Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM Malicious Website Blocking (dllhoste.exe), Powershell stopped working


  • This topic is locked This topic is locked
16 replies to this topic

#1 cbrueckman

cbrueckman

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 01 January 2015 - 11:01 PM

I have a Toshiba Satellite L675, running Windows 7 Home Premium. Using Avast Internet Security, Microsoft Security Essentials and Malwarebytes. I am not sure if I have one problem or several possibly unrelated issues.

 Lately I have been receiving a lot of “Internet Explorer stopped working” messages and now every few seconds am receiving a MBAM “Malicious Website Blocked” message identifying various domains, IPs and ports but all indicating outbound type and usually, but not always identifying the process as C:\Windows\SysWOW64\dllhost.exe.  I am also receiving frequent Avast Web Shield notices of blocking harmful web pages (even when disconnected from any wifi). I noticed at least one referenced a Powerliks Trojan.  I am receiving irregular notices that “Powershell has stopped working”.

Running MBAM identified two threat which were removed, but with no impact on the messages I have been receiving. Since then the MBAM Scan logs come up empty.

Due to the similarity of symptoms, I followed the guidance offered at “Constant Outgoing traffice from random IP addresses being sent” (http://www.bleepingcomputer.com/forums/t/537233/constant-outgoing-traffice-from-random-ip-addresses-being-sent/) and the Farbar Recovery Scan Tool from Powerliks malware removal help needed (http://www.bleepingcomputer.com/forums/t/554461/powerliks-malware-removal-help-needed/) but to no avail.

I need help before proceeding further.

 

DDS Log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Owner at 23:27:12 on 2014-12-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.1732 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Enabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\atieclxx.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\windows\system32\taskhost.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\syswow64\dllhost.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\syswow64\dllhost.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\windows\splwow64.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\vssvc.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230} : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\2656C6B696E6E2036693 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\3596475636F6D6537334342323 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\5436F6E6F602C4F64676560213 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\7516C677F6274786F534163747C656F564275656 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\C41402155594E445140223 : DHCPNameServer = 207.230.75.34 207.230.75.50
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\C416D60747F6E602745756374702843756025507075627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A644C03F-B548-4A5E-A133-93943F31CDE2} : DHCPNameServer = 216.82.201.11 66.90.130.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax"
x64-Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.168.1.5 NPI13BFF4
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2014-11-27 449936]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-30 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-30 267632]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2014-9-16 28184]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2012-9-22 1050432]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2012-9-22 436624]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-25 202752]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-16 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-9-22 83280]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-14 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-27 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-27 104416]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-12-17 451416]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-14 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-14 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 125584]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-8-25 103792]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2012-8-25 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-27 271752]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-27 4012248]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-10-14 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-10-14 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-10-14 63704]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-8-25 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-8-25 346144]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2011-6-20 1225832]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-25 51512]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S?2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2010-3-23 297344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-1 136192]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-9-22 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HPFXFAX;HPFXFAX;C:\windows\System32\drivers\hpfx64fax.sys [2012-9-22 23064]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-8-25 232992]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-5 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-26 1255736]
.
=============== Created Last 30 ================
.
2014-12-29 05:33:11 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-12-29 05:32:21 87600 ----a-w- C:\windows\System32\cpwmon64.dll
2014-12-29 05:32:18 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-12-29 03:01:51 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3C5A7832-64EC-4E28-B7B6-2FCAF2F69608}\mpengine.dll
2014-12-29 02:18:18 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-12-29 02:18:18 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-12-29 02:18:18 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieBrowserModeList
2014-12-27 16:11:43 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-26 19:23:08 -------- d-----w- C:\ProgramData\Package Cache
2014-12-22 21:34:16 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-22 21:34:15 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-22 13:26:53 -------- d-----w- C:\windows\System32\appraiser
2014-12-22 08:52:09 24576 ----a-w- C:\windows\System32\mfpmp.exe
2014-12-22 08:52:09 2048 ----a-w- C:\windows\SysWow64\mferror.dll
2014-12-22 08:52:09 2048 ----a-w- C:\windows\System32\mferror.dll
2014-12-22 08:52:08 55808 ----a-w- C:\windows\System32\rrinstaller.exe
2014-12-22 08:52:08 23040 ----a-w- C:\windows\SysWow64\mfpmp.exe
2014-12-22 08:52:07 50176 ----a-w- C:\windows\SysWow64\rrinstaller.exe
2014-12-22 08:52:07 206848 ----a-w- C:\windows\System32\mfps.dll
2014-12-22 08:52:07 103424 ----a-w- C:\windows\SysWow64\mfps.dll
2014-12-22 08:52:06 3209728 ----a-w- C:\windows\SysWow64\mf.dll
2014-12-22 08:52:04 4121600 ----a-w- C:\windows\System32\mf.dll
2014-12-19 18:30:01 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{5075C7F7-84F9-4A5E-978B-2C8EF7264686}\gapaengine.dll
2014-12-10 12:26:54 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-12-10 12:25:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
==================== Find3M  ====================
.
2014-12-29 02:20:24 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-29 02:20:24 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-29 01:44:47 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-11-27 23:46:53 1050432 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-11-27 23:46:06 116728 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-11-27 23:46:05 83280 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-11-27 23:46:05 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-11-27 23:46:05 267632 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-11-27 23:46:04 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-11-27 23:46:03 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-11-27 23:45:56 43152 ----a-w- C:\windows\avastSS.scr
2014-11-27 23:44:55 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2014-11-27 23:44:18 449936 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 12:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 12:14:12 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-18 20:56:48 1202848 ----a-w- C:\windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-10-30 11:25:26 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 23:29:31.88 ===============

 

Security Check results:

 Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 
Microsoft Security Essentials  
avast! Antivirus               
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````

