Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer slow, wants to sell anti virus, etc. Hijackthis log posted


  • This topic is locked This topic is locked
4 replies to this topic

#1 mlbnfl

mlbnfl

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 24 February 2015 - 12:07 PM

Hello all,

 

It has been recommended to me to run a hijackthis program and then post the log here to see if anyone can assist me with getting the laptop in working order. I dont use it personally but it seems super slow, it wants to "fix" the issue by selling anti virus software, etc. If anyone can see anything in the log that I could fix it would be greatly appreciated.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:52:51 AM, on 2/24/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Webroot\Security\current\framework\WRTray.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Program Files (x86)\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Updater For XFIN_PORTAL - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [TSleepSrv] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe"
O4 - HKLM\..\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
O4 - HKLM\..\Run: [WebrootTrayApp] "C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Best Buy pc app] "C:\Users\Owner4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms"
O4 - HKCU\..\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe"  /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
O4 - HKCU\..\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://search.genieo.com
O15 - Trusted IP range: 127.0.0.1
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Comcast AntiSpyware (AntiSpywareService) - Unknown owner - C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc.  - C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11395 bytes
 



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:31 PM

Posted 24 February 2015 - 04:22 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 2

zoek.jpg

Please download 51a612a8b27e2-Zoek.pngZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    process;
    services-list;
    systemspecs;
    startupall;
    filesrcm;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 mlbnfl

mlbnfl
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:31 AM

Posted 24 February 2015 - 10:24 PM

Hello Jurgen,

 

Thank you for your help. I have run the programs as you requested and will post the logs below. Let me know if there is any issue with posting all the logs in the same reply and I can break them up. Thank you again.

 

First the FRST.txt log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2015
Ran by Owner4 (administrator) on OWNER4-PC on 24-02-2015 22:05:43
Running from C:\Users\Owner4\Desktop
Loaded Profiles: Owner4 (Available profiles: Owner4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot Software, Inc. ) C:\Program Files (x86)\Webroot\Security\current\framework\WRConsumerService.exe
() C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
(CA, Inc.) C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Webroot Software, Inc. (www.webroot.com)) C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
() C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)
HKLM-x32\...\Run: [WebrootTrayApp] => C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe [1382984 2011-09-07] (Webroot Software, Inc. )
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-01-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Run: [Best Buy pc app] => "C:\Users\Owner4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms"
HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Run: [Desktop Software] => C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe [1025320 2009-04-24] (SupportSoft, Inc.)
HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Run: [ComcastAntispyClient] => C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe [1589208 2009-08-19] ()
HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\MountPoints2: {8493e332-3237-11e1-b373-e89a8f63bae1} - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/g/
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKU\.DEFAULT -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS445
SearchScopes: HKU\.DEFAULT -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ_enUS445
SearchScopes: HKU\S-1-5-21-2962928441-3583004551-1946495101-1000 -> Comcast URL = http://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search
SearchScopes: HKU\S-1-5-21-2962928441-3583004551-1946495101-1000 -> {6B5D56A8-8A96-4078-9374-D0C3E9E9493B} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
SearchScopes: HKU\S-1-5-21-2962928441-3583004551-1946495101-1000 -> {84ACBA74-3498-4E39-9D5E-E253C71EB5CA} URL = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20131042,19432,FF23,0,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2962928441-3583004551-1946495101-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNJ
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: XFINITY Toolbar -> {4b9bcce8-a70b-402a-a7e1-db96831ee26f} -> C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Updater For XFIN_PORTAL -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} -> C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll (Visicom Media)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - XFINITY Toolbar - {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll ()
Toolbar: HKU\.DEFAULT -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2962928441-3583004551-1946495101-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner4\AppData\Roaming\Mozilla\Firefox\Profiles\zym92799.default
FF SelectedSearchEngine: 407
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Owner4\AppData\Roaming\Mozilla\Firefox\Profiles\zym92799.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\cgpcfg.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\CgpCore.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\confmgr.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\ctxlogging.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\ctxmui.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\icafile.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\icalogon.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\msvcm80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\msvcp80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\msvcr80.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\npicaN.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\sslsdk_b.dll (Citrix Systems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Owner4\AppData\Roaming\mozilla\plugins\TcpPServ.dll (Citrix Systems, Inc.)
FF Extension: XFINITY Toolbar - C:\Users\Owner4\AppData\Roaming\Mozilla\Firefox\Profiles\zym92799.default\Extensions\{4b9bcce8-a70b-402a-a7e1-db96831ee26f} [2011-11-05]
FF Extension: Yahoo! Toolbar - C:\Users\Owner4\AppData\Roaming\Mozilla\Firefox\Profiles\zym92799.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-02-24]
FF HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.xfinity.com/?cid=insDate11052011"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.200.2) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U20) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.115\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Best Buy pc app Detector) - C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Profile: C:\Users\Owner4\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Wallet) - C:\Users\Owner4\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-24]
CHR HKLM-x32\...\Chrome\Extension: [bopakagnckmlgajfccecajhnimjiiedh] - http://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 WebrootSpySweeperService; C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe [3997912 2011-08-24] (Webroot Software, Inc. (www.webroot.com))
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WRConsumerService; C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe [3381184 2011-09-07] (Webroot Software, Inc. )

