Jump to content

Search Assist virus removal help please


RSD

Recommended Posts

I have been having issues with Search Assist virus. (highlights words on webpages, also opens random windows.)

 

My Norton comes up clean and so does Malwarebytes. 

 

I hope I've followed instructions correctly. Thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Scott Duncan at 9:25:22 on 2014-01-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6092.2981 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Scott Duncan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\Scott Duncan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uProxyOverride = <local>;*.local
mWinlogon: Userinit = userinit.exe,
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [AdobeBridge] <no file>
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [FromDocToPDF_65 Browser Plugin Loader 64] C:\Program Files (x86)\FromDocToPDF_65\bar\1.bin\65brmon64.exe
mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
StartupFolder: C:\Users\SCOTTD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Scott Duncan\AppData\Roaming\Dropbox\bin\Dropbox.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\windows\System32\Sendori.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{67F1370F-606D-498D-BD2A-65969E2A1AF2} : DHCPNameServer = 172.16.254.1 172.16.254.2
TCP: Interfaces\{C534BED8-08EE-4E37-9D62-7ABEE88C5A79} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C534BED8-08EE-4E37-9D62-7ABEE88C5A79}\2616C64716F6 : DHCPNameServer = 24.223.107.5 24.72.200.5
TCP: Interfaces\{C534BED8-08EE-4E37-9D62-7ABEE88C5A79}\34F666665656245616E675966496 : DHCPNameServer = 192.168.180.1
TCP: Interfaces\{C534BED8-08EE-4E37-9D62-7ABEE88C5A79}\448415 : DHCPNameServer = 206.13.29.12 206.13.30.12
TCP: Interfaces\{C534BED8-08EE-4E37-9D62-7ABEE88C5A79}\5535755487475627E616C6 : DHCPNameServer = 4.2.2.2 4.2.2.3
TCP: Interfaces\{C534BED8-08EE-4E37-9D62-7ABEE88C5A79}\65562796A7F6E602353484D2C4341313026363236302355636572756 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{C534BED8-08EE-4E37-9D62-7ABEE88C5A79}\84F64756C602D4169716 : DHCPNameServer = 8.8.8.8 8.8.4.4 208.67.222.222
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exe
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Scott Duncan\AppData\Roaming\Mozilla\Firefox\Profiles\7hg38fl3.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\Streaming Client\nprade.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Scott Duncan\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1404000.028\symds64.sys [2013-6-15 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1404000.028\symefa64.sys [2013-6-15 1139800]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1404000.028\ccsetx64.sys [2013-6-15 169048]
R1 cdfdrv;cdfdrv;C:\windows\System32\drivers\cdfdrv.sys [2011-3-1 38448]
R1 ctxpidmn;ctxpidmn;C:\windows\System32\drivers\ctxpidmn.sys [2011-6-30 83288]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20140123.001\IDSviA64.sys [2014-1-23 521944]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1404000.028\ironx64.sys [2013-6-15 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1404000.028\symnets.sys [2013-6-15 433752]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2013-7-1 119072]
R2 CtxSbx;CtxSbx;C:\windows\System32\drivers\CtxSbx.sys [2011-6-30 309080]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-12-12 350792]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2014-1-7 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2014-1-7 701512]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccsvchst.exe [2013-6-15 144368]
R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2013-12-26 132504]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [2011-8-18 126392]
R2 RadeHlprSvc;Citrix Streaming Helper Service;C:\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe [2011-7-19 210864]