 Duplicate Cleaner Free 3.2.4 
 Adobe Reader XI 
 Mozilla Firefox (34.0.5)
````````Process Check: objlist.exe by Laurent```````` 
 Norton ccSvcHst.exe
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 AVAST Software Avast ng ngservice.exe
 AVAST Software Avast ng vbox\AvastVBoxSVC.exe
 AVAST Software Avast avastui.exe 
 AVAST Software Avast ng vbox\aswFe.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

Farber Service Scanner results:

Farbar Service Scanner Version: 21-07-2014
Ran by Owner (administrator) on 01-01-2015 at 01:48:23
Running from "e:\SHARON\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****

 

Mini Toolbox results:

MiniToolBox by Farbar  Version: 30-11-2014
Ran by Owner (administrator) on 01-01-2015 at 01:56:22
Running from "e:\SHARON\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================

192.168.1.5 NPI13BFF4

========================= IP Configuration: ================================

Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wireless Network Connection (Connected)
Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Craig-NB
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Mixed
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : cinci.rr.com

Wireless LAN adapter Wireless Network Connection 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
   Physical Address. . . . . . . . . : 00-26-4D-CB-B0-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

   Connection-specific DNS Suffix  . : cinci.rr.com
   Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 00-26-4D-CB-B0-55
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::3d7d:2e99:6a5:7dc%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.140(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, January 01, 2015 1:46:35 AM
   Lease Expires . . . . . . . . . . : Friday, January 02, 2015 1:46:34 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 301999693
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-CB-0F-28-88-AE-1D-45-C2-84
   DNS Servers . . . . . . . . . . . : 2001:4888:21:ff00:245:d::
                                       209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 88-AE-1D-45-C2-84
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.cinci.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : cinci.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:30d3:2ff6:9de3:eb8(Preferred)
   Link-local IPv6 Address . . . . . : fe80::30d3:2ff6:9de3:eb8%15(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{6D7D0195-F2A1-429B-B4C8-521D2ED9FB29}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{A644C03F-B548-4A5E-A133-93943F31CDE2}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:4888:21:ff00:245:d::

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging google.com [216.58.216.96] with 32 bytes of data:
Reply from 216.58.216.96: bytes=32 time=30ms TTL=54
Reply from 216.58.216.96: bytes=32 time=56ms TTL=54

Ping statistics for 216.58.216.96:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 30ms, Maximum = 56ms, Average = 43ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  2001:4888:21:ff00:245:d::

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=64ms TTL=50
Reply from 98.138.253.109: bytes=32 time=65ms TTL=50

Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 64ms, Maximum = 65ms, Average = 64ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 13...00 26 4d cb b0 55 ......Microsoft Virtual WiFi Miniport Adapter
 11...00 26 4d cb b0 55 ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
 10...88 ae 1d 45 c2 84 ......Realtek PCIe FE Family Controller
  1...........................Software Loopback Interface 1
 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.140     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.140    281
    192.168.1.140  255.255.255.255         On-link     192.168.1.140    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.140    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.140    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.140    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 15     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 15     58 2001::/32                On-link
 15    306 2001:0:9d38:6abd:30d3:2ff6:9de3:eb8/128
                                    On-link
 11    281 fe80::/64                On-link
 15    306 fe80::/64                On-link
 15    306 fe80::30d3:2ff6:9de3:eb8/128
                                    On-link
 11    281 fe80::3d7d:2e99:6a5:7dc/128
                                    On-link
  1    306 ff00::/8                 On-link
 15    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145648] (Microsoft Corp.)
Catalog9 01 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation)
x64-Catalog5 01 \Windows\System32\NLAapi.dll [File Not found] ()
x64-Catalog5 02 \Windows\System32\napinsp.dll [File Not found] ()
x64-Catalog5 03 \Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 04 \Windows\System32\pnrpnsp.dll [File Not found] ()
x64-Catalog5 05 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog5 06 \Windows\System32\winrnr.dll [File Not found] ()
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171760] (Microsoft Corp.)
x64-Catalog9 01 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 02 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 03 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 04 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 05 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 06 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 07 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 08 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 09 \Windows\System32\mswsock.dll [File Not found] ()
x64-Catalog9 10 \Windows\System32\mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/30/2014 06:56:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000055a45
Faulting process id: 0x29f0
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (12/30/2014 04:51:08 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5674

Start Time: 01d0246a0e902763

Termination Time: 4991

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/30/2014 03:07:48 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5324

Start Time: 01d0246adafcfb2b

Termination Time: 5214

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/30/2014 03:01:26 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3694

Start Time: 01d0246c0693c559

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/30/2014 01:38:52 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 42c8

Start Time: 01d02467d02c8c5e

Termination Time: 357

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/30/2014 01:35:48 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: f00

Start Time: 01d02460e1b4a6aa

Termination Time: 604

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/30/2014 00:38:28 AM) (Source: Application Error) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7601.17777, time stamp: 0x4f35fc1d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000004900158
Faulting process id: 0x6a4
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (12/28/2014 10:38:58 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcb52
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc00000fd
Fault offset: 0x0002defe
Faulting process id: 0x3f34
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (12/28/2014 09:58:22 PM) (Source: Application Error) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.17496, time stamp: 0x546fddcc
Faulting module name: TOSHIBAMediaControllerIE.dll, version: 1.0.5.10, time stamp: 0x4ba30cc8
Exception code: 0xc0000005
Fault offset: 0x00005e8b
Faulting process id: 0x2358
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3

Error: (12/28/2014 09:45:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb4
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x001202bc
Faulting process id: 0x584
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

System errors:
=============
Error: (01/01/2015 01:52:00 AM) (Source: Schannel) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (12/31/2014 11:20:50 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.

Error: (12/31/2014 11:20:49 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.

Error: (12/31/2014 11:20:48 PM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.

Error: (12/31/2014 11:15:56 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (12/31/2014 04:10:23 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.191.1055.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (12/31/2014 03:53:54 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

 New Signature Version:

 Previous Signature Version: 1.191.1055.0

 Update Source: %NT AUTHORITY59

 Update Stage: 4.6.0305.00

 Source Path: 4.6.0305.01

 Signature Type: %NT AUTHORITY602

 Update Type: %NT AUTHORITY604

 User: NT AUTHORITY\SYSTEM

 Current Engine Version: %NT AUTHORITY605

 Previous Engine Version: %NT AUTHORITY606

 Error code: %NT AUTHORITY607

 Error description: %NT AUTHORITY608

Error: (12/30/2014 06:57:46 PM) (Source: Server) (User: )