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-24] (Malwarebytes Corporation)
R2 ssfmonm; C:\Windows\System32\DRIVERS\ssfmonm.sys [56920 2011-07-11] (Webroot Software, Inc. (www.webroot.com))
R0 ssidrv; C:\Windows\System32\DRIVERS\ssidrv.sys [136224 2011-07-11] (Webroot Software, Inc. (www.webroot.com))
S3 cpuz134; \??\C:\Users\Owner4\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 22:05 - 2015-02-24 22:06 - 00020756 _____ () C:\Users\Owner4\Desktop\FRST.txt
2015-02-24 22:03 - 2015-02-24 22:05 - 00000000 ____D () C:\FRST
2015-02-24 22:03 - 2015-02-24 22:03 - 02087424 _____ (Farbar) C:\Users\Owner4\Desktop\FRST64.exe
2015-02-24 22:02 - 2015-02-24 22:02 - 01126912 _____ (Farbar) C:\Users\Owner4\Downloads\FRST.exe
2015-02-24 11:52 - 2015-02-24 11:52 - 00011397 _____ () C:\Users\Owner4\Desktop\hijackthis log
2015-02-24 11:48 - 2015-02-24 11:48 - 00003003 _____ () C:\Users\Owner4\Desktop\HiJackThis.lnk
2015-02-24 11:48 - 2015-02-24 11:48 - 00000000 ____D () C:\Users\Owner4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-02-24 11:48 - 2015-02-24 11:48 - 00000000 ____D () C:\Program Files (x86)\HiJackThis
2015-02-24 11:45 - 2015-02-24 11:45 - 01402880 _____ () C:\Users\Owner4\Downloads\HiJackThis.msi
2015-02-24 09:35 - 2015-02-24 10:09 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 09:34 - 2015-02-24 09:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-24 09:34 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-02-24 09:34 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-02-24 08:16 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-02-24 08:16 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-02-24 08:16 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-02-24 08:16 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-02-24 07:56 - 2015-02-24 08:02 - 00000165 _____ () C:\windows\Reimage.ini
2015-02-24 07:55 - 2015-02-24 07:56 - 00784888 _____ (Reimage®) C:\Users\Owner4\Downloads\ReimageRepair.exe
2015-02-11 08:11 - 2015-02-03 22:16 - 00894976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-02-11 08:11 - 2015-02-03 22:16 - 00762368 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-02-11 08:11 - 2015-02-03 22:16 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-02-11 08:11 - 2015-02-03 22:16 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-02-11 08:11 - 2015-02-03 22:16 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-02-11 08:11 - 2015-02-03 22:16 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-02-11 08:11 - 2015-02-03 22:13 - 01098752 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-02-11 08:11 - 2015-01-27 18:36 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-02-11 08:11 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-02-11 08:11 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 08:11 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-02-11 08:11 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-02-11 08:11 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-02-11 08:11 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-02-11 08:11 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-02-11 08:11 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-02-11 08:11 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-02-11 08:11 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-02-11 08:11 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 08:11 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-02-11 08:11 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 08:11 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 08:11 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-02-11 08:11 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-02-11 08:11 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-02-11 08:11 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-02-11 08:11 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-02-11 08:11 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 08:11 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-02-11 08:11 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-02-11 08:11 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 08:11 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 08:11 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-02-11 08:11 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-02-11 08:11 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 08:11 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-02-11 08:11 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-02-11 08:11 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-02-11 08:11 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-02-11 08:11 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 08:11 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-02-11 08:11 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-02-11 08:11 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-02-11 08:11 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-02-11 08:11 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-02-11 08:11 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-02-11 08:11 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-02-11 08:11 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-02-11 08:11 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-02-11 08:11 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-02-11 08:11 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-02-11 08:11 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-02-11 08:11 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-02-11 08:11 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-02-11 08:10 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-02-11 08:10 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-02-11 08:10 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-02-11 08:10 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-02-11 08:10 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-02-11 08:10 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-02-11 08:10 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-02-11 08:10 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-02-11 08:10 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-02-11 08:10 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-02-11 08:10 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-02-11 08:10 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-02-11 08:10 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-02-11 08:10 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-02-11 08:10 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-02-11 08:10 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-02-11 08:10 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-02-11 08:10 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-02-11 08:10 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-02-11 08:10 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 08:10 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-02-11 08:10 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-02-11 08:10 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-02-11 08:10 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-02-11 08:10 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-02-11 08:10 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-02-11 08:10 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-02-11 08:10 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-02-11 08:10 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-02-11 08:10 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-02-11 08:10 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-02-11 08:10 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-02-11 08:10 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-02-11 08:10 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-02-11 08:10 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-02-11 08:10 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-02-11 08:10 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-02-11 08:10 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 08:10 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-02-11 08:10 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-02-11 08:10 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-02-11 08:10 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-02-11 08:10 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-02-11 08:10 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-02-11 08:10 - 2014-10-03 21:10 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-02-11 08:10 - 2014-10-03 20:42 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-02-11 08:10 - 2014-10-03 20:42 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-02-11 08:10 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-02-11 08:10 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-02-11 08:10 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-02-11 08:10 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-02-11 08:09 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-02-11 08:09 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-02-11 08:09 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-02-11 08:09 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-02-11 08:09 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 08:09 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 08:09 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-02-11 08:09 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-02-11 08:09 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-02-11 08:09 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-01-28 08:04 - 2015-01-28 08:04 - 00000000 ____D () C:\Users\Owner4\Documents\Excelcior College 2015

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-02-24 22:00 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 22:00 - 2009-07-13 23:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 21:56 - 2011-06-22 18:14 - 01205292 _____ () C:\windows\WindowsUpdate.log
2015-02-24 21:53 - 2011-06-22 18:43 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-24 21:53 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-24 21:53 - 2009-07-13 23:51 - 00171683 _____ () C:\windows\setupact.log
2015-02-24 15:40 - 2011-08-18 01:35 - 00000000 ____D () C:\Users\Owner4\AppData\Roaming\SoftGrid Client
2015-02-24 15:38 - 2012-04-18 18:22 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-24 15:18 - 2010-11-20 22:47 - 00429898 _____ () C:\windows\PFRO.log
2015-02-24 15:16 - 2012-01-04 11:32 - 00000000 ____D () C:\Users\Owner4\Documents\Resume-JENNY
2015-02-24 14:58 - 2011-03-23 21:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-02-24 14:56 - 2012-02-11 16:24 - 00000000 ____D () C:\ProgramData\Yahoo!
2015-02-24 14:56 - 2012-02-11 16:23 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2015-02-24 10:04 - 2014-03-03 18:51 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-24 10:04 - 2012-05-03 14:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 09:34 - 2013-06-23 09:39 - 00000000 ____D () C:\Users\Owner4\AppData\Roaming\Malwarebytes
2015-02-24 09:34 - 2013-06-23 09:38 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-24 09:34 - 2013-06-23 09:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-24 09:34 - 2013-06-23 09:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-02-24 08:38 - 2012-04-18 18:22 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-24 08:38 - 2012-04-18 18:22 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-24 08:38 - 2012-01-25 23:22 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-24 07:52 - 2011-08-09 12:16 - 00000000 ____D () C:\ProgramData\Webroot
2015-02-24 07:47 - 2009-07-13 23:45 - 00267672 _____ () C:\windows\system32\FNTCACHE.DAT
2015-02-24 07:44 - 2014-12-12 07:56 - 00000000 ____D () C:\windows\system32\appraiser
2015-02-24 07:44 - 2014-05-07 06:47 - 00000000 ___SD () C:\windows\system32\CompatTel
2015-02-11 08:23 - 2013-07-28 20:01 - 00000000 ____D () C:\windows\system32\MRT
2015-02-11 08:15 - 2011-12-15 22:17 - 116773704 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-02-11 08:12 - 2011-06-22 18:43 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-11 08:12 - 2011-06-22 18:43 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-11 08:12 - 2011-06-22 18:43 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-11 07:52 - 2009-07-14 00:08 - 00032560 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2015-02-09 08:46 - 2011-11-11 18:49 - 00000000 ____D () C:\Users\Owner4\AppData\Local\CrashDumps
2015-02-09 08:45 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

