18 17:27:27 | 000,001,856 | ---- | C] () -- C:\Users\VMarie\Desktop\QuickTime Player.lnk
[2014/08/18 17:27:27 | 000,001,794 | ---- | C] () -- C:\Users\VMarie\Desktop\iTunes.lnk
[2014/08/18 17:27:27 | 000,001,602 | ---- | C] () -- C:\Users\VMarie\Desktop\Backup Files 2013-01-27 190001 - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,451 | ---- | C] () -- C:\Users\VMarie\Desktop\iStonsoft iTunes Data Recovery (2).lnk
[2014/08/18 17:27:27 | 000,001,398 | ---- | C] () -- C:\Users\VMarie\Desktop\Internet Explorer (2).lnk
[2014/08/18 17:27:27 | 000,001,375 | ---- | C] () -- C:\Users\VMarie\Desktop\Norton Installation Files (2).lnk
[2014/08/18 17:27:27 | 000,001,270 | ---- | C] () -- C:\Users\VMarie\Desktop\SheetMusicPlusDigitalPrint.lnk
[2014/08/18 17:27:27 | 000,001,175 | ---- | C] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation (2).lnk
[2014/08/18 17:27:27 | 000,001,140 | ---- | C] () -- C:\Users\VMarie\Desktop\CrackerAccountingAug1 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,123 | ---- | C] () -- C:\Users\VMarie\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,001,115 | ---- | C] () -- C:\Users\VMarie\Desktop\Checkbook july3excel - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,083 | ---- | C] () -- C:\Users\VMarie\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | C] () -- C:\Users\VMarie\Desktop\3edf5b4256fb7a7b4af1b304ce2248ab4b3d819f - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | C] () -- C:\Users\VMarie\Desktop\0bba40f017f496c301ba3714fe6383eabee2f697 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,064 | ---- | C] () -- C:\Users\VMarie\Desktop\Website Creator.lnk
[2014/08/18 17:27:27 | 000,001,048 | ---- | C] () -- C:\Users\VMarie\Desktop\Merge Excel Files.lnk
[2014/08/18 17:27:27 | 000,001,025 | ---- | C] () -- C:\Users\VMarie\Desktop\107514_OpenBoxCoupon - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | C] () -- C:\Users\VMarie\Desktop\FixExec - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | C] () -- C:\Users\VMarie\Desktop\checkup - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | C] () -- C:\Users\VMarie\Desktop\Extras - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | C] () -- C:\Users\VMarie\Desktop\attach - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,862 | ---- | C] () -- C:\Users\VMarie\Desktop\Money - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,860 | ---- | C] () -- C:\Users\VMarie\Desktop\My Shared Folder - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | C] () -- C:\Users\VMarie\Desktop\OTL - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | C] () -- C:\Users\VMarie\Desktop\dds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,811 | ---- | C] () -- C:\Users\VMarie\Desktop\Wondershare - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,793 | ---- | C] () -- C:\Users\VMarie\Desktop\CCleaner.lnk
[2014/08/18 17:27:27 | 000,000,748 | ---- | C] () -- C:\Users\VMarie\Desktop\mbar - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,498 | ---- | C] () -- C:\Users\VMarie\Desktop\Workspace 1.ds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,359 | ---- | C] () -- C:\Users\VMarie\Desktop\Recycle Bin - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,355 | ---- | C] () -- C:\Users\VMarie\Desktop\Computer - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,351 | ---- | C] () -- C:\Users\VMarie\Desktop\Network - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,338 | ---- | C] () -- C:\Users\VMarie\Desktop\Congratulations! You've installed Wondershare Dr.Fone for iOS! (2).url
[2014/08/18 17:27:27 | 000,000,216 | ---- | C] () -- C:\Users\VMarie\Desktop\Sell - ListingConfirmed (2).url
[2014/08/18 17:27:27 | 000,000,203 | ---- | C] () -- C:\Users\VMarie\Desktop\Outlook - vicki_marie@live.com (2).url
[2014/08/18 17:27:27 | 000,000,104 | ---- | C] () -- C:\Users\VMarie\Desktop\Control Panel - Shortcut.lnk
[2014/08/18 10:39:49 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Merge Excel Files.lnk
[2014/08/16 09:58:23 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/07 16:23:57 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/06 11:30:02 | 000,000,044 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\WB.CFG
[2014/07/23 21:21:49 | 000,001,175 | ---- | C] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation.lnk
[2014/06/12 11:56:45 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\Iduninst.dll
[2014/04/22 22:28:03 | 000,015,689 | -H-- | C] () -- C:\windows\SysWow64\BTImages.dat
[2014/04/20 09:40:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/10 21:49:37 | 000,002,075 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\SAS7_000.DAT
[2013/09/08 04:34:30 | 000,008,470 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\UserTile.png
[2013/05/17 05:31:32 | 000,773,940 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/05/16 23:26:22 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/05/16 23:16:40 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/05/16 23:13:44 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/05/16 23:13:44 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/05/16 23:13:44 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:0FF263E8
 