Description: The server could not bind to the transport \Device\NetBT_Tcpip_{9C0B5501-124C-4581-9BBC-05D03499D230} because another computer on the network has the same name.  The server could not start.

Error: (12/30/2014 06:57:31 PM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 3 time(s).

Error: (12/30/2014 05:48:15 PM) (Source: DCOM) (User: )
Description: 1053VSS{E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Microsoft Office Sessions:
=========================
Error: (04/03/2013 09:57:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5749 seconds with 1260 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-27 12:32:22.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:22.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:21.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:21.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:20.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:20.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:19.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:19.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:18.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:17.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

 

=========================== Installed Programs ============================
64 Bit HP CIO Components Installer (Version: 4.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
ATI Catalyst Install Manager (HKLM\...\{BE3DFCA2-6F42-509D-555C-68A923314062}) (Version: 3.0.765.0 - ATI Technologies, Inc.)
Avast Internet Security (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
BufferChm (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
Catalyst Control Center Localization All (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Czech (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Danish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Dutch (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help English (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Finnish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help French (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help German (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Greek (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Italian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Japanese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Korean (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Polish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Russian (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Spanish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Swedish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Thai (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
CCC Help Turkish (x32 Version: 2010.0315.1049.17562 - ATI) Hidden
ccc-core-static (x32 Version: 2010.0315.1050.17562 - ATI) Hidden
ccc-utility64 (Version: 2010.0315.1050.17562 - ATI) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Corel WinDVD Pro 11 (HKLM-x32\...\_{EF13E6B7-86D2-4E2C-82FB-375654407D4F}) (Version: 11.7.0.2 - Corel Inc.)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version:  3.0 - Acro Software Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceDiscovery (x32 Version: 100.0.190.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Duplicate Cleaner Free 3.2.4 (HKLM-x32\...\Duplicate Cleaner Free) (Version: 3.2.4 - DigitalVolcano Software Ltd)
Elevated Installer (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden
FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden
Garmin Express (HKLM-x32\...\{0db152f6-3b8d-4363-aedd-374ee54d33ba}) (Version: 3.2.26.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.26.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin MetroGuide Europe v8 (HKLM-x32\...\{7F3D8BEB-1F42-4C23-B135-1C1DC3BA2A62}) (Version: 8.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{510D2239-6C2E-457B-9590-485EC552D94D}) (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WorldMap v5 (HKLM-x32\...\{365C44C6-DAAA-4615-992F-D606494EF76B}) (Version: 5.0.0.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HP Color LaserJet CM1312 MFP Series 5.1 (HKLM\...\{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}) (Version: 5.1 - HP)
HP Imaging Device Functions 10.0 (HKLM\...\HP Imaging Device Functions) (Version: 10.0 - HP)
HP Product Detection (HKLM-x32\...\{4F38594F-2C4A-4C42-B2C4-505E225F6F80}) (Version: 11.14.0004 - HP)
hppCLJCM1312 (x32 Version: 005.001.00142 - Hewlett-Packard) Hidden
hppFaxDrvCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden
hppFaxUtilityCM1312 (x32 Version: 005.001.00137 - Hewlett-Packard) Hidden
hppFonts (x32 Version: 001.001.00061 - Hewlett-Packard) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppManualsCM1312 (x32 Version: 005.001.00145 - Hewlett-Packard) Hidden
hppPQVideoCM1312 (x32 Version: 005.001.00142 - Hewlett-Packard) Hidden
hppQFolderCM1312 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
hppScanToCM1312 (x32 Version: 005.001.00140 - Hewlett-Packard) Hidden
hppSendFaxCM1312 (x32 Version: 005.000.00001 - Hewlett-Packard) Hidden
hppTLBXFXCM1312 (x32 Version: 001.017.00050 - Hewlett-Packard) Hidden
hppusgCM1312 (x32 Version: 1.1.0.1 - Hewlett-Packard) Hidden
hpzTLBXFX (x32 Version: 005.003.00171 - Hewlett-Packard) Hidden
ICA (x32 Version: 11.7.0.2 - Corel Inc.) Hidden
IPM (x32 Version: 11.5 - Corel Inc.) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
Jewel Quest 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Logitech Flow Scroll 4.0 (HKLM\...\Sn1) (Version: 4.00.33 - Logitech)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MapSource - MetroGuide North America v6 (HKLM-x32\...\InstallShield_{234C4ED9-65DE-4FB4-8000-E2381FA24F4E}) (Version: 6.00 - Garmin Ltd. and its subsidiaries)
MapSource - MetroGuide North America v6 (x32 Version: 6.00 - Garmin Ltd. and its subsidiaries) Hidden
MapSource (HKLM-x32\...\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}) (Version: 6.3 - Garmin Ltd. and its subsidiaries)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
OpenOffice.org 3.4.1 (HKLM-x32\...\{9F1F2AEA-C72A-4DD6-991E-C5506A5625E4}) (Version: 3.41.9593 - Apache Software Foundation)
Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden
Quicken 2010 (HKLM-x32\...\{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}) (Version: 19.1.7.14 - Intuit)
Quicken 2013 (HKLM-x32\...\{034DD4BB-F0D6-4ECF-B064-8E39E3EF7076}) (Version: 22.1.11.31 - Intuit)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.5992 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6069 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30111 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0012 - Realtek)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Setup (x32 Version: 11.7.0.2 - Corel Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.8.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.10 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.07.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.11.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.2.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.3.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.6C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.6C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.0.21C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.0.21C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.6 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.6 - TOSHIBA Corporation) Hidden
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.3.198 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.80.3.64 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.5.10 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.6.0.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{A0E99122-25C1-4CA4-9063-499A2A814EB6}) (Version: 1.6.06.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.6.06.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.0.9C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.0.9C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.3.3.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.3.3.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.15 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
TrayApp (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
U232 P9/P25 13.2.98 (HKLM-x32\...\{DA7113AA-E3D0-48C6-BE31-E1F11BB9D18E}) (Version: 13.2.98 - MCT)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2920789) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9913305E-D4AC-4D26-B30F-799D529FB282}) (Version:  - Microsoft)
Update for Microsoft Office PowerPoint 2007 (KB2597972) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{7B9D2746-D03B-442B-A691-90B748E316B4}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.52.1C - TOSHIBA) Hidden
Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden
Virtual Villagers - The Secret City (x32 Version: 2.2.0.82 - WildTangent) Hidden
WebReg (x32 Version: 100.0.170.000 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.0.80 - WildTangent)
WildTangent Games App (Toshiba Games) (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba) (Version: 4.0.10.17 - WildTangent)