==================== Files in the root of some directories =======

2013-12-25 09:53 - 2013-12-25 09:53 - 0004600 _____ () C:\Users\Owner4\AppData\Roaming\mbam.context.scan
2013-10-16 19:11 - 2013-06-27 10:36 - 0192512 _____ () C:\Users\Owner4\AppData\Local\common_functions.dll
2013-06-27 10:36 - 2013-06-27 10:36 - 0114688 _____ () C:\Users\Owner4\AppData\Local\ie_runner_app.exe
2013-10-16 19:11 - 2012-06-26 05:59 - 0940544 _____ (Apache Software Foundation) C:\Users\Owner4\AppData\Local\log4cxx.dll
2011-12-08 00:52 - 2011-12-08 00:52 - 0000000 _____ () C:\Users\Owner4\AppData\Local\{DEA2E861-BEB5-4DA0-AD96-3ED49C782A23}

Some content of TEMP:
====================
C:\Users\Owner4\AppData\Local\Temp\contentDATs.exe
C:\Users\Owner4\AppData\Local\Temp\FlashPlayer.exe
C:\Users\Owner4\AppData\Local\Temp\IeSearchProvider3720758177406024010.exe
C:\Users\Owner4\AppData\Local\Temp\otu3k-va.dll
C:\Users\Owner4\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Owner4\AppData\Local\Temp\ReiSysUpdate.exe
C:\Users\Owner4\AppData\Local\Temp\SearchWithGoogleUpdate.exe
C:\Users\Owner4\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Owner4\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Owner4\AppData\Local\Temp\updater_uninstall.exe
C:\Users\Owner4\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-02-21 21:13

==================== End Of Log ============================

 

 

 

Next the Addition.txt log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-02-2015
Ran by Owner4 at 2015-02-24 22:07:18
Running from C:\Users\Owner4\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {53211D91-0C31-95F2-E3A5-7661FB22889E}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot AntiVirus with Spy Sweeper (Disabled - Up to date) {E840FC75-2A0B-9A7C-D915-4D1380A5C223}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Connect 9 Add-in (HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Adobe Connect 9 Add-in) (Version: 11,2,247,0 - Adobe Systems Incorporated)
Adobe Connect Add-in (HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{A83279FD-CA4B-4206-9535-90974DE76654}) (Version: 2.1.5 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
CA Pest Patrol Realtime Protection (HKLM-x32\...\{F05A5232-CE5E-4274-AB27-44EB8105898D}) (Version: 001.001.0034 - Computer Associates Inc.)
CDisplay 1.8 (HKLM-x32\...\CDisplay_is1) (Version:  - dvd8n)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Citrix XenApp Web Plugin (HKLM-x32\...\{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}) (Version: 11.0.0.5357 - Citrix Systems, Inc.)
Comcast Desktop Software (v1.2.1) (HKLM-x32\...\{118C3943-1683-42EF-824D-C22E70DB42E7}) (Version: 24 - Comcast)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy Media Player 1.1.12 (HKLM-x32\...\Easy Media Player) (Version: 1.1.12 - Easy Media Player)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1.1 (x86 en-US)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Webroot Software (HKLM-x32\...\Webroot Software) (Version: 7.0.6.38 - Webroot Software, Inc.)
Webroot Software (x32 Version: 7.0.6.38 - Webroot Software, Inc.) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
XFINITY Toolbar (HKLM-x32\...\xfin_portal) (Version: 3.5.1.10 - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

21-12-2014 03:32:58 Windows Update
25-12-2014 10:25:31 Windows Update
31-12-2014 15:57:57 Windows Update
06-01-2015 06:57:57 Windows Update
09-01-2015 08:13:47 Windows Update
14-01-2015 08:07:03 Windows Update
15-01-2015 08:00:59 Windows Update
16-01-2015 08:21:05 Windows Update
20-01-2015 07:44:46 Windows Update
24-01-2015 09:57:52 Windows Update
28-01-2015 07:46:54 Windows Update
09-02-2015 08:42:13 Windows Update
11-02-2015 08:13:54 Windows Update
24-02-2015 08:09:31 Windows Update
24-02-2015 11:46:24 Installed HiJackThis
24-02-2015 13:37:03 Windows Update
24-02-2015 14:58:28 Removed Microsoft Office 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2011-09-19 19:04 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {42A88119-9331-4CF1-91BE-9B8CD0FA044A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)
Task: {749FA624-FF97-4CEF-A998-C4ED699965EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: {7BA3B6D0-164A-46CF-BDB4-E6F25A672118} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F9FFB177-227E-464D-82A1-C4F20F7EF308} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-28] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2009-06-17 12:49 - 2009-06-17 12:49 - 00616408 _____ () C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
2011-04-04 21:18 - 2011-04-04 21:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2009-08-19 12:25 - 2009-08-19 12:25 - 01589208 _____ () C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
2010-12-08 17:42 - 2010-12-08 17:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2011-09-07 11:41 - 2011-09-07 11:40 - 02557952 _____ () C:\Program Files (x86)\Webroot\Security\Current\framework\frameworkresources.dll
2011-08-09 12:17 - 2011-08-29 00:24 - 01219256 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\antimalware.dll
2011-08-09 12:17 - 2011-09-07 11:39 - 00057344 _____ () C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\antimalwareresources.dll
2011-08-09 12:17 - 2011-08-24 20:28 - 00539744 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\ziptv06.dll
2011-08-09 12:17 - 2011-08-24 20:28 - 00419192 _____ () C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\LockBox.dll
2014-03-03 18:51 - 2014-11-13 21:42 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-24 08:38 - 2015-02-24 08:38 - 16852144 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRConsumerService => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2962928441-3583004551-1946495101-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner4\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2962928441-3583004551-1946495101-500 - Administrator - Disabled)
Guest (S-1-5-21-2962928441-3583004551-1946495101-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2962928441-3583004551-1946495101-1002 - Limited - Enabled)
Owner4 (S-1-5-21-2962928441-3583004551-1946495101-1000 - Administrator - Enabled) => C:\Users\Owner4

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2015 09:59:59 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (02/24/2015 09:59:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0x904
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (02/24/2015 09:58:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (02/24/2015 09:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0xf0
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (02/24/2015 09:58:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Stream product id=0x0066): Streaming Failed

Error: (02/24/2015 09:57:27 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3

Error: (02/24/2015 09:57:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchIndexer.exe, version: 7.0.7601.17610, time stamp: 0x4dc0d019
Faulting module name: TQUERY.DLL, version: 7.0.7601.17610, time stamp: 0x4dc0e17a
Exception code: 0xc0000006
Fault offset: 0x0000000000034a88
Faulting process id: 0xd78
Faulting application start time: 0xSearchIndexer.exe0
Faulting application path: SearchIndexer.exe1
Faulting module path: SearchIndexer.exe2
Report Id: SearchIndexer.exe3

Error: (02/24/2015 09:56:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
Too many failures while downloading ranges: 2

Error: (02/24/2015 09:53:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 03:47:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Microsoft Windows Search Indexer because of this error.