< End of report >
 
 
and....

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by VMarie on Wed 08/20/2014 at  7:30:45.02
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{059404EB-E762-484C-B224-4082D1FE9845}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{1152111B-B053-4A89-B92B-A831C163D515}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{145774D1-78C4-4562-98D0-2EDC1C48E696}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{31F83639-D46C-4E6A-BFA6-B3B40149A837}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{3779CE3F-98A5-4CF4-A6DB-108132858CD0}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{39264860-A285-4FD2-B2E2-CA1FCC20ADB6}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{39C02BF6-8DD1-488E-A25C-02B140639BE5}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{3D3A78B3-83AA-4008-BB29-D128893C7F9C}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{3E98498B-6C1E-4480-91DC-DEEBCA7E8DB4}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{632AA34C-5259-470A-8F40-7330ABB934B1}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{6954BAE3-3CA3-4497-B652-32D03F45A29B}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{746A5055-2109-4CB8-B856-DD1466685278}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{7FCD6E49-7F62-45DE-8519-CDAB5045999E}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{8F8764DD-AE89-4CCC-B2EA-2614F5BF4888}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{8FEC948E-2C62-4CA4-8413-06E9765FD89E}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{918B3D92-F5EA-4BBF-AB4D-07D2B1602C73}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{94C301D9-4802-4654-83A8-0BA6C8BA72C2}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{994B91B5-51D5-4F37-99D0-5E84076DF311}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{9B63B197-DACA-4D90-921F-6612262D435C}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{9B7999AB-F376-4AF1-979C-CAF0363A325C}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{A260182A-BCCD-4325-B016-B2C69D2D472D}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{A990FF0B-27BB-4983-A538-68D758567D0E}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{B488E4C4-014B-4A37-ADFB-33CCB9D3ABC7}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{B54575BE-0295-44C6-819F-24ACF8CBADDB}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{B60C77F9-FA21-40FD-B683-8A4CC0959B97}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{BA6D67AE-5F48-45AF-AC42-779318FBBBD3}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{C0AD33F6-E567-4223-9238-353218421F27}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{CA80E352-6997-4943-A280-9257F77B171D}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{D1586C5E-EB48-4992-AF22-9C879DD2BAF7}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{D2894F23-09D2-425A-9D0E-F74415E60A82}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{E5018B81-16C3-4A80-A502-0387F574F0D9}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{E59C4E23-4156-498B-9890-54BF7A30E71D}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{E59C6029-F225-4923-A4B4-FC895D307297}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{EF0F79E7-C524-4561-A28D-8863AC63F679}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{F3E3F52F-2436-4517-986B-CDCB6FB7086B}
Successfully deleted: [Empty Folder] C:\Users\VMarie\appdata\local\{F8FA412A-A432-43BE-9308-BD1E70658A67}
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 08/20/2014 at  7:43:52.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
and.....
 