WildTangent ORB Game Console (x32 Version:  - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (HKLM\...\49CF605F02C7954F4E139D18828DE298CD59217C) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
WinDVD (x32 Version: 11.7.0.2 - Corel Inc.) Hidden
Zuma's Revenge (x32 Version: 2.2.0.82 - WildTangent) Hidden

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 91%
Total physical RAM: 3835.68 MB
Available physical RAM: 309.07 MB
Total Pagefile: 7937.24 MB
Available Pagefile: 2036.44 MB
Total Virtual: 4095.88 MB
Available Virtual: 3978.16 MB

========================= Partitions: =====================================

1 Drive c: (TI105838W0G) (Fixed) (Total:156.74 GB) (Free:9.33 GB) NTFS
3 Drive e: (User) (Fixed) (Total:129.85 GB) (Free:36.24 GB) NTFS
4 Drive g: (KINGSTON) (Removable) (Total:0.96 GB) (Free:0.14 GB) FAT

========================= Users: ========================================

User accounts for \\CRAIG-NB

Administrator            CRAIG                    Guest                   
Owner                    SHARON                  

========================= Restore Points ==================================

18-12-2014 18:29:50 Windows Update
22-12-2014 04:33:31 Windows Update
22-12-2014 08:48:12 Windows Update
23-12-2014 15:34:33 Windows Update
26-12-2014 19:21:58 Garmin Express
26-12-2014 19:26:01 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
27-12-2014 16:07:27 Windows Update
31-12-2014 21:28:03 Windows Backup

**** End of log ****

 

MBAM Scan Log:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/31/2014
Scan Time: 3:45:20 AM
Logfile: Malwarebytes Scan Log 2014-12-31.txt
Administrator: No

Version: 2.00.4.1028
Malware Database: v2014.12.31.02
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: SHARON

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322973
Time Elapsed: 22 min, 25 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

MBAM Anti-Rootkit log reults:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001
www.malwarebytes.org

Database version: v2015.01.01.02

Windows 7 Service Pack 1 x64 NTFS (Safe Mode)
Internet Explorer 11.0.9600.17501
Owner :: CRAIG-NB [administrator]

1/1/2015 3:02:07 AM
mbar-log-2015-01-01 (03-02-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 435152
Time elapsed: 24 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

and system log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.300000 GHz
Memory total: 4022005760, free: 637575168

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.300000 GHz
Memory total: 4022005760, free: 604917760

Downloaded database version: v2015.01.01.02
Downloaded database version: v2014.12.30.01
Downloaded database version: v2014.12.06.01
=======================================

=======================================
Initializing...
DDA Driver installation error.
Could not install driver on boot. Scan can't continue
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 11.0.9600.17501

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.300000 GHz
Memory total: 4022005760, free: 3467501568

=======================================
Initializing...
------------ Kernel report ------------
     01/01/2015 03:01:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\LPCFilter.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\DRIVERS\amdsata.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\TVALZ_O.SYS
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\tdcmdpst.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\aswKbd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\TVALZFL.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amdsata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\framebuf.dll
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\Wldap32.dll
\Windows\System32\msctf.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\kernel32.dll
\Windows\System32\ole32.dll
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\difxapi.dll
\Windows\System32\psapi.dll
\Windows\System32\wininet.dll
\Windows\System32\sechost.dll
\Windows\System32\imm32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\gdi32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004c1d410
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa8004bfa730
Lower Device Driver Name: \Driver\amdsata\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004c1d410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004c1e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004c1d410, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004c044b0, DeviceName: Unknown, DriverName: \Driver\amdxata\
DevicePointer: 0xfffffa8004bfa730, DeviceName: \Device\00000062\, DriverName: \Driver\amdsata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7D1953A9

Partition information:

    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 328697856

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 331771904  Numsec = 272326656

    Partition 3 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 604098560  Numsec = 21043200
    Partition is not bootable
Hidden partition VBR is not infected.

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
<<<2>>>
<<<3>>>
Volume: E:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================

Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-3-604098560-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

 

RKill results:

Rkill 2.6.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/01/2015 10:58:08 AM in x64 mode. (Safe Mode)
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * Base Filtering Engine (BFE) is not Running.
   Startup Type set to: Automatic

 * DHCP Client (Dhcp) is not Running.
   Startup Type set to: Automatic

 * DNS Client (Dnscache) is not Running.
   Startup Type set to: Automatic

 * COM+ Event System (EventSystem) is not Running.
   Startup Type set to: Automatic

 * Windows Firewall (MpsSvc) is not Running.
   Startup Type set to: Automatic

 * Network Connections (Netman) is not Running.
   Startup Type set to: Manual

 * Network Store Interface Service (nsi) is not Running.
   Startup Type set to: Automatic

 * Security Center (wscsvc) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Windows Update (wuauserv) is not Running.
   Startup Type set to: Automatic (Delayed Start)

 * Ancillary Function Driver for Winsock (AFD) is not Running.
   Startup Type set to: System

 * Windows Firewall Authorization Driver (mpsdrv) is not Running.
   Startup Type set to: Manual

 * NetBT (NetBT) is not Running.
   Startup Type set to: System

 * NSI proxy service driver. (nsiproxy) is not Running.
   Startup Type set to: System

 * NetIO Legacy TDI Support Driver (tdx) is not Running.
   Startup Type set to: System

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  192.168.1.5 NPI13BFF4

Program finished at: 01/01/2015 11:01:53 AM
Execution time: 0 hours(s), 3 minute(s), and 44 seconds(s)

 

AdwCleaner results (No [S1] file was produced, only [S0]:

# AdwCleaner v4.106 - Report created 01/01/2015 at 14:58:28
# Updated 21/12/2014 by Xplode
# Database : 2015-01-01.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - CRAIG-NB
# Running from : E:\Owner\Desktop\adwcleaner_4.106.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [1554 octets] - [01/01/2015 13:55:15]
AdwCleaner[R1].txt - [1614 octets] - [01/01/2015 14:34:57]
AdwCleaner[S0].txt - [1545 octets] - [01/01/2015 14:58:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1605 octets] ##########

 

Junkware Removal Tool results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Thu 01/01/2015 at 15:21:37.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARMANAGER_8CA8B414-8A88BD82.pf
Successfully deleted: [File] C:\windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 01/01/2015 at 15:27:02.84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

ESET Online Scanner results:

E:\SHARON\Downloads\Duplicate File Finders\easy_duplicate_setup.exe Win32/MyPCBackup.A potentially unwanted application deleted - quarantined

 

Farbar Recovery Scan Tool:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by SHARON (ATTENTION: The logged in user is not administrator) on CRAIG-NB on 01-01-2015 19:22:59
Running from e:\SHARON\Desktop
Loaded Profile: SHARON (Available profiles: Owner & CRAIG & SHARON)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10134560 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [896032 2010-03-22] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [52600 2009-03-09] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1489760 2010-04-06] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [705368 2010-02-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [HP Color LaserJet CM1312 MFP Series Fax] => C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe [3700736 2009-09-22] (Hewlett-Packard Company)
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [352256 2010-02-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2009-06-02] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2009-12-25] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-09] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [296096 2012-09-01] (RealNetworks, Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTracking] => C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe [24576 2009-05-11] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2009-10-22] (HP)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2014-12-12] (AVAST Software)