Program: Microsoft Windows Search Indexer
File: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ci

The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
    - It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
    - It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.

Additional Data
Error value: C0000185
Disk type: 3


System errors:
=============
Error: (02/24/2015 10:00:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/24/2015 09:58:47 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/24/2015 09:57:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/24/2015 03:47:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/24/2015 03:46:59 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (02/24/2015 03:46:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/24/2015 03:45:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/24/2015 03:26:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 3 time(s).

Error: (02/24/2015 03:25:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (02/24/2015 03:23:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (02/24/2015 09:59:59 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ciMicrosoft Windows Search IndexerC00001853

Error: (02/24/2015 09:59:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a8890401d050a70b46bf6fC:\windows\system32\SearchIndexer.exeC:\windows\system32\TQUERY.DLL6263ff3d-bc9a-11e4-8a4a-e89a8f63bae1

Error: (02/24/2015 09:58:46 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ciMicrosoft Windows Search IndexerC00001853

Error: (02/24/2015 09:58:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88f001d050a6dc8ad43dC:\windows\system32\SearchIndexer.exeC:\windows\system32\TQUERY.DLL36c58107-bc9a-11e4-8a4a-e89a8f63bae1

Error: (02/24/2015 09:58:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Stream product id=0x0066): Streaming Failed

Error: (02/24/2015 09:57:27 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ciMicrosoft Windows Search IndexerC00001853

Error: (02/24/2015 09:57:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchIndexer.exe7.0.7601.176104dc0d019TQUERY.DLL7.0.7601.176104dc0e17ac00000060000000000034a88d7801d050a641024ab6C:\windows\system32\SearchIndexer.exeC:\windows\system32\TQUERY.DLL079e9ef9-bc9a-11e4-8a4a-e89a8f63bae1

Error: (02/24/2015 09:56:31 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Too many failures while downloading ranges: 2

Error: (02/24/2015 09:53:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/24/2015 03:47:22 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.ciMicrosoft Windows Search IndexerC00001853


==================== Memory info ===========================

Processor: Intel® Pentium® CPU B940 @ 2.00GHz
Percentage of memory in use: 46%
Total physical RAM: 4043.86 MB
Available physical RAM: 2156.98 MB
Total Pagefile: 8085.91 MB
Available Pagefile: 6030.16 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI106139W0E) (Fixed) (Total:282.9 GB) (Free:219.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (untitled folder) (CDROM) (Total:0.08 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 4E59E2AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=282.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End Of Log ============================

 

 

Finally the ZOEK-results logfile

 

Zoek.exe v5.0.0.0 Updated 24-February-2015
Tool run by Owner4 on Tue 02/24/2015 at 22:10:48.33.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Owner4\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

2/24/2015 10:13:08 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
C:\Users\Owner4\Desktop\zoek.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\SysWOW64\cmd.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AntiSpywareService] - Comcast AntiSpyware - c:\program files (x86)\comcasttb\comcastspywarescan\comcastantispyservice.exe
R2 - [cvhsvc] - Client Virtualization Handler - c:\program files (x86)\common files\microsoft shared\virtualization handler\cvhsvc.exe
R2 - [ITMRTSVC] - CA Pest Patrol Realtime Protection Service - c:\program files (x86)\ca\pprt\bin\itmrtsvc.exe
R2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
R2 - [sftlist] - Application Virtualization Client - c:\program files (x86)\microsoft application virtualization client\sftlist.exe
R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - c:\windows\system32\toddsrv.exe
R2 - [TosCoSrv] - TOSHIBA Power Saver - c:\program files\toshiba\power saver\toscosrv.exe
R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - c:\program files\toshiba\teco\tecoservice.exe
R2 - [UNS] - Intel® Management and Security Application User Notification Service - c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
R2 - [WebrootSpySweeperService] - Webroot Spy Sweeper Engine - c:\program files (x86)\webroot\security\current\plugins\antimalware\aei.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - c:\program files\windows media player\wmpnetwk.exe
R2 - [WRConsumerService] - Webroot Client Service - c:\program files (x86)\webroot\security\current\framework\wrconsumerservice.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
R3 - [sftvsa] - Application Virtualization Service Agent - c:\program files (x86)\microsoft application virtualization client\sftvsa.exe
R3 - [TMachInfo] - TMachInfo - c:\program files (x86)\toshiba\toshiba service station\tmachinfo.exe
R3 - [TOSHIBA HDD SSD Alert Service] - TOSHIBA HDD SSD Alert Service - c:\program files\toshiba\toshiba hdd ssd alert\tossmartsrv.exe
R3 - [TPCHSrv] - TPCH Service - c:\program files\toshiba\tphm\tpchsrv.exe
R3 - [VSS] - Volume Shadow Copy - c:\windows\system32\vssvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Google Update Service (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [sppsvc] - Software Protection - c:\windows\system32\sppsvc.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Application Layer Gateway Service - c:\windows\system32\alg.exe
S3 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S3 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [ehRecvr] - Windows Media Center Receiver Service - c:\windows\ehome\ehrecvr.exe
S3 - [ehSched] - Windows Media Center Scheduler Service - c:\windows\ehome\ehsched.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [gupdatem] - Google Update Service (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IDriverT] - InstallDriver Table Manager - c:\program files (x86)\common files\installshield\driver\1150\intel 32\idrivert.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [McComponentHostService] - McAfee Security Scan Component Host Service - c:\program files\mcafee security scan\3.8.150\mcchsvc.exe
S3 - [MozillaMaintenance] - Mozilla Maintenance Service - c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
S3 - [MSDTC] - Distributed Transaction Coordinator - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [PerfHost] - Performance Counter DLL Host - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - SNMP Trap - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Windows Modules Installer - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Virtual Disk - c:\windows\system32\vds.exe
S3 - [WatAdminSvc] - Windows Activation Technologies Service - c:\windows\system32\wat\watadminsvc.exe
S3 - [wbengine] - Block Level Backup Engine Service - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - ASP.NET State Service - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 4044 MB
CPU Info: Intel® Pentium® CPU B940 @ 2.00GHz
CPU Speed: 1968.2 MHz
Sound Card: Speakers (Conexant SmartAudio H |
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) | Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
CD / DVD Drives: 1x (D: | ) D: TSSTcorpCDDVDW TS-L633F
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  282.9GB | Q:  0.0MB
Hard Disks - Free: C:  220.9GB | Q:  0.0MB
Manufacturer *: INSYDE
BIOS Info: AT/AT COMPATIBLE | 05/17/11 | TOSQCI - 1
Time Zone: Eastern Standard Time
Motherboard *: Intel Corp. Base Board Product Name
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Webroot AntiVirus with Spy Sweeper On-access scanning disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Webroot AntiVirus with Spy Sweeper disabled (Outdated)
Default Browser: Firefox    33.1.1
Internet Explorer Version: 11.0.9600.17633
Mozilla Firefox version: 33.1.1 (x86 en-US)
Google Chrome version: 40.0.2214.115
Adobe Reader version: 10.0.0.396
Sun Java version: 1.6.0_20 (32-bit)
Flash Player version: 16.0.0.305