OTL logfile created on: 8/20/2014 8:02:34 AM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VMarie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16521)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.48 Gb Total Physical Memory | 1.89 Gb Available Physical Memory | 54.33% Memory free
6.95 Gb Paging File | 5.02 Gb Available in Paging File | 72.19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.63 Gb Total Space | 287.24 Gb Free Space | 63.88% Space Free | Partition Type: NTFS
Drive D: | 60.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: VMARIE-PC | User Name: VMarie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Users\VMarie\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\VMarie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
PRC - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
PRC - C:\ProgramData\FLEXnet\Connect\11\agent.exe (Flexera Software LLC.)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - c:\Users\VMarie\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplawjzv.dll ()
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\AVAST Software\Avast\aswProperty.dll ()
MOD - C:\Users\VMarie\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll ()
MOD - C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ()
MOD - C:\Users\VMarie\AppData\Roaming\Dropbox\bin\libcef.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (IEEtwCollectorService) -- C:\windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA HDD SSD Alert Service) -- C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\TECO\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (TosCoSrv) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (NETGEARGenieDaemon) -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe (NETGEAR)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (DragonSvc) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Nuance Communications, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Norton PC Checkup Application Launcher) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\SymcPCCULaunchSvc.exe (Symantec Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe (Symantec Corporation)
SRV - (TMachInfo) -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswsp.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswVmm) -- C:\windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswStm) -- C:\Windows\SysNative\drivers\aswStm.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswRvrt) -- C:\windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (aswHwid) -- C:\Windows\SysNative\drivers\aswHwid.sys ()
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\drivers\rtwlane.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (PGEffect) -- C:\Windows\SysNative\drivers\PGEffect.sys (TOSHIBA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\drivers\rtsuvstor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (QIOMem) -- C:\Windows\SysNative\drivers\QIOMem.sys (TOSHIBA)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com?fr=hp-avast&type=odc198
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6CCA32BF-8F2B-4324-9E0E-E17EF46E4712}: "URL" = http://search.xfinity.com/?cat=web&con=toolbar&cid=xfstart_tech_search&q={searchTerms}
IE - HKCU\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://search.yahoo.com/yhs/search?type=odc198&hspart=avast&hsimp=yhs-001&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX:  File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\PROGRA~2\Nuance\NATURA~1\Program\npDgnRia.dll (Nuance Communications Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\VMarie\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\ffShim.xpi [2013/10/15 11:58:10 | 000,173,427 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/18 22:41:48 | 000,000,000 | ---D | M]
 