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-23] (Google Inc.)
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\...\MountPoints2: F - F:\MotoCastSetup.exe -a
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.juno.com/start/sp.do
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> {BF1B8BC6-F201-4C15-A337-BEFBF3B55C99} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {779D783B-577F-4B03-81E2-C870CE4CED33} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2036840590-2400122020-1746281125-1004 -> DefaultScope {54E52BDD-8DA8-4A2A-9F31-18B4426CA56B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS498US499
SearchScopes: HKU\S-1-5-21-2036840590-2400122020-1746281125-1004 -> {54E52BDD-8DA8-4A2A-9F31-18B4426CA56B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA_enUS498US499
SearchScopes: HKU\S-1-5-21-2036840590-2400122020-1746281125-1004 -> {BF1B8BC6-F201-4C15-A337-BEFBF3B55C99} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2036840590-2400122020-1746281125-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-2036840590-2400122020-1746281125-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: 192.168.1.5 NPI13BFF4
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF ProfilePath: C:\Users\SHARON\AppData\Roaming\Mozilla\Firefox\Profiles\ght3usqo.default
FF Plugin: @java.com/DTPlugin,version=10.10.2 -> C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012-10-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-22]

Chrome:
=======
CHR Profile: C:\Users\SHARON\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\SHARON\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-22]
CHR Extension: (Google Search) - C:\Users\SHARON\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-22]
CHR Extension: (Logitech Flow Scroll) - C:\Users\SHARON\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi [2012-11-22]
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2012-10-04]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-27]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-27] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2014-11-27] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-27] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227936 2013-11-15] (WildTangent)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451416 2014-12-17] (Garmin Ltd or its subsidiaries)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136192 2009-06-01] (HP) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [103792 2010-01-28] (Symantec Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
U2 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [297344 2009-08-13] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-27] ()
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-11-27] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-27] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2014-11-27] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-27] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-27] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-27] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-27] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-27] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-27] ()
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-11-27] (Avast Software)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 19:22 - 2015-01-01 19:23 - 00000000 ____D () C:\FRST
2015-01-01 19:09 - 2015-01-01 19:09 - 00000197 _____ () C:\windows\system32\2015-01-02-01-09-01.051-AvastVBoxSVC.exe-6684.log
2015-01-01 15:30 - 2015-01-01 15:30 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-01-01 15:21 - 2015-01-01 15:21 - 00000000 ____D () C:\windows\ERUNT
2015-01-01 15:05 - 2015-01-01 15:05 - 00000197 _____ () C:\windows\system32\2015-01-01-21-05-53.030-AvastVBoxSVC.exe-6008.log
2015-01-01 14:36 - 2015-01-01 14:37 - 00000197 _____ () C:\windows\system32\2015-01-01-20-36-57.063-AvastVBoxSVC.exe-7084.log
2015-01-01 13:55 - 2015-01-01 14:58 - 00000000 ____D () C:\AdwCleaner
2015-01-01 13:38 - 2015-01-01 13:38 - 00000197 _____ () C:\windows\system32\2015-01-01-19-38-46.034-AvastVBoxSVC.exe-6136.log
2015-01-01 03:01 - 2015-01-01 10:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-28 23:36 - 2014-12-30 16:50 - 00000000 ____D () C:\Users\SHARON\AppData\Local\CutePDF Writer
2014-12-28 23:33 - 2014-12-28 23:33 - 00000247 _____ () C:\windows\system32\2014-12-29-05-33-37.093-aswFe.exe-13956.log
2014-12-28 23:33 - 2014-12-28 23:33 - 00000000 ____D () C:\Program Files (x86)\GPLGS
2014-12-28 23:32 - 2014-12-28 23:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2014-12-28 23:32 - 2014-12-28 23:32 - 00000000 ____D () C:\Program Files (x86)\Acro Software
2014-12-28 23:32 - 2013-10-23 15:24 - 00087600 _____ () C:\windows\system32\cpwmon64.dll
2014-12-28 23:04 - 2014-12-28 23:33 - 00000247 _____ () C:\windows\system32\2014-12-29-05-04-41.025-aswFe.exe-5664.log
2014-12-28 23:04 - 2014-12-28 23:04 - 00000197 _____ () C:\windows\system32\2014-12-29-05-04-15.001-AvastVBoxSVC.exe-6152.log
2014-12-28 20:18 - 2014-12-28 20:18 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieUserList
2014-12-28 20:18 - 2014-12-28 20:18 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieSiteList
2014-12-28 20:18 - 2014-12-28 20:18 - 00000000 __SHD () C:\Users\Owner\AppData\Local\EmieBrowserModeList
2014-12-28 19:44 - 2014-12-28 19:44 - 00000197 _____ () C:\windows\system32\2014-12-29-01-44-25.058-AvastVBoxSVC.exe-4612.log
2014-12-26 13:34 - 2014-12-26 13:34 - 00000000 ____D () C:\Users\SHARON\AppData\Local\Garmin
2014-12-26 13:29 - 2014-12-26 13:29 - 00001899 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-12-26 13:23 - 2014-12-26 13:33 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-22 15:34 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-22 15:34 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-22 07:26 - 2014-12-22 07:26 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-22 02:52 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-22 02:52 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-22 02:52 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-22 02:52 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-22 02:52 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-22 02:52 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-22 02:52 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-22 02:52 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-22 02:52 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-22 02:52 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-18 12:18 - 2014-12-18 12:19 - 00000197 _____ () C:\windows\system32\2014-12-18-18-18-54.084-AvastVBoxSVC.exe-3928.log
2014-12-13 13:12 - 2014-12-13 13:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-11 23:19 - 2014-12-11 23:19 - 00000197 _____ () C:\windows\system32\2014-12-12-05-19-19.080-AvastVBoxSVC.exe-2388.log
2014-12-10 06:26 - 2014-12-03 20:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-10 06:26 - 2014-12-03 20:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-10 06:26 - 2014-12-03 20:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-10 06:26 - 2014-12-03 20:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-10 06:26 - 2014-12-03 20:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-10 06:26 - 2014-12-03 20:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-10 06:26 - 2014-12-03 20:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-10 06:26 - 2014-12-01 17:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-10 06:26 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-10 06:26 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-10 06:26 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-10 06:26 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-10 06:26 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-10 06:26 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-10 06:26 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-10 06:26 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-10 06:26 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-10 06:26 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-10 06:26 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-10 06:26 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-10 06:26 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-10 06:26 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-10 06:26 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-10 06:26 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-10 06:26 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-10 06:26 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-10 06:26 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-10 06:26 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-10 06:26 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-10 