==== Files Recently Created / Modified ======================

====== C:\windows ====
2015-02-24 12:56:42    87B9B277346B1B7E46C129A8F5EADB26    165    ----a-w-    C:\windows\Reimage.ini
====== C:\Users\Owner4\AppData\Local\Temp ====
2015-02-24 13:00:15    8AE1D9232F12B20487A498586A170ADE    295912    ----a-w-    C:\Users\Owner4\AppData\Local\Temp\ReiSysUpdate.exe
2015-02-24 12:59:45    731F5AEA9D01B8A97412C7E155F123D4    13362280    ----a-w-    C:\Users\Owner4\AppData\Local\Temp\ReimagePackage.exe
====== Java Cache =====
====== C:\windows\SysWOW64 =====
2015-02-24 13:16:31    4FD3763F3917201856B0CBCE310003EA    4300800    ----a-w-    C:\windows\SysWOW64\jscript9.dll
2015-02-24 13:16:31    01BD2653F2185218837CF4A175617F8A    620032    ----a-w-    C:\windows\SysWOW64\jscript9diag.dll
2015-02-11 13:11:32    7C893DBA0A58855A99DA68B751FD223B    248832    ----a-w-    C:\windows\SysWOW64\schannel.dll
2015-02-11 13:11:31    B63A6FF4339C9B701A93D3973C7FB6D2    550912    ----a-w-    C:\windows\SysWOW64\kerberos.dll
2015-02-11 13:11:31    7D94A9161E8432B8521E60E064B1D737    259584    ----a-w-    C:\windows\SysWOW64\msv1_0.dll
2015-02-11 13:11:31    3BB446DE24501FEA5FDB9A9DB23A22AE    221184    ----a-w-    C:\windows\SysWOW64\ncrypt.dll
2015-02-11 13:11:30    F3F6BE20A03215209B61CA85B4A83E1F    65536    ----a-w-    C:\windows\SysWOW64\TSpkg.dll
2015-02-11 13:11:30    C256EFD3655EC782F8094E96094E8F9E    17408    ----a-w-    C:\windows\SysWOW64\credssp.dll
2015-02-11 13:11:30    A12D64A94EC57079C2D96A741CB4FF53    172032    ----a-w-    C:\windows\SysWOW64\wdigest.dll
2015-02-11 13:11:03    E1A4D24281526DDFEA418F729CDA9DC6    30720    ----a-w-    C:\windows\SysWOW64\iernonce.dll
2015-02-11 13:11:03    D87759889FE7BCAE4461439139E62BAA    76288    ----a-w-    C:\windows\SysWOW64\mshtmled.dll
2015-02-11 13:11:03    B0F7BD3492C2D60A70F15AEADCE1E2A6    47616    ----a-w-    C:\windows\SysWOW64\ieetwproxystub.dll
2015-02-11 13:11:03    3B9EF1B8E154D202D32A7765E2F33554    64000    ----a-w-    C:\windows\SysWOW64\MshtmlDac.dll
2015-02-11 13:11:02    94B1F7CE1AAA5542923E0AD63C4D0050    60416    ----a-w-    C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 13:11:02    8FBC9680719ACDA9351B67D906C682F4    688640    ----a-w-    C:\windows\SysWOW64\msfeeds.dll
2015-02-11 13:11:02    8E8137569741D3693F88DDF94CC38C20    1307136    ----a-w-    C:\windows\SysWOW64\urlmon.dll
2015-02-11 13:11:02    74EA6C792F57E453261DA210C1BCEB53    342712    ----a-w-    C:\windows\SysWOW64\iedkcs32.dll
2015-02-11 13:11:02    6FA05244FD2E40A3DC08337146B3C425    285696    ----a-w-    C:\windows\SysWOW64\dxtrans.dll
2015-02-11 13:11:02    61C74D794C14E9FC94D93F5F0F72A3F9    19740160    ----a-w-    C:\windows\SysWOW64\mshtml.dll
2015-02-11 13:11:01    FD6AF61AF029B9BC2CF4EFF57CDD5821    710144    ----a-w-    C:\windows\SysWOW64\ieapfltr.dll
2015-02-11 13:11:01    AD3F5926EC2C1F21FB45D1CDED6E2A47    2052608    ----a-w-    C:\windows\SysWOW64\inetcpl.cpl
2015-02-11 13:11:01    5FB7E9786F70F4072663746072C9E6CE    62464    ----a-w-    C:\windows\SysWOW64\iesetup.dll
2015-02-11 13:11:01    47B26D89EF9973E2DD586D0C827F61A9    2724864    ----a-w-    C:\windows\SysWOW64\mshtml.tlb
2015-02-11 13:11:00    EF05E63ACC834470A07A2E73D519B5FA    418304    ----a-w-    C:\windows\SysWOW64\dxtmsft.dll
2015-02-11 13:11:00    9A91F9B5035F54C2D0BA92CF9B16EE34    2277888    ----a-w-    C:\windows\SysWOW64\iertutil.dll
2015-02-11 13:11:00    994E7459260D315573DD72783D1B78A7    478208    ----a-w-    C:\windows\SysWOW64\ieui.dll
2015-02-11 13:11:00    78A1A938D51D4F83A772123B93EE1612    12829184    ----a-w-    C:\windows\SysWOW64\ieframe.dll
2015-02-11 13:11:00    55A84600EAAF8F1D3F0E6206E2EF6D48    47104    ----a-w-    C:\windows\SysWOW64\jsproxy.dll
2015-02-11 13:11:00    28B2D3CB1B4306D476200D80AF7D87AD    115712    ----a-w-    C:\windows\SysWOW64\ieUnatt.exe
2015-02-11 13:10:58    180168942E4A133C55E7BBF17DA3C142    1155072    ----a-w-    C:\windows\SysWOW64\mshtmlmedia.dll
2015-02-11 13:10:57    F285D499EC42969D963CA49EADA63218    1888256    ----a-w-    C:\windows\SysWOW64\wininet.dll
2015-02-11 13:10:57    9DEE691C8FDBC2DE6957F1AE873C78FC    503296    ----a-w-    C:\windows\SysWOW64\vbscript.dll
2015-02-11 13:10:57    6F10743069DFFC56DEE079204960844E    168960    ----a-w-    C:\windows\SysWOW64\msrating.dll
2015-02-11 13:10:30    793F6658ED65839FDB2957A4884CB63C    1230336    ----a-w-    C:\windows\SysWOW64\WindowsCodecs.dll
2015-02-11 13:10:25    F312300F29620F74E3AF3AF018151935    96768    ----a-w-    C:\windows\SysWOW64\sspicli.dll
2015-02-11 13:10:25    F2A743912D404A8866362836CFE7A648    686080    ----a-w-    C:\windows\SysWOW64\adtschema.dll
2015-02-11 13:10:25    F29BC66CE4A5507A49FB20744A056E61    22016    ----a-w-    C:\windows\SysWOW64\secur32.dll
2015-02-11 13:10:25    4E6934926B4C923CC0FF61C6D77814EF    50176    ----a-w-    C:\windows\SysWOW64\auditpol.exe
2015-02-11 13:10:25    43791D2F736C4E9BE9FE0B33A1E92A5D    60416    ----a-w-    C:\windows\SysWOW64\msobjs.dll
2015-02-11 13:10:25    36F152AE2F64B12771A44EA77124332B    146432    ----a-w-    C:\windows\SysWOW64\msaudite.dll