R2 RadeSvc;Citrix Streaming Service;C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe [2011-7-19 1034152]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2013-7-1 22304]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2013-7-1 3623200]
R2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-6-21 92632]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2011-3-2 266680]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-18 2656280]
R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-11-2 1042808]
R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-11-2 270704]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-20 137648]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2014-1-7 25928]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-8-18 38096]
R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-8-18 1109096]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-8-18 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-8 137632]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2010-12-20 822704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-15 111616]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-8-18 250984]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-8-18 307304]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-6 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S3 WsAudio_Device(1);WsAudio_Device(1);C:\windows\System32\drivers\VirtualAudio1.sys [2013-11-2 31080]
S3 WsAudio_Device(2);WsAudio_Device(2);C:\windows\System32\drivers\VirtualAudio2.sys [2013-11-2 31080]
S3 WsAudio_Device(3);WsAudio_Device(3);C:\windows\System32\drivers\VirtualAudio3.sys [2013-11-2 31080]
S3 WsAudio_Device(4);WsAudio_Device(4);C:\windows\System32\drivers\VirtualAudio4.sys [2013-11-2 31080]
S3 WsAudio_Device(5);WsAudio_Device(5);C:\windows\System32\drivers\VirtualAudio5.sys [2013-11-2 31080]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-01-21 14:57:21 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-17 15:24:24 -------- d-----w- C:\Program Files\Western Digital
2014-01-16 18:56:52 -------- d-----w- C:\Users\Scott Duncan\AppData\Local\Western Digital
2014-01-16 18:56:42 -------- d-----w- C:\Users\Scott Duncan\AppData\Local\Western_Digital_Technolog
2014-01-16 18:55:46 -------- d-----w- C:\Program Files\Common Files\Western Digital
2014-01-16 18:55:11 -------- d-----w- C:\Program Files (x86)\Western Digital
2014-01-16 18:55:11 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital
2014-01-16 18:54:37 -------- d-----w- C:\ProgramData\Western Digital
2014-01-16 06:50:22 -------- d-----r- C:\Users\Scott Duncan\Dropbox
2014-01-16 06:49:34 -------- d-----w- C:\Users\Scott Duncan\AppData\Roaming\DropboxMaster
2014-01-16 06:48:53 -------- d-----w- C:\Users\Scott Duncan\AppData\Roaming\Dropbox
2014-01-15 15:32:59 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2014-01-15 15:32:59 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2014-01-15 15:32:59 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys
2014-01-15 15:32:59 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2014-01-15 15:32:59 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2014-01-15 15:32:59 3156480 ----a-w- C:\windows\System32\win32k.sys
2014-01-15 15:32:59 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2014-01-15 15:32:59 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2014-01-15 15:32:58 376768 ----a-w- C:\windows\System32\drivers\netio.sys
2014-01-09 22:43:12 -------- d-----w- C:\Users\Scott Duncan\AppData\Local\Mozilla
2014-01-07 17:50:32 -------- d-----w- C:\Users\Scott Duncan\AppData\Roaming\Malwarebytes
2014-01-07 17:50:27 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-07 17:50:26 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-01-07 17:50:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-26 15:11:58 -------- d-----w- C:\Program Files (x86)\GUM7104.tmp
.
==================== Find3M  ====================
.
2014-01-24 05:27:44 60 ----a-w- C:\windows\wpd99.drv