06:26 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-10 06:26 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-10 06:26 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-10 06:26 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-10 06:26 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-10 06:26 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-10 06:26 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-10 06:26 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-10 06:26 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-10 06:26 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-10 06:26 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-10 06:26 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-10 06:26 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-10 06:26 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-10 06:26 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-10 06:26 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-10 06:26 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-10 06:26 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-10 06:26 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-10 06:26 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-10 06:26 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-10 06:26 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-10 06:26 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-10 06:26 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-10 06:25 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-10 06:25 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-10 06:25 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-10 06:25 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-10 06:25 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-10 06:25 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-10 06:25 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-10 06:25 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-10 06:25 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-10 06:25 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-10 06:25 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-10 06:25 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-10 06:25 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-10 06:25 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-10 06:25 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-10 06:25 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-10 06:25 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-10 06:25 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 06:25 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-10 06:25 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-10 06:25 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-10 06:25 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-10 06:25 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-10 06:25 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-10 06:25 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-10 06:25 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-07 01:05 - 2014-12-07 01:05 - 00000197 _____ () C:\windows\system32\2014-12-07-07-05-43.014-AvastVBoxSVC.exe-4992.log
2014-12-04 17:45 - 2014-12-04 17:45 - 00000000 ____D () C:\Users\SHARON\AppData\Roaming\sMedio
2014-12-04 17:44 - 2014-12-04 17:44 - 00000000 ____D () C:\Users\SHARON\sMedio
2014-12-03 21:56 - 2014-12-03 21:56 - 00000197 _____ () C:\windows\system32\2014-12-04-03-56-00.035-AvastVBoxSVC.exe-3428.log

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 19:21 - 2012-10-01 16:47 - 00000000 ____D () C:\Users\SHARON\AppData\Local\CrashDumps
2015-01-01 19:18 - 2009-07-13 22:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-01 19:18 - 2009-07-13 22:45 - 00019248 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-01 19:17 - 2012-08-26 10:07 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-01 19:16 - 2012-08-25 16:32 - 01417271 _____ () C:\windows\WindowsUpdate.log
2015-01-01 19:08 - 2012-09-09 17:14 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-01 19:04 - 2012-08-26 10:07 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-01 19:03 - 2014-04-07 12:28 - 00000374 _____ () C:\windows\Tasks\ReclaimerResumeInstallLogin_Owner.job
2015-01-01 19:03 - 2010-03-23 23:33 - 00302410 _____ () C:\windows\PFRO.log
2015-01-01 19:03 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-01 19:03 - 2009-07-13 22:51 - 00052774 _____ () C:\windows\setupact.log
2015-01-01 16:29 - 2014-04-07 12:28 - 00000374 _____ () C:\windows\Tasks\ReclaimerResumeInstall_Owner.job
2015-01-01 16:11 - 2014-10-14 17:16 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-01 14:34 - 2009-07-13 23:13 - 00782510 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-01 10:52 - 2014-09-10 16:06 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-01 10:52 - 2012-08-26 10:00 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe
2015-01-01 03:01 - 2014-10-14 17:15 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-28 20:20 - 2012-09-09 17:14 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-28 20:20 - 2012-09-09 17:14 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-28 19:59 - 2013-01-11 20:48 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-28 19:05 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\Help
2014-12-28 18:36 - 2012-09-22 22:22 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2014-12-28 18:32 - 2014-10-14 17:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-28 18:32 - 2014-10-14 17:15 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-26 13:34 - 2013-03-07 07:02 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\GARMIN
2014-12-26 13:34 - 2012-12-16 16:33 - 00000000 ____D () C:\ProgramData\GARMIN
2014-12-26 13:32 - 2012-12-16 16:33 - 00000000 ____D () C:\Program Files\DIFX
2014-12-26 13:31 - 2012-12-16 16:33 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-12-26 13:29 - 2012-12-16 16:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-12-22 08:18 - 2013-05-27 13:38 - 00000000 ____D () C:\windows\rescache
2014-12-22 07:26 - 2014-05-15 08:08 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-22 07:26 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-22 07:26 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-22 03:04 - 2012-08-25 16:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-22 03:03 - 2013-09-07 15:18 - 00000000 ____D () C:\windows\system32\MRT
2014-12-22 03:02 - 2012-09-01 21:05 - 00000000 ____D () C:\Users\CRAIG
2014-12-22 02:55 - 2012-08-25 18:43 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-20 23:33 - 2012-08-25 15:23 - 00000000 ____D () C:\Users\Owner
2014-12-18 12:15 - 2014-11-26 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-18 09:57 - 2014-11-26 12:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2014-12-04 17:44 - 2012-09-01 21:09 - 00000000 ____D () C:\Users\SHARON

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD, see Addition.txt for additional information.

==================== End Of Log ============================

 

 

 

 

 

Attached Files


Edited by cbrueckman, 01 January 2015 - 11:24 PM.


BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:25 PM

Posted 06 January 2015 - 11:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/561788 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 cbrueckman

cbrueckman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 06 January 2015 - 11:43 PM

1. No new steps other than reported above.

2. DDS Log (new attach.txt is attached):

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by Owner at 22:35:40 on 2015-01-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3836.1904 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
C:\windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe
C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\System32\MsSpellCheckingFacility.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [HPUsageTracking] "C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT\"
mRun: [ToolBoxFX] "C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect119b.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\2656C6B696E6E2036693 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\3596475636F6D6537334342323 : DHCPNameServer = 192.168.1.1 0.0.0.0
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\5436F6E6F602C4F64676560213 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\7516C677F6274786F534163747C656F564275656 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\C41402155594E445140223 : DHCPNameServer = 207.230.75.34 207.230.75.50
TCP: Interfaces\{9C0B5501-124C-4581-9BBC-05D03499D230}\C416D60747F6E602745756374702843756025507075627 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A644C03F-B548-4A5E-A133-93943F31CDE2} : DHCPNameServer = 216.82.201.11 66.90.130.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [SmoothView] C:\Program Files (x86)\Toshiba\SmoothView\SmoothView.exe
x64-Run: [00TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [HP Color LaserJet CM1312 MFP Series Fax] C:\Program Files (x86)\HP\HP Color LaserJet CM1312 MFP Series\hppfaxprintersrv.exe "HP Color LaserJet CM1312 MFP Series Fax"