2015-02-11 13:10:13    E365C7B3EBB96451D3C9DF6B6B6900C2    179200    ----a-w-    C:\windows\SysWOW64\wintrust.dll
2015-02-11 13:10:13    623E143F2DF17C0106A9988F5D7DC878    143872    ----a-w-    C:\windows\SysWOW64\cryptsvc.dll
2015-02-11 13:10:13    0C96A745A76C7DD75C5503E86D968E49    1174528    ----a-w-    C:\windows\SysWOW64\crypt32.dll
2015-02-11 13:10:10    A208DAC2932649CFF82A6A684D8BB1F6    571904    ----a-w-    C:\windows\SysWOW64\oleaut32.dll
2015-02-11 13:10:07    F5142E9A99F44F9CC19A8AF31761F7F9    3221504    ----a-w-    C:\windows\SysWOW64\mstscax.dll
2015-02-11 13:10:05    B3AC14EA18DD0EE517703A86963AED18    131584    ----a-w-    C:\windows\SysWOW64\aaclient.dll
2015-02-11 13:09:42    B3BC38B886CA53C92D52EF724A9F0D45    308224    ----a-w-    C:\windows\SysWOW64\scesrv.dll
2015-02-11 13:09:24    6D227897A458DA8A9518DACDC88F1947    3917760    ----a-w-    C:\windows\SysWOW64\ntoskrnl.exe
2015-02-11 13:09:24    62C93E47A424A8EC79F3CF1719A2DCC6    3972544    ----a-w-    C:\windows\SysWOW64\ntkrnlpa.exe
2015-02-11 13:09:22    97B7E7E3356F7F7FE5B948AB3ED707DD    43008    ----a-w-    C:\windows\SysWOW64\srclient.dll
====== C:\windows\SysWOW64\drivers =====
====== C:\windows\Sysnative =====
2015-02-24 13:16:30    D363FBB2D0223956FF61ADBDBF5499B1    814080    ----a-w-    C:\windows\Sysnative\jscript9diag.dll
2015-02-24 13:16:30    16ACAA0C01F31B39F39446188F6A3593    6041600    ----a-w-    C:\windows\Sysnative\jscript9.dll
2015-02-11 13:11:38    B5746809407BDEB18D9D4769CD9FF24E    414720    ----a-w-    C:\windows\Sysnative\devinv.dll
2015-02-11 13:11:38    7F2F9AACF457CE48CDDBD643FC53487C    227328    ----a-w-    C:\windows\Sysnative\aepdu.dll
2015-02-11 13:11:38    7150E809474BBD4D4AD24B13FA2454E5    1239720    ----a-w-    C:\windows\Sysnative\aitstatic.exe
2015-02-11 13:11:38    64EAD6C9D342E7E0CFCA3559FCBFDDAC    894976    ----a-w-    C:\windows\Sysnative\appraiser.dll
2015-02-11 13:11:38    5C09611AB8D508CC252BB2D5A069D1AC    1098752    ----a-w-    C:\windows\Sysnative\aeinv.dll
2015-02-11 13:11:38    5632EB9633EACCC323CEA2C03A0B4133    762368    ----a-w-    C:\windows\Sysnative\invagent.dll
2015-02-11 13:11:38    47709F1B718859ED8AB5EA3EA3974BEB    609280    ----a-w-    C:\windows\Sysnative\generaltel.dll
2015-02-11 13:11:37    EF4FA1D31D146EA0C04D16E75FCA6BCF    192000    ----a-w-    C:\windows\Sysnative\aepic.dll
2015-02-11 13:11:32    DDACB408E607655EC64269706BFD504C    341504    ----a-w-    C:\windows\Sysnative\schannel.dll
2015-02-11 13:11:31    C1F9E139B8AE80803CE44DC0377CA342    728064    ----a-w-    C:\windows\Sysnative\kerberos.dll
2015-02-11 13:11:31    A46A6C5AD462071B718EBF3C9E117849    309760    ----a-w-    C:\windows\Sysnative\ncrypt.dll
2015-02-11 13:11:31    6A06BCED1DF1CFE8A32E7D10ABAA7188    314880    ----a-w-    C:\windows\Sysnative\msv1_0.dll
2015-02-11 13:11:31    5350A548BEC957978B7014CDFF091542    210944    ----a-w-    C:\windows\Sysnative\wdigest.dll
2015-02-11 13:11:30    8F33880F1863BE3925D3A0121FAC5E8F    86528    ----a-w-    C:\windows\Sysnative\TSpkg.dll
2015-02-11 13:11:30    22E30E28865C32C3CF4F4E0E7E277FDC    22016    ----a-w-    C:\windows\Sysnative\credssp.dll
2015-02-11 13:11:03    71EBA93C5322A52A7E177E03E1AE7161    48640    ----a-w-    C:\windows\Sysnative\ieetwproxystub.dll
2015-02-11 13:11:03    68A2B96528F58D995882FBEB4D9658A5    2724864    ----a-w-    C:\windows\Sysnative\mshtml.tlb
2015-02-11 13:11:03    01A314677CC80041A63ED109B56A76B0    114688    ----a-w-    C:\windows\Sysnative\ieetwcollector.exe
2015-02-11 13:11:02    F42B1DAAB5B7621341243878180446CD    34304    ----a-w-    C:\windows\Sysnative\iernonce.dll
2015-02-11 13:11:02    92BD5080B81EDFA32B0CEE8B923D62C3    77824    ----a-w-    C:\windows\Sysnative\JavaScriptCollectionAgent.dll
2015-02-11 13:11:02    8076BB31004C1D763D5D4AEF9F0BDD4B    718848    ----a-w-    C:\windows\Sysnative\ie4uinit.exe
2015-02-11 13:11:01    1D824B5A200C284E1A546C2C50704471    389808    ----a-w-    C:\windows\Sysnative\iedkcs32.dll
2015-02-11 13:11:00    DF39C79DFC1C063493D2DB9B3237B29F    316928    ----a-w-    C:\windows\Sysnative\dxtrans.dll
2015-02-11 13:11:00    CB2528D522FF1F5A7BF9B27D2FB250FF    1548288    ----a-w-    C:\windows\Sysnative\urlmon.dll
2015-02-11 13:11:00    97F037E09A706ACDA681D740DEE16AE4    968704    ----a-w-    C:\windows\Sysnative\MsSpellCheckingFacility.exe
2015-02-11 13:11:00    76DB5845E168173BBA2D3CCC4B363E42    801280    ----a-w-    C:\windows\Sysnative\msfeeds.dll
2015-02-11 13:11:00    2E4F8664B54426C2F5523665B279E984    4096    ----a-w-    C:\windows\Sysnative\ieetwcollectorres.dll
2015-02-11 13:10:59    7A388AFC6885D22F4D988EE9B8D1291A    800768    ----a-w-    C:\windows\Sysnative\ieapfltr.dll
2015-02-11 13:10:59    512DD29CE6CDCB22EA615286DA7022E7    66560    ----a-w-    C:\windows\Sysnative\iesetup.dll
2015-02-11 13:10:58    A7A3775B0014B165D75A00A1F632E4B5    2885632    ----a-w-    C:\windows\Sysnative\iertutil.dll
2015-02-11 13:10:58    15842FB41A3BF2A2F5071518B38C957A    2125824    ----a-w-    C:\windows\Sysnative\inetcpl.cpl