2014-01-18 20:28:07 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-18 20:28:07 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-12-11 02:58:15 9272200 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll
2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll
2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-10-30 02:32:01 335360 ----a-w- C:\windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\windows\SysWow64\msieftp.dll
2012-09-17 22:48:02 4096000 ----a-w- C:\Program Files (x86)\GUT46F2.tmp
.
============= FINISH:  9:26:24.77 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2011 11:25:55 AM
System Uptime: 1/24/2014 6:53:14 AM (3 hours ago)
.
Motherboard: Intel Corp. |  | Base Board Product Name
Processor: Intel® Pentium® CPU B940 @ 2.00GHz | CPU1 | 1800/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 344.784 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 1/15/2014 10:11:38 PM - Windows Update
RP169: 1/16/2014 9:12:23 AM - Windows Backup
RP170: 1/17/2014 7:17:20 AM - WD SmartWare Installer
RP171: 1/21/2014 6:56:19 AM - Installed Java 7 Update 51
.
==== Installed Programs ======================
.
7-Zip 9.21
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 12 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.6 64-bit
Adobe Reader X (10.1.9) MUI
Amazon Links
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
Bejeweled 3
Bonjour
Chuzzle Deluxe
Citrix Offline Plug-in
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Conexant HD Audio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dropbox
FATE - The Traitor Soul
FileOpener
FileOpener Packages
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
iCloud
IHA_MessageCenter
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iTunes
Java 7 Update 51
Java Auto Updater
Java 6 Update 37
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
Label@Once 1.0
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Mozilla Firefox 26.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
Music Manager
Nik Collection
Norton Internet Security
Norton PC Checkup
PDF Settings CS5
Pdf995
PdfEdit995
Penguins!
Photomatix Pro version 4.1.3
Photomatix Pro version 4.2.7
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
QuickTime
Realtek USB 2.0 Reader Driver
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Sendori
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Shopping Sidekick Plugin
Signature995
Skype Click to Call
Skype Launcher
Skype™ 6.11
Smart Shooter 2
Synaptics Pointing Device Driver
Tom Clancy's Splinter Cell
TomTom HOME
TomTom HOME Visual Studio Merge Modules
Toshiba App Place
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBA Wireless LAN Indicator
ToshibaRegistration
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
Update Installer for WildTangent Games App
Vz In-Home Agent
Vz In Home Agent
WD Drive Utilities
WD Quick View
WD Security
WD SmartWare
WD SmartWare Installer
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zuma's Revenge
.
==== Event Viewer Messages From Past Week ========
.
1/23/2014 6:46:26 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
1/23/2014 2:32:53 PM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
1/23/2014 10:33:06 PM, Error: Service Control Manager [7031]  - The Service Sendori service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
1/22/2014 5:14:36 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
1/18/2014 8:05:38 PM, Error: Service Control Manager [7034]  - The sndappv2 service terminated unexpectedly.  It has done this 1 time(s).
1/18/2014 8:05:38 PM, Error: Service Control Manager [7022]  - The Service Sendori service hung on starting.
1/18/2014 10:51:58 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
1/17/2014 11:32:46 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
1/17/2014 11:32:46 AM, Error: Service Control Manager [7000]  - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