[2014/04/22 03:14:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Search By ZoneAlarm ()
CHR - default_search_provider: suggest_url = 
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_1\
CHR - Extension: avast! Online Security = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2022.121_0\
CHR - Extension: Google Wallet = C:\Users\VMarie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/08/18 20:28:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O2 - BHO: (no name) - {04b93bad-361d-561a-8b0a-79299d443db4} - No CLSID value found.
O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
O2 - BHO: (no name) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - No CLSID value found.
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (no name) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\Toshiba\TBS\HSON.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\Toshiba\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking12\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\isuspm.exe (Flexera Software LLC.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe (Toshiba)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Installer] "C:\Program Files (x86)\CheckPoint\Install\Launcher.exe" "C:\Program Files (x86)\CheckPoint\Install\Install.exe" /r welcome /c "C:\Program Files (x86)\CheckPoint\Install\Install.xml" /w File not found
O4 - HKCU..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Flexera Software LLC.)
O4 - HKCU..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe (NETGEAR Inc.)
O4 - Startup: C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\VMarie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: google.com ([www] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2756F111-7C24-4F68-B09E-FE0B12F80053}: DhcpNameServer = 198.224.173.135 198.224.174.135
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E368BD4A-A3E0-4DF9-BC75-294CA6EB2E33}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E85577F1-A79F-40F0-BC85-61D3EB5367A7}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/29 13:16:31 | 000,000,043 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/08/19 22:01:06 | 000,000,000 | R--D | C] -- C:\Users\VMarie\Dropbox
[2014/08/19 07:51:31 | 000,058,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2014/08/19 07:51:31 | 000,044,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups2.dll
[2014/08/19 07:51:30 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wucltux.dll
[2014/08/19 07:51:04 | 000,700,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2014/08/19 07:51:04 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2014/08/19 07:51:04 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2014/08/19 07:51:04 | 000,038,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2014/08/19 07:51:03 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2014/08/19 07:51:03 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wups.dll
[2014/08/19 07:50:49 | 000,198,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuwebv.dll
[2014/08/19 07:50:49 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuwebv.dll
[2014/08/19 07:50:49 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapp.exe
[2014/08/19 07:50:49 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapp.exe
[2014/08/18 23:33:16 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2014/08/18 23:31:44 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Roaming\Dropbox
[2014/08/18 22:43:27 | 000,000,000 | ---D | C] -- C:\Users\VMarie\AppData\Roaming\AVAST Software
[2014/08/18 22:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/08/18 22:42:11 | 000,092,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014/08/18 22:42:08 | 001,041,168 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/08/18 22:42:06 | 000,427,360 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014/08/18 22:42:03 | 000,079,184 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/08/18 22:41:59 | 000,093,568 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/08/18 22:41:52 | 000,307,344 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/08/18 22:41:46 | 000,043,152 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2014/08/18 22:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/08/18 22:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/08/18 20:28:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/08/18 20:26:26 | 000,000,000 | ---D | C] -- C:\windows\temp
[2014/08/18 20:14:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2014/08/18 20:14:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2014/08/18 20:14:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2014/08/18 20:12:38 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2014/08/18 20:05:01 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2014/08/18 10:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Merge Excel Files
[2014/08/18 10:39:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Merge Excel Files
[2014/08/17 18:04:25 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\windows\SysWow64\sqlite3.dll
[2014/08/17 17:32:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/08/17 17:32:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/08/17 17:32:10 | 000,128,728 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/17 17:29:21 | 000,092,888 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/17 17:29:14 | 000,000,000 | ---D | C] -- C:\Users\VMarie\Desktop\mbar
[2014/08/17 17:27:07 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/08/16 10:49:12 | 001,389,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardagt.exe
[2014/08/16 10:49:12 | 000,619,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardagt.exe
[2014/08/16 10:49:12 | 000,171,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\infocardapi.dll
[2014/08/16 10:49:12 | 000,099,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\infocardapi.dll
[2014/08/16 10:49:08 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\icardres.dll
[2014/08/16 10:49:08 | 000,008,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\icardres.dll
[2014/08/16 10:48:38 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TsWpfWrp.exe