2015-02-11 13:10:57    D7922F3AC6BF1EA77240E0061D648174    490496    ----a-w-    C:\windows\Sysnative\dxtmsft.dll
2015-02-11 13:10:57    CA3F410410DE9E5234217D33B9628224    633856    ----a-w-    C:\windows\Sysnative\ieui.dll
2015-02-11 13:10:57    A7814E76ED4ACE0694A83F6E4B6A7272    144384    ----a-w-    C:\windows\Sysnative\ieUnatt.exe
2015-02-11 13:10:57    6916B0663357B183B120D1A4DD7DDAB0    54784    ----a-w-    C:\windows\Sysnative\jsproxy.dll
2015-02-11 13:10:56    E0F76B5B904E4F448641B2B506496351    14401024    ----a-w-    C:\windows\Sysnative\ieframe.dll
2015-02-11 13:10:56    A04F0C4A0B80C92F92E854E7157D6466    92160    ----a-w-    C:\windows\Sysnative\mshtmled.dll
2015-02-11 13:10:56    4CE68D160D80AF6C9FDB5C60BA087DA5    1359360    ----a-w-    C:\windows\Sysnative\mshtmlmedia.dll
2015-02-11 13:10:55    BF57C911895454A8874E9DFA5716C624    584192    ----a-w-    C:\windows\Sysnative\vbscript.dll
2015-02-11 13:10:54    9DFE41A69DF70AAB75CB5BA8C1109EA2    2358272    ----a-w-    C:\windows\Sysnative\wininet.dll
2015-02-11 13:10:54    47162151E35EA0B7152B7C841FA21FDB    88064    ----a-w-    C:\windows\Sysnative\MshtmlDac.dll
2015-02-11 13:10:54    4701399F7BA312353ADE8225F6EB512B    199680    ----a-w-    C:\windows\Sysnative\msrating.dll
2015-02-11 13:10:53    CD726C899BD9A398E8420564A957320B    25056256    ----a-w-    C:\windows\Sysnative\mshtml.dll
2015-02-11 13:10:32    4861B9AF67E1B0154A55FDE4B3A61EB9    1424384    ----a-w-    C:\windows\Sysnative\WindowsCodecs.dll
2015-02-11 13:10:27    C97662B6752BFEF07C565D96E8ECC98F    1461760    ----a-w-    C:\windows\Sysnative\lsasrv.dll
2015-02-11 13:10:25    E0105F3B5B1C4B0F5B3D788A13504EC6    31232    ----a-w-    C:\windows\Sysnative\lsass.exe
2015-02-11 13:10:25    BE4927689BA39E18A104986CB1363C97    146432    ----a-w-    C:\windows\Sysnative\msaudite.dll
2015-02-11 13:10:25    94C6BCF9212E20866AC1558A32E9F228    28160    ----a-w-    C:\windows\Sysnative\secur32.dll
2015-02-11 13:10:25    857CED230A6B87E84FCA04B472A3CB1A    136192    ----a-w-    C:\windows\Sysnative\sspicli.dll
2015-02-11 13:10:25    6EAD88B508E4785F4AFDFD24F76E8839    686080    ----a-w-    C:\windows\Sysnative\adtschema.dll
2015-02-11 13:10:25    51BB93FF96AE3882B4AF7CA11000D3A3    64000    ----a-w-    C:\windows\Sysnative\auditpol.exe
2015-02-11 13:10:25    2EE57F4491A402C04FCAA7D012493884    29184    ----a-w-    C:\windows\Sysnative\sspisrv.dll
2015-02-11 13:10:25    1798826FE9FFEA9E93E74A5868559D4A    60416    ----a-w-    C:\windows\Sysnative\msobjs.dll
2015-02-11 13:10:13    E5AF792AB409F600D416CB257C84305D    1480192    ----a-w-    C:\windows\Sysnative\crypt32.dll
2015-02-11 13:10:13    7FC292D1527EDFEBA2576B6789DE6AB5    229376    ----a-w-    C:\windows\Sysnative\wintrust.dll
2015-02-11 13:10:13    19D511CC455C19DE1ADF60E6C39C85B6    187904    ----a-w-    C:\windows\Sysnative\cryptsvc.dll
2015-02-11 13:10:10    AE4FEDD98096C09A8A86E021FC5E9D67    861696    ----a-w-    C:\windows\Sysnative\oleaut32.dll
2015-02-11 13:10:07    2A25F5ACA9DCAF9AE9570DED13A8E078    3722752    ----a-w-    C:\windows\Sysnative\mstscax.dll
2015-02-11 13:09:42    FE72C89986E1BA32AD926A820491F23F    406528    ----a-w-    C:\windows\Sysnative\scesrv.dll
2015-02-11 13:09:28    9819614CA9EFB5A96493B379170B9D89    5554112    ----a-w-    C:\windows\Sysnative\ntoskrnl.exe
2015-02-11 13:09:22    F7A3018D8F1825427BC11E912D5287CD    296960    ----a-w-    C:\windows\Sysnative\rstrui.exe
2015-02-11 13:09:22    D6CDCAF84810641D1D2B455750825ACA    50176    ----a-w-    C:\windows\Sysnative\srclient.dll
2015-02-11 13:09:22    0147AA370862201A443752351F135D31    503808    ----a-w-    C:\windows\Sysnative\srcore.dll
2015-02-11 13:09:11    DF07110F77639E73D0537188703F44F6    3201536    ----a-w-    C:\windows\Sysnative\win32k.sys
====== C:\windows\Sysnative\drivers =====
2015-02-24 14:35:14    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-02-24 14:34:55    A646C2DDB8C46E9B20A326FAF566646C    63704    ----a-w-    C:\windows\Sysnative\drivers\mwac.sys
2015-02-24 14:34:55    478CC94C937D235CB0A96AB8F2359D81    93400    ----a-w-    C:\windows\Sysnative\drivers\mbamchameleon.sys
2015-02-11 13:10:27    E45CDE1C8340DFEDF1D6724263F39E5B    458824    ----a-w-    C:\windows\Sysnative\drivers\cng.sys
2015-02-11 13:10:25    C60C6B9A2E50B0404F6789C62B428C03    95680    ----a-w-    C:\windows\Sysnative\drivers\ksecdd.sys
2015-02-11 13:10:25    78D152A9FD5747FF6AA89C79F0346F62    155072    ----a-w-    C:\windows\Sysnative\drivers\ksecpkg.sys
====== C:\windows\Tasks ======
====== C:\windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
======= C: =====
====== C:\Users\Owner4\AppData\Roaming ======
====== C:\Users\Owner4 ======
2015-02-25 03:03:11    663228228DD603E49B405B321D2457C1    2087424    ----a-w-    C:\Users\Owner4\Desktop\FRST64.exe
2015-02-25 03:02:49    C1AE8D693BCC49653C86A195E74BCA1F    1126912    ----a-w-    C:\Users\Owner4\Downloads\FRST.exe
2015-02-24 12:55:18    9724D52E0645298D8D7AF3D54BCADF7E    784888    ----a-w-    C:\Users\Owner4\Downloads\ReimageRepair.exe