Link to post
Share on other sites

  • Replies 61
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum.

Please download and run RogueKiller 32 Bit to your desktop.

RogueKiller 64 Bit <---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

General P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Safe mode with network support

User : Scott Duncan [Admin rights]

Mode : Scan -- Date : 01/24/2014 12:43:15

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 2 ¤¤¤

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Browser Addons : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA MK5065GSXN +++++

--- User ---

[MBR] 3e9a016685c6618b6849560ab575eb30

[bSP] 63885d87e66f1c5e0588240d5acca9d1 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 461381 Mo

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 947982336 | Size: 14058 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_01242014_124315.txt >>
Link to post
Share on other sites

Please start with this procedure:

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a FULL Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.017 - Report created 24/01/2014 at 13:33:43

# Updated 12/01/2014 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Scott Duncan - SCOTTDUNCAN-PC

# Running from : C:\Users\Scott Duncan\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\Program Files (x86)\Shopping Sidekick Plugin

Folder Deleted : C:\Users\Scott Duncan\AppData\Local\Shopping Sidekick Plugin

Folder Deleted : C:\Users\Scott Duncan\AppData\Local\Wajam

Folder Deleted : C:\Users\SCOTTD~1\AppData\Local\Temp\boost_interprocess

Folder Deleted : C:\Users\Scott Duncan\AppData\Roaming\Funmoods

Folder Deleted : C:\Users\Scott Duncan\AppData\Roaming\pccustubinstaller

File Deleted : C:\END

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector

Key Deleted : HKLM\SOFTWARE\Classes\FromDocToPDF_65.ToolbarProtector.1

Key Deleted : HKLM\SOFTWARE\Classes\PCProxy.DataContainer

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho

Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\App24x7Help_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [FromDocToPDF_65 Browser Plugin Loader 64]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9DC8FA51-B596-4F77-802C-5B295919C205}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3E28F712-0D6C-4EE3-AC8C-8F060F5D7C33}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6CE321DA-DC11-45C6-A0FC-4E8A7D978ABC}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EEBC7FF-67DA-4B90-9251-C2C5696E4B48}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{74137531-80F7-406F-9543-7D11385FA8C8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{832599B2-55BF-4437-8F3E-030CF5AEB262}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9B7B034B-944A-4261-B487-862F642F7615}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE84501A-2CB6-41D6-B3A7-9679BDBDFA0B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DD67706E-819E-4EBD-BF8D-6D6147CC7A49}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F62A4AF9-58B4-4FEC-89CC-D717A547D8E8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220222182202}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D8AEB1D-4ED4-44AC-A039-4775B2575DB0}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{36B445BF-1B84-466A-A623-A360A8CFF8C3}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181102}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{36B445BF-1B84-466A-A623-A360A8CFF8C3}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6CBF5C01-C876-481B-867E-111CB1D2A7D6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660266186602}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\installedbrowserextensions

Key Deleted : HKCU\Software\AppDataLow\Software\Shopping Sidekick Plugin

Key Deleted : HKLM\Software\InstallCore

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick Plugin

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.16428

 

 

-\\ Mozilla Firefox v26.0 (en-US)

 

[ File : C:\Users\Scott Duncan\AppData\Roaming\Mozilla\Firefox\Profiles\7hg38fl3.default\prefs.js ]

 

 

-\\ Google Chrome v32.0.1700.76

 

[ File : C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [7046 octets] - [24/01/2014 13:09:35]

AdwCleaner[s0].txt - [6623 octets] - [24/01/2014 13:33:43]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6683 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2014.01.24.07

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 11.0.9600.16476

Scott Duncan :: SCOTTDUNCAN-PC [administrator]

 

1/24/2014 1:44:57 PM

MBAM-log-2014-01-24 (16-01-35).txt

 

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 436723

Time elapsed: 1 hour(s), 36 minute(s), 31 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 4

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin-bg.exe.vir (PUP.215Apps) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick Plugin.exe.vir (PUP.215Apps) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Shopping Sidekick PluginGui.exe.vir (PUP.215Apps) -> No action taken.

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Shopping Sidekick Plugin\Uninstall.exe.vir (PUP.215Apps) -> No action taken.

 

(end)
Link to post
Share on other sites

Do I have the all clear? Can I delete the log reports?

 

Just wondering. My trial version of Malwarebytes expired yesterday. What are the benefits of paying for the pro version? It seemed to update the definitions today successfully.

 

I may want to purchase the pro version. If it Malwarebytes didn't detect the Search Assist thing to begin with, is this process necessary all the time? What's the point? 

 

I was just laid off from my job after 25 years so I'm really struggling, but I'd like to donate for your time. I just don't think I can afford to donate, plus purchase the pro version. Are you paid through purchasing the pro version or is it two separate transactions. Thanks again.

Link to post
Share on other sites

Do I have the all clear? Can I delete the log reports?

Is it OK now???
We'll clean up everything when we're done.

Just wondering. My trial version of Malwarebytes expired yesterday. What are the benefits of paying for the pro version? It seemed to update the definitions today successfully.

You'll get realtime protection

I may want to purchase the pro version. If it Malwarebytes didn't detect the Search Assist thing to begin with, is this process necessary all the time? What's the point?

You most likely downloaded it yourself or it came with something you download.
No one program will protect you from everything.

I was just laid off from my job after 25 years so I'm really struggling, but I'd like to donate for your time. I just don't think I can afford to donate, plus purchase the pro version. Are you paid through purchasing the pro version or is it two separate transactions. Thanks again.

I'm not paid by anyone for anything I do here, I'm not part of the staff of Malwarebytes, like it says in my signature.....

I volunteer my free time to help you

Purchase the Pro version if you can!

Let me know how it is.

If all is OK......

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.79  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  

``````````````Antivirus/Firewall Check:`````````````` 

 Windows Firewall Enabled!  

Norton Internet Security   

 WMI entry may not exist for antivirus; attempting automatic update. 