x64-Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
Hosts: 192.168.1.5 NPI13BFF4
.
================= FIREFOX ===================
.
FF - ProfilePath -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdisFlt;Avast! Firewall Driver;C:\windows\System32\drivers\aswNdisFlt.sys [2014-11-27 449936]
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2013-3-30 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2013-3-30 267632]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 aswKbd;aswKbd;C:\windows\System32\drivers\aswKbd.sys [2014-9-16 28184]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2012-9-22 1050432]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2012-9-22 436624]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-8-25 202752]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-16 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2012-9-22 83280]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-27 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-11-27 104416]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-1 136192]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-14 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-14 969016]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [2012-8-25 126392]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-27 271752]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-27 4012248]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-10-14 25816]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\windows\System32\drivers\mwac.sys [2014-10-14 63704]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2012-8-25 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-8-25 346144]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\System32\drivers\rtl8192se.sys [2011-6-20 1225832]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]
S?2 taisregispinger;taisregispinger;C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [2010-3-23 297344]
S2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-1-14 116728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2014-12-17 451416]
S2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [2012-8-25 103792]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2012-9-22 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-7-28 1511872]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 227936]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 HPFXFAX;HPFXFAX;C:\windows\System32\drivers\hpfx64fax.sys [2012-9-22 23064]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-10 114688]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-10-14 129752]
S3 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-6-18 125584]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2012-8-25 232992]
S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-8-25 51512]
S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-5 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-26 1255736]
.
=============== Created Last 30 ================
.
2015-01-07 01:26:13 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AC88C586-F8E5-48DB-B6E5-99DC32128633}\gapaengine.dll
2015-01-07 01:25:41 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{422099A9-52F6-49D9-9ABE-68F077E7D717}\mpengine.dll
2015-01-06 00:51:36 -------- d-----w- C:\ProgramData\PDF Architect 2
2015-01-05 23:39:20 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-05 23:30:22 -------- d-----w- C:\Users\Owner\AppData\Local\CutePDF Writer
2015-01-02 01:22:48 -------- d-----w- C:\FRST
2015-01-01 21:30:44 -------- d-----w- C:\Program Files (x86)\ESET
2015-01-01 21:21:34 -------- d-----w- C:\windows\ERUNT
2015-01-01 19:55:11 -------- d-----w- C:\AdwCleaner
2015-01-01 09:01:47 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-29 05:33:11 -------- d-----w- C:\Program Files (x86)\GPLGS
2014-12-29 05:32:21 87600 ----a-w- C:\windows\System32\cpwmon64.dll
2014-12-29 05:32:18 -------- d-----w- C:\Program Files (x86)\Acro Software
2014-12-29 02:18:18 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieUserList
2014-12-29 02:18:18 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieSiteList
2014-12-29 02:18:18 -------- d-sh--w- C:\Users\Owner\AppData\Local\EmieBrowserModeList
2014-12-26 19:23:08 -------- d-----w- C:\ProgramData\Package Cache
2014-12-22 21:34:16 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-22 21:34:15 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-22 13:26:53 -------- d-----w- C:\windows\System32\appraiser
2014-12-22 08:52:09 24576 ----a-w- C:\windows\System32\mfpmp.exe
2014-12-22 08:52:09 2048 ----a-w- C:\windows\SysWow64\mferror.dll
2014-12-22 08:52:09 2048 ----a-w- C:\windows\System32\mferror.dll
2014-12-22 08:52:08 55808 ----a-w- C:\windows\System32\rrinstaller.exe
2014-12-22 08:52:08 23040 ----a-w- C:\windows\SysWow64\mfpmp.exe
2014-12-22 08:52:07 50176 ----a-w- C:\windows\SysWow64\rrinstaller.exe
2014-12-22 08:52:07 206848 ----a-w- C:\windows\System32\mfps.dll
2014-12-22 08:52:07 103424 ----a-w- C:\windows\SysWow64\mfps.dll
2014-12-22 08:52:06 3209728 ----a-w- C:\windows\SysWow64\mf.dll
2014-12-22 08:52:04 4121600 ----a-w- C:\windows\System32\mf.dll
2014-12-10 12:26:54 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-12-10 12:25:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
.
==================== Find3M  ====================
.
2015-01-06 01:39:13 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2015-01-01 09:01:30 96472 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-12-29 02:20:24 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-29 02:20:24 701616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-11-27 23:46:53 1050432 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-11-27 23:46:06 116728 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-11-27 23:46:05 83280 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-11-27 23:46:05 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-11-27 23:46:05 267632 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-11-27 23:46:04 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-11-27 23:46:03 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-11-27 23:45:56 43152 ----a-w- C:\windows\avastSS.scr
2014-11-27 23:44:55 28184 ----a-w- C:\windows\System32\drivers\aswKbd.sys
2014-11-27 23:44:18 449936 ----a-w- C:\windows\System32\drivers\aswNdisFlt.sys
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-21 12:14:22 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-11-21 12:14:08 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-11-18 20:56:48 1202848 ----a-w- C:\windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-11-11 03:08:48 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-11-11 02:44:25 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-11-08 03:16:08 2048 ----a-w- C:\windows\System32\tzres.dll
2014-11-08 02:45:09 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-10-30 11:25:26 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-10-30 02:03:43 165888 ----a-w- C:\windows\System32\charmap.exe
2014-10-30 01:45:43 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-10-25 01:57:59 77824 ----a-w- C:\windows\System32\packager.dll
2014-10-25 01:32:37 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-10-18 02:05:23 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-10-18 01:33:18 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-10-14 02:16:37 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-10-14 02:13:00 3241984 ----a-w- C:\windows\System32\msi.dll
2014-10-14 02:12:57 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-10-14 02:09:31 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-10-14 02:07:31 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-10-14 01:50:47 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-10-14 01:50:41 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-10-14 01:49:38 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-10-14 01:47:30 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-10-14 01:46:02 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-10-10 00:57:42 3198976 ----a-w- C:\windows\System32\win32k.sys
.
============= FINISH: 22:36:00.80 ===============

 

3. Yes, I have my original Windows CD/DVD
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 07 January 2015 - 11:42 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2036840590-2400122020-1746281125-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is the computer running now?

#5 cbrueckman

cbrueckman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 07 January 2015 - 04:22 PM

Fixlog.txt:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by SHARON at 2015-01-07 14:37:41 Run:1
Running from E:\Owner\Desktop
Loaded Profiles: Owner & SHARON (Available profiles: Owner & CRAIG & SHARON)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\...A8F59079A8D5}\localserver32:  <==== ATTENTION!
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-2036840590-2400122020-1746281125-1004 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - No Path

End