====== C: exe-files ==
2015-02-25 03:03:11    663228228DD603E49B405B321D2457C1    2087424    ----a-w-    C:\Users\Owner4\Desktop\FRST64.exe
2015-02-25 03:02:49    C1AE8D693BCC49653C86A195E74BCA1F    1126912    ----a-w-    C:\Users\Owner4\Downloads\FRST.exe
2015-02-24 13:01:39    CDD90C014E1178BDDFBF8022E69B5FE4    16507936    ----a-w-    C:\Users\Owner4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19QO0RCB\ProtectorPackage2007x64e[1].exe
2015-02-24 13:00:15    8AE1D9232F12B20487A498586A170ADE    295912    ----a-w-    C:\Users\Owner4\AppData\Local\Temp\ReiSysUpdate.exe
2015-02-24 13:00:15    8AE1D9232F12B20487A498586A170ADE    295912    ----a-w-    C:\Users\Owner4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\19QO0RCB\ReiSysUpdate[1].exe
2015-02-24 12:59:45    731F5AEA9D01B8A97412C7E155F123D4    13362280    ----a-w-    C:\Users\Owner4\AppData\Local\Temp\ReimagePackage.exe
2015-02-24 12:59:45    731F5AEA9D01B8A97412C7E155F123D4    13362280    ----a-w-    C:\Users\Owner4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7A2SVWH\ReimagePackage1808x64d[1].exe
2015-02-24 12:55:18    9724D52E0645298D8D7AF3D54BCADF7E    784888    ----a-w-    C:\Users\Owner4\Downloads\ReimageRepair.exe
2015-02-24 12:51:43    C5FD49B0561203A17BBF947738CB124A    41186896    ----a-w-    C:\Program Files (x86)\Google\Update\Install\{DC92AFA3-35FA-4EB8-B24F-7B186A37DF70}\40.0.2214.115_chrome_installer.exe
2015-02-24 12:51:29    C5FD49B0561203A17BBF947738CB124A    41186896    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.115\40.0.2214.115_chrome_installer.exe
=== C: other files ==
2015-02-24 14:35:14    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-02-24 14:34:55    A646C2DDB8C46E9B20A326FAF566646C    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
2015-02-24 14:34:55    478CC94C937D235CB0A96AB8F2359D81    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2962928441-3583004551-1946495101-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe  /ini C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini /fromrun /starthidden"
"ComcastAntispyClient"="C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe /hide"
"Itibiti.exe"="C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"
"WebrootTrayApp"="C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"TSleepSrv"=""%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Desktop Software"="C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe  /ini C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini /fromrun /starthidden"
"ComcastAntispyClient"="C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe /hide"
"Itibiti.exe"="C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\windows\system32\hkcmd.exe"
"Persistence"="C:\windows\system32\igfxpers.exe"
"SmartAudio"="C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t"
"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"
"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"
"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "
"TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r"
"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "
"TosSENotify"=""C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe""
"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "
"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "

==== Startup Folders ======================

2011-06-22 23:37:38    838    ----a-w-    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2011-06-22 23:37:38    838    ----a-w-    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
2012-04-18 23:22:36    1942    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [02/24/2015 08:38 AM]
C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/28/2014 05:53 AM]
C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/28/2014 05:53 AM]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 02/24/2015 at 22:17:35.86 ======================
 



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:31 PM

Posted 25 February 2015 - 12:14 PM

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

Scan with mbam.pngMalwarebytes Anti-Malware
  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine All" [5]. Then click the button: Apply Actions. [6]
  • A window with an option to view the detailed log will appear.
    mbamlog.png
  • Click on "View detailed log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.
mbameng.gif

Step 3

51a612a8b27e2-Zoek.png Fix with ZOEK

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
    createsrpoint;
    emptyclsid;
    autoclean;
    CHRdefaults;
    iedefaults;
    FFdefaults;
    
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)
Post its content into your next reply.

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:31 PM

Posted 03 March 2015 - 04:23 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users