[2014/08/16 10:48:38 | 000,035,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsWpfWrp.exe
[2014/08/16 10:02:53 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2014/08/16 09:58:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/08/16 09:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/08/16 09:55:55 | 000,000,000 | ---D | C] -- C:\Users\VMarie\Pavark
[2014/08/16 07:53:57 | 003,241,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll
[2014/08/16 07:53:56 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\authui.dll
[2014/08/16 07:53:56 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\authui.dll
[2014/08/16 07:53:55 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msihnd.dll
[2014/08/16 07:53:55 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msihnd.dll
[2014/08/16 07:53:55 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\consent.exe
[2014/08/16 07:53:31 | 001,216,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2014/08/16 07:53:28 | 000,529,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/16 07:53:26 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/07 16:23:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2014/08/07 16:21:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2014/08/07 16:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/08/20 07:31:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 07:31:04 | 000,024,608 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/08/20 07:29:26 | 002,505,042 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2014/08/20 07:29:26 | 000,764,392 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2014/08/20 07:29:26 | 000,006,434 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2014/08/20 07:27:23 | 000,001,063 | ---- | M] () -- C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/08/20 07:26:54 | 000,001,033 | ---- | M] () -- C:\Users\VMarie\Desktop\Dropbox.lnk
[2014/08/20 07:25:30 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/08/20 07:23:29 | 000,000,908 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/08/20 07:23:12 | 000,000,437 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts.ics
[2014/08/20 07:22:58 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2014/08/20 07:22:16 | 2798,804,992 | -HS- | M] () -- C:\hiberfil.sys
[2014/08/19 22:15:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2014/08/19 03:07:37 | 000,002,355 | ---- | M] () -- C:\Users\VMarie\Desktop\Chrome App Launcher.lnk
[2014/08/19 03:07:37 | 000,002,355 | ---- | M] () -- C:\Users\VMarie\Desktop\Chrome App Launcher (2).lnk
[2014/08/19 03:07:20 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/08/19 03:07:20 | 000,001,398 | ---- | M] () -- C:\Users\VMarie\Desktop\Internet Explorer.lnk
[2014/08/19 03:07:20 | 000,001,398 | ---- | M] () -- C:\Users\VMarie\Desktop\Internet Explorer (2).lnk
[2014/08/19 03:07:19 | 000,002,258 | ---- | M] () -- C:\Users\VMarie\Desktop\Google Chrome.lnk
[2014/08/19 03:07:19 | 000,002,258 | ---- | M] () -- C:\Users\VMarie\Desktop\Google Chrome (3).lnk
[2014/08/19 03:07:19 | 000,002,182 | ---- | M] () -- C:\Users\VMarie\Desktop\Google Chrome (2).lnk
[2014/08/18 22:44:24 | 000,002,052 | ---- | M] () -- C:\windows\epplauncher.mif
[2014/08/18 22:43:18 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/08/18 22:43:11 | 000,427,360 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswsp.sys
[2014/08/18 22:41:46 | 001,041,168 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2014/08/18 22:41:46 | 000,307,344 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2014/08/18 22:41:46 | 000,224,896 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/08/18 22:41:46 | 000,093,568 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr2.sys
[2014/08/18 22:41:46 | 000,092,008 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswStm.sys
[2014/08/18 22:41:46 | 000,079,184 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2014/08/18 22:41:46 | 000,065,776 | ---- | M] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/08/18 22:41:46 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2014/08/18 22:41:46 | 000,029,208 | ---- | M] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/08/18 21:21:37 | 000,002,299 | ---- | M] () -- C:\Users\VMarie\Desktop\Resume ZoneAlarm Security Install.lnk
[2014/08/18 20:28:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2014/08/18 17:27:28 | 000,000,498 | ---- | M] () -- C:\Users\VMarie\Desktop\Workspace 3.ds - Shortcut.lnk
[2014/08/18 17:27:28 | 000,000,498 | ---- | M] () -- C:\Users\VMarie\Desktop\Workspace 1.ds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,002,799 | ---- | M] () -- C:\Users\VMarie\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2014/08/18 17:27:27 | 000,002,373 | ---- | M] () -- C:\Users\VMarie\Desktop\Canon MG3200 series On-screen Manual.lnk
[2014/08/18 17:27:27 | 000,002,359 | ---- | M] () -- C:\Users\VMarie\Desktop\Toshiba Laptop Checkup.lnk
[2014/08/18 17:27:27 | 000,002,200 | ---- | M] () -- C:\Users\VMarie\Desktop\Constant Guard.lnk
[2014/08/18 17:27:27 | 000,002,171 | ---- | M] () -- C:\Users\VMarie\Desktop\HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,002,065 | ---- | M] () -- C:\Users\VMarie\Desktop\NETGEAR Genie.lnk
[2014/08/18 17:27:27 | 000,002,030 | ---- | M] () -- C:\Users\VMarie\Desktop\Adobe Reader XI.lnk
[2014/08/18 17:27:27 | 000,001,999 | ---- | M] () -- C:\Users\VMarie\Desktop\HTML - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,984 | ---- | M] () -- C:\Users\VMarie\Desktop\CSV - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,902 | ---- | M] () -- C:\Users\VMarie\Desktop\McAfee Security Scan Plus.lnk
[2014/08/18 17:27:27 | 000,001,856 | ---- | M] () -- C:\Users\VMarie\Desktop\QuickTime Player.lnk
[2014/08/18 17:27:27 | 000,001,794 | ---- | M] () -- C:\Users\VMarie\Desktop\iTunes.lnk
[2014/08/18 17:27:27 | 000,001,602 | ---- | M] () -- C:\Users\VMarie\Desktop\Backup Files 2013-01-27 190001 - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,451 | ---- | M] () -- C:\Users\VMarie\Desktop\iStonsoft iTunes Data Recovery (2).lnk
[2014/08/18 17:27:27 | 000,001,375 | ---- | M] () -- C:\Users\VMarie\Desktop\Norton Installation Files (2).lnk