*****************

Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value could not be deleted.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value could not be deleted.
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 => Key could not be deleted. Access denied.
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key could not be deleted. Access denied.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => Key could not be deleted. Access denied.
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => Key could not be deleted. Access denied.
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => Key could not be deleted. Access denied.
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3 => Key could not be deleted. Access denied.
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value could not be deleted.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Value could not be deleted.
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Value could not be deleted.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found.
HKU\S-1-5-21-2036840590-2400122020-1746281125-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => Key could not be deleted. Access denied.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk => Key could not be deleted. Access denied.

The system needed a reboot.

==== End of Fixlog 14:37:52 ====

 

I am not getting the MBAM messages about blocking the outbound threats, the Avast Web Shield notices nor the "Powershell has stopped working" messages.

 

I am getting a notice "Toshiba Service Station has stopped working". Otherwise, it appears OK.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 08 January 2015 - 09:29 AM

Open your Task Manager using the (CRTL+ALT+DEL) keys.

Under the Service tab make sure that the TOSHIBA Service Station is enable.

If unable to enable it the you can download the latest version and install it.
You will find the information here: http://support.toshiba.com/support/viewContentDetail?contentId=4003322

----

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 cbrueckman

cbrueckman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 08 January 2015 - 10:33 AM

I am receiving a message that the OS is not capable of installing the Toshiba Service Station, so the computer was not modified. I don't understand this inability, since this program came with the computer when I bought it new.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 08 January 2015 - 11:30 AM

Try this.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

#9 cbrueckman

cbrueckman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 09 January 2015 - 09:07 PM

Restored to last good configuration. Toshiba Service Station still would not run, even from Owner/Administrator login. Found that I could "run as administrator" from regular user login.  Installed updates as indicated in Service Station. Rebooted computer and was able to run program from user level login.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 10 January 2015 - 09:41 AM


Is the problem completely solved?

#11 cbrueckman

cbrueckman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 10 January 2015 - 01:19 PM

We are not receiving the initially reported messages anymore. My wife is the primary user of that computer.  She reports that it is still slow to load pages such as her juno inbox or facebook and frequently freezes completely.  Last night it produced a BSD while she was using IE, on facebook, I think.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 10 January 2015 - 01:52 PM

Please download MiniToolBox to Desktop and run it.

Check mark the following boxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List last 10 Event Viewer log
  • Click Go and copy/paste the log (Result.txt) into your next post.
  • Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
The BSOD can be caused by Hardware of software.

#13 cbrueckman

cbrueckman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 10 January 2015 - 03:09 PM

Results of MiniToolbox (should it have been run from an administrator account?):

 

MiniToolBox by Farbar  Version: 30-11-2014
Ran by SHARON (ATTENTION: The logged in user is not administrator) on 10-01-2015 at 14:05:19
Running from "e:\SHARON\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/10/2015 11:13:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0xbf0
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (01/09/2015 07:39:56 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1698
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (01/09/2015 07:34:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1430
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (01/09/2015 07:18:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1784
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (01/08/2015 02:35:35 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 25e0

Start Time: 01d02b67355880ca

Termination Time: 0

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/08/2015 10:31:49 AM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x159c
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (01/08/2015 09:30:44 AM) (Source: MsiInstaller) (User: CRAIG-NB)
Description: Product: TOSHIBA Service Station -- The operating system is not adequate for running TOSHIBA Service Station.

Error: (01/08/2015 09:16:54 AM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1f60
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (01/07/2015 03:14:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x1874
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

Error: (01/07/2015 02:43:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: TPCHSrv.exe, version: 1.0.0.17, time stamp: 0x4b83993e
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x16fc
Faulting application start time: 0xTPCHSrv.exe0
Faulting application path: TPCHSrv.exe1
Faulting module path: TPCHSrv.exe2
Report Id: TPCHSrv.exe3

System errors:
=============
Error: (01/10/2015 11:13:54 AM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (01/10/2015 08:33:35 AM) (Source: DCOM) (User: )
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (01/10/2015 08:33:30 AM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/10/2015 08:31:14 AM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/10/2015 08:29:53 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (01/10/2015 08:27:59 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:05:46 PM on ‎1/‎9/‎2015 was unexpected.

Error: (01/09/2015 07:56:03 PM) (Source: DCOM) (User: )
Description: {45CC1698-D1CF-417B-BC32-80EB79E05EF1}

Error: (01/09/2015 07:55:58 PM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/09/2015 07:55:14 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.

Error: (01/09/2015 07:52:53 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Microsoft Office Sessions:
=========================
Error: (04/03/2013 09:57:33 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5749 seconds with 1260 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-11-27 12:32:22.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:22.189
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:21.748
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:21.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:20.833
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:20.269
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:19.789
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:19.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:18.247
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-11-27 12:32:17.645
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\cryptnet.dll because the set of per-page image hashes could not be found on the system.

**** End of log ****



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:25 PM

Posted 11 January 2015 - 09:29 AM

The exception code 0xc0000374 indicates a heap corruption - to determine the solution, you would need to debug the crash in a debugger to figure out who is corrupting the heap.
Source: https://social.technet.microsoft.com/Forums/windows/en-US/578396fd-29c0-4dd3-b002-5e2e8df1b398/exception-code-0xc0000374

This is no longer malware and not my forte.

Refer to this article and see if you can find the application that is causing this problem.

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

If the problem persists then I suggest you start a new topic in the Windows 7 forum.
http://www.bleepingcomputer.com/forums/f/167/windows-7/

You should explain the problem and give the exact information that you see when you get the BSOD.
It should help them identify the problem.

#15 cbrueckman

cbrueckman
  • Topic Starter

  • Members
  • 87 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 11 January 2015 - 11:09 PM

Thanks.

 

I will research the debugging article and see what I can find about the BSD issue. The clean boot article no longer seems applicable since I was able to install the program.

 

I have not had any repeat of the BSD or "internet explorer stopped working".

 

thanks for all your help!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users