`````````Anti-malware/Other Utilities Check:````````` 

 Malwarebytes Anti-Malware version 1.75.0.1300  

 Java 6 Update 37  

 Java 7 Update 51  

  Adobe Flash Player 12.0.0.43 Flash Player out of Date!  

 Adobe Reader 10.1.9 Adobe Reader out of Date!  

 Mozilla Firefox (26.0) 

 Google Chrome 31.0.1650.63  

 Google Chrome 32.0.1700.76  

````````Process Check: objlist.exe by Laurent````````  

 Norton ccSvcHst.exe 

 Malwarebytes Anti-Malware mbamservice.exe  

 Malwarebytes Anti-Malware mbamgui.exe  

 Malwarebytes' Anti-Malware mbamscheduler.exe   

`````````````````System Health check````````````````` 

 Total Fragmentation on Drive C: 4% 

````````````````````End of Log`````````````````````` 

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Java™ 6 Update 37 <-----please uninstall from your add/remove programs

Java 7 Update 51 <----OK


---------------------------

Adobe Flash Player 12.0.0.43 Flash Player out of Date! <------ Check for an update if available. Downloads are on top.

---------------------------

Adobe Reader 10.1.9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-------------------------------

Any questions...please post back.
If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Darn, after checking my computer, and purchasing Pro, Search Assist is happening again. 

 

I'm not getting new windows opening in my browser (yet), but some text on different sites, not all, are highlighting different words. I hover over and it basically has a drop down with an ad, and at the top it says "search assist". 

 

I ran a quick scan. Below is the results. I also notice that the quarantined items from before were not deleted out of the Malwarebytes tab. I just deleted them.

 

Let me know what I should try. Laptop is running a lot better though.

 

It now only seems to be happening when using Chrome, not Firefox. It was the other way around before, in fact, I could barely use Firefox it was so bad. Please advise.

Link to post
Share on other sites

Please download Farbar Recovery Scan Tool and save it to a folder. (use correct version for your system.....Which system am I using?)

Please make sure you click download buttons that look similar to this, not "sponsored ad links":

bleep-crop.jpg

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-01-2014 01

Ran by Scott Duncan (administrator) on SCOTTDUNCAN-PC on 25-01-2014 16:21:36

Running from C:\Users\Scott Duncan\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 11

Boot Mode: Safe Mode (with Networking)

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Processes (Whitelisted) =================

 

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (4).exe

 

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [] - [x]

HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)

HKLM\...\Run: [smartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [Teco] - C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)

HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)

HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294712 2010-11-29] (TOSHIBA Corporation)

HKLM-x32\...\Run: [NortonOnlineBackupReminder] - C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)

HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [AdobeCS5ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sendori Tray] - C:\Program Files (x86)\Sendori\SendoriTray.exe [83232 2013-07-01] (Sendori, Inc.)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [bCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)

HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)

HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-18] (Google Inc.)

HKCU\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)

HKCU\...\Run: [AdobeBridge] - [x]

HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [247768 2012-06-21] (TomTom)

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)

HKCU\...\Run: [Google Update] - C:\Users\Scott Duncan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-04] (Google Inc.)

HKCU\...\Run: [MusicManager] - C:\Users\Scott Duncan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-11] (Google Inc.)

MountPoints2: {482bca46-224a-11e3-a535-e89a8f990259} - E:\VZW_Software_upgrade_assistant.exe

Startup: C:\Users\Scott Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\Scott Duncan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com

SearchScopes: HKLM - DefaultScope {CD0DBE38-5D83-4061-BA5C-C1A7017210EA} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKLM - {CD0DBE38-5D83-4061-BA5C-C1A7017210EA} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKLM-x32 - {B372E8AC-5789-48CE-83A5-5EF1EEB72CDB} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKCU - DefaultScope {D7FE2FED-6478-45EC-AED2-067A2F0040F2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS456

SearchScopes: HKCU - {35911AEB-D0E7-4D2B-94A9-B57ADB84C714} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^TV&apn_dtid=^OSJ000^YY^US&apn_uid=70274424-1643-4AD4-9420-7DB3F95C3E29&apn_sauid=B362E8F8-CF48-419B-845E-45E150D4DA48