[2014/08/18 17:27:27 | 000,001,270 | ---- | M] () -- C:\Users\VMarie\Desktop\SheetMusicPlusDigitalPrint.lnk
[2014/08/18 17:27:27 | 000,001,175 | ---- | M] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation (2).lnk
[2014/08/18 17:27:27 | 000,001,140 | ---- | M] () -- C:\Users\VMarie\Desktop\CrackerAccountingAug1 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,123 | ---- | M] () -- C:\Users\VMarie\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,001,115 | ---- | M] () -- C:\Users\VMarie\Desktop\Checkbook july3excel - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,083 | ---- | M] () -- C:\Users\VMarie\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | M] () -- C:\Users\VMarie\Desktop\3edf5b4256fb7a7b4af1b304ce2248ab4b3d819f - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | M] () -- C:\Users\VMarie\Desktop\0bba40f017f496c301ba3714fe6383eabee2f697 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,064 | ---- | M] () -- C:\Users\VMarie\Desktop\Website Creator.lnk
[2014/08/18 17:27:27 | 000,001,048 | ---- | M] () -- C:\Users\VMarie\Desktop\Merge Excel Files.lnk
[2014/08/18 17:27:27 | 000,001,025 | ---- | M] () -- C:\Users\VMarie\Desktop\107514_OpenBoxCoupon - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | M] () -- C:\Users\VMarie\Desktop\FixExec - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | M] () -- C:\Users\VMarie\Desktop\checkup - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | M] () -- C:\Users\VMarie\Desktop\Extras - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | M] () -- C:\Users\VMarie\Desktop\attach - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,862 | ---- | M] () -- C:\Users\VMarie\Desktop\Money - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,860 | ---- | M] () -- C:\Users\VMarie\Desktop\My Shared Folder - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | M] () -- C:\Users\VMarie\Desktop\OTL - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | M] () -- C:\Users\VMarie\Desktop\dds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,811 | ---- | M] () -- C:\Users\VMarie\Desktop\Wondershare - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,793 | ---- | M] () -- C:\Users\VMarie\Desktop\CCleaner.lnk
[2014/08/18 17:27:27 | 000,000,748 | ---- | M] () -- C:\Users\VMarie\Desktop\mbar - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,359 | ---- | M] () -- C:\Users\VMarie\Desktop\Recycle Bin - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,355 | ---- | M] () -- C:\Users\VMarie\Desktop\Computer - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,351 | ---- | M] () -- C:\Users\VMarie\Desktop\Network - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,338 | ---- | M] () -- C:\Users\VMarie\Desktop\Congratulations! You've installed Wondershare Dr.Fone for iOS! (2).url
[2014/08/18 17:27:27 | 000,000,216 | ---- | M] () -- C:\Users\VMarie\Desktop\Sell - ListingConfirmed (2).url
[2014/08/18 17:27:27 | 000,000,203 | ---- | M] () -- C:\Users\VMarie\Desktop\Outlook - vicki_marie@live.com (2).url
[2014/08/18 17:27:27 | 000,000,104 | ---- | M] () -- C:\Users\VMarie\Desktop\Control Panel - Shortcut.lnk
[2014/08/18 10:53:05 | 000,128,728 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2014/08/18 10:52:33 | 000,092,888 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2014/08/18 10:39:49 | 000,001,048 | ---- | M] () -- C:\Users\Public\Desktop\Merge Excel Files.lnk
[2014/08/16 09:58:23 | 000,000,793 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/07 16:23:57 | 000,001,794 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/06 19:06:41 | 000,529,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll
[2014/08/06 19:01:34 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2014/08/06 11:30:02 | 000,000,044 | ---- | M] () -- C:\Users\VMarie\AppData\Roaming\WB.CFG
[2014/08/06 10:57:18 | 000,002,065 | ---- | M] () -- C:\Users\Public\Desktop\NETGEAR Genie.lnk
[2014/08/06 10:57:12 | 000,369,168 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\wpcap.dll
[2014/08/06 10:57:12 | 000,106,000 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\packet.dll
[2014/08/06 10:57:12 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) -- C:\windows\SysNative\drivers\npf.sys
[2014/07/23 21:21:49 | 000,001,175 | ---- | M] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation.lnk
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/08/19 22:01:06 | 000,001,033 | ---- | C] () -- C:\Users\VMarie\Desktop\Dropbox.lnk
[2014/08/19 21:59:50 | 000,001,063 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2014/08/18 22:43:18 | 000,001,937 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/08/18 22:42:09 | 000,224,896 | ---- | C] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2014/08/18 22:42:05 | 000,065,776 | ---- | C] () -- C:\windows\SysNative\drivers\aswRvrt.sys
[2014/08/18 22:42:01 | 000,029,208 | ---- | C] () -- C:\windows\SysNative\drivers\aswHwid.sys
[2014/08/18 20:59:37 | 000,002,299 | ---- | C] () -- C:\Users\VMarie\Desktop\Resume ZoneAlarm Security Install.lnk
[2014/08/18 20:14:45 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2014/08/18 20:14:45 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2014/08/18 20:14:45 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2014/08/18 20:14:45 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2014/08/18 20:14:45 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2014/08/18 17:27:28 | 000,000,498 | ---- | C] () -- C:\Users\VMarie\Desktop\Workspace 3.ds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,002,799 | ---- | C] () -- C:\Users\VMarie\Desktop\Dragon NaturallySpeaking 12.0.lnk
[2014/08/18 17:27:27 | 000,002,373 | ---- | C] () -- C:\Users\VMarie\Desktop\Canon MG3200 series On-screen Manual.lnk
[2014/08/18 17:27:27 | 000,002,359 | ---- | C] () -- C:\Users\VMarie\Desktop\Toshiba Laptop Checkup.lnk
[2014/08/18 17:27:27 | 000,002,355 | ---- | C] () -- C:\Users\VMarie\Desktop\Chrome App Launcher (2).lnk
[2014/08/18 17:27:27 | 000,002,258 | ---- | C] () -- C:\Users\VMarie\Desktop\Google Chrome (3).lnk
[2014/08/18 17:27:27 | 000,002,200 | ---- | C] () -- C:\Users\VMarie\Desktop\Constant Guard.lnk
[2014/08/18 17:27:27 | 000,002,182 | ---- | C] () -- C:\Users\VMarie\Desktop\Google Chrome (2).lnk
[2014/08/18 17:27:27 | 000,002,171 | ---- | C] () -- C:\Users\VMarie\Desktop\HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,002,065 | ---- | C] () -- C:\Users\VMarie\Desktop\NETGEAR Genie.lnk
[2014/08/18 17:27:27 | 000,002,030 | ---- | C] () -- C:\Users\VMarie\Desktop\Adobe Reader XI.lnk
[2014/08/18 17:27:27 | 000,001,999 | ---- | C] () -- C:\Users\VMarie\Desktop\HTML - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,984 | ---- | C] () -- C:\Users\VMarie\Desktop\CSV - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,902 | ---- | C] () -- C:\Users\VMarie\Desktop\McAfee Security Scan Plus.lnk
[2014/08/18 17:27:27 | 000,001,856 | ---- | C] () -- C:\Users\VMarie\Desktop\QuickTime Player.lnk
[2014/08/18 17:27:27 | 000,001,794 | ---- | C] () -- C:\Users\VMarie\Desktop\iTunes.lnk
[2014/08/18 17:27:27 | 000,001,602 | ---- | C] () -- C:\Users\VMarie\Desktop\Backup Files 2013-01-27 190001 - Shortcut (2).lnk
[2014/08/18 17:27:27 | 000,001,451 | ---- | C] () -- C:\Users\VMarie\Desktop\iStonsoft iTunes Data Recovery (2).lnk
[2014/08/18 17:27:27 | 000,001,398 | ---- | C] () -- C:\Users\VMarie\Desktop\Internet Explorer (2).lnk
[2014/08/18 17:27:27 | 000,001,375 | ---- | C] () -- C:\Users\VMarie\Desktop\Norton Installation Files (2).lnk
[2014/08/18 17:27:27 | 000,001,270 | ---- | C] () -- C:\Users\VMarie\Desktop\SheetMusicPlusDigitalPrint.lnk
[2014/08/18 17:27:27 | 000,001,175 | ---- | C] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation (2).lnk
[2014/08/18 17:27:27 | 000,001,140 | ---- | C] () -- C:\Users\VMarie\Desktop\CrackerAccountingAug1 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,123 | ---- | C] () -- C:\Users\VMarie\Desktop\Shop for Supplies - HP Officejet Pro 8600.lnk
[2014/08/18 17:27:27 | 000,001,115 | ---- | C] () -- C:\Users\VMarie\Desktop\Checkbook july3excel - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,083 | ---- | C] () -- C:\Users\VMarie\Desktop\Wondershare Dr.Fone for iOS.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | C] () -- C:\Users\VMarie\Desktop\3edf5b4256fb7a7b4af1b304ce2248ab4b3d819f - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,076 | ---- | C] () -- C:\Users\VMarie\Desktop\0bba40f017f496c301ba3714fe6383eabee2f697 - Shortcut.lnk
[2014/08/18 17:27:27 | 000,001,064 | ---- | C] () -- C:\Users\VMarie\Desktop\Website Creator.lnk
[2014/08/18 17:27:27 | 000,001,048 | ---- | C] () -- C:\Users\VMarie\Desktop\Merge Excel Files.lnk
[2014/08/18 17:27:27 | 000,001,025 | ---- | C] () -- C:\Users\VMarie\Desktop\107514_OpenBoxCoupon - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | C] () -- C:\Users\VMarie\Desktop\FixExec - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,882 | ---- | C] () -- C:\Users\VMarie\Desktop\checkup - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | C] () -- C:\Users\VMarie\Desktop\Extras - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,877 | ---- | C] () -- C:\Users\VMarie\Desktop\attach - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,862 | ---- | C] () -- C:\Users\VMarie\Desktop\Money - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,860 | ---- | C] () -- C:\Users\VMarie\Desktop\My Shared Folder - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | C] () -- C:\Users\VMarie\Desktop\OTL - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,842 | ---- | C] () -- C:\Users\VMarie\Desktop\dds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,811 | ---- | C] () -- C:\Users\VMarie\Desktop\Wondershare - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,793 | ---- | C] () -- C:\Users\VMarie\Desktop\CCleaner.lnk
[2014/08/18 17:27:27 | 000,000,748 | ---- | C] () -- C:\Users\VMarie\Desktop\mbar - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,498 | ---- | C] () -- C:\Users\VMarie\Desktop\Workspace 1.ds - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,359 | ---- | C] () -- C:\Users\VMarie\Desktop\Recycle Bin - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,355 | ---- | C] () -- C:\Users\VMarie\Desktop\Computer - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,351 | ---- | C] () -- C:\Users\VMarie\Desktop\Network - Shortcut.lnk
[2014/08/18 17:27:27 | 000,000,338 | ---- | C] () -- C:\Users\VMarie\Desktop\Congratulations! You've installed Wondershare Dr.Fone for iOS! (2).url
[2014/08/18 17:27:27 | 000,000,216 | ---- | C] () -- C:\Users\VMarie\Desktop\Sell - ListingConfirmed (2).url
[2014/08/18 17:27:27 | 000,000,203 | ---- | C] () -- C:\Users\VMarie\Desktop\Outlook - vicki_marie@live.com (2).url
[2014/08/18 17:27:27 | 000,000,104 | ---- | C] () -- C:\Users\VMarie\Desktop\Control Panel - Shortcut.lnk
[2014/08/18 10:39:49 | 000,001,048 | ---- | C] () -- C:\Users\Public\Desktop\Merge Excel Files.lnk
[2014/08/16 09:58:23 | 000,000,793 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/08/07 16:23:57 | 000,001,794 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2014/08/06 11:30:02 | 000,000,044 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\WB.CFG
[2014/07/23 21:21:49 | 000,001,175 | ---- | C] () -- C:\Users\VMarie\Desktop\Continue Free File Viewer Installation.lnk
[2014/06/12 11:56:45 | 000,036,864 | ---- | C] () -- C:\windows\SysWow64\Iduninst.dll
[2014/04/22 22:28:03 | 000,015,689 | -H-- | C] () -- C:\windows\SysWow64\BTImages.dat
[2014/04/20 09:40:15 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2014/02/10 21:49:37 | 000,002,075 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\SAS7_000.DAT
[2013/09/08 04:34:30 | 000,008,470 | ---- | C] () -- C:\Users\VMarie\AppData\Roaming\UserTile.png
[2013/05/17 05:31:32 | 000,773,940 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/05/16 23:26:22 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2013/05/16 23:16:40 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2013/05/16 23:13:44 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat
[2013/05/16 23:13:44 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat
[2013/05/16 23:13:44 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 19:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 18:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 247 bytes -> C:\ProgramData\TEMP:0FF263E8
 