SearchScopes: HKCU - {B372E8AC-5789-48CE-83A5-5EF1EEB72CDB} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF

SearchScopes: HKCU - {CD0DBE38-5D83-4061-BA5C-C1A7017210EA} URL = 

SearchScopes: HKCU - {D7FE2FED-6478-45EC-AED2-067A2F0040F2} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF_enUS456

BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {55963676-2F5E-4BAF-AC28-CF26AA587566} https://sslvpn.usawest.org/CACHE/stc/1/binaries/vpnweb.cab

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Winsock: Catalog9 01 C:\windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 02 C:\windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 03 C:\windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 04 C:\windows\SysWOW64\Sendori.dll [325920] (Sendori)

Winsock: Catalog9 15 C:\windows\SysWOW64\Sendori.dll [325920] (Sendori)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\Scott Duncan\AppData\Roaming\Mozilla\Firefox\Profiles\7hg38fl3.default

FF Homepage: www.google.com

FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()

FF Plugin: @microsoft.com/GENUINE - disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @citrix.com/Citrix Offline Plug-in - C:\Program Files (x86)\Citrix\Streaming Client\nprade.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @microsoft.com/GENUINE - disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Scott Duncan\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Scott Duncan\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icafile.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll ()

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll (Citrix Systems, Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll (Citrix Systems, Inc.)

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-05-26]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-05-26]

FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-05-26]

FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-08-23]

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\coFFPlgn\ []

FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF

FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\IPSFF [2013-10-09]

 

Chrome: 

=======


CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)

CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Java Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File

CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File

CHR Extension: (Google Docs) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-11]

CHR Extension: (Google Drive) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-11]

CHR Extension: (YouTube) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-11]

CHR Extension: (Google Search) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-11]

CHR Extension: (WiseStamp Web) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp [2014-01-09]

CHR Extension: (BBC Good Food) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja [2013-08-11]

CHR Extension: (MWAddon Chromium Client) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe [2013-08-11]

CHR Extension: (Norton Identity Protection) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-08-11]

CHR Extension: (Google Wallet) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]

CHR Extension: (Gmail) - C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-11]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-05-14]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2013-12-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

S2 Application Sendori; C:\Program Files (x86)\Sendori\SendoriSvc.exe [119072 2013-07-01] (Sendori, Inc.)

S2 CdfSvc; C:\Program Files (x86)\Common Files\Citrix\System32\CdfSvc.exe [321448 2011-05-03] (Citrix Systems, Inc.)

S2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-20] (Symantec Corporation)

S2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2013-12-26] (Symantec Corporation)

S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.10.26\ccSvcHst.exe [126392 2011-02-03] (Symantec Corporation)

S2 RadeHlprSvc; C:\Program Files (x86)\Citrix\Streaming Client\RadeHlprSvc.exe [210864 2011-07-19] (Citrix Systems, Inc.)

S2 RadeSvc; C:\Program Files (x86)\Citrix\Streaming Client\RadeSvc.exe [1034152 2011-07-19] (Citrix Systems, Inc.)

S2 Service Sendori; C:\Program Files (x86)\Sendori\Sendori.Service.exe [22304 2013-07-01] (sendori)

S2 sndappv2; C:\Program Files (x86)\Sendori\sndappv2.exe [3623200 2013-07-01] (Sendori)

S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)

S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)

 

==================== Drivers (Whitelisted) ====================

 

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)

S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)

S1 cdfdrv; C:\Windows\System32\DRIVERS\cdfdrv.sys [38448 2011-03-01] (Citrix Systems, Inc.)

S1 ctxpidmn; C:\Windows\System32\DRIVERS\ctxpidmn