< End of report >
 
 
Seems to be running much better. The only thing i question is why i still this morning had a pop up to complete an update for Microsoft office 2010 which i only have the sample version in 2010. I always use office 2007. I haven't seen the pop up since i did the final scans today so hopefully its gone now... 
Thanks so much for your help...I have a problem with my desktop now too. I received an email which I though was from USPS but I believe its a virus.  Ill have to start a new topic later today. 
Thanks again.


#12 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 AM

Posted 20 August 2014 - 11:25 AM

Hello wingman1001,

you posted 2x the OTL log but missed the AdwareCleaner log!

Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    O2 - BHO: (no name) - {04b93bad-361d-561a-8b0a-79299d443db4} - No CLSID value found.
    O2 - BHO: (no name) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - No CLSID value found.
    O2 - BHO: (no name) - {73A89C60-CF59-4EC7-9215-9B7EF05ECEA4} - No CLSID value found.
    O2 - BHO: (no name) - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    
    :Commands
    [purity]
    [emptytemp]
    
    


    NOTICE: This script was written specifically for this user, for use on that particular machine.
    Running this on another machine may cause damage to your operating system
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post Fix OTL log.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 AM

Posted 24 August 2014 - 08:46 AM

still need help?


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Jo*

Jo*

  • Malware Response Team
  • 3,428 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:05:58 AM

Posted 27 August 2014 - 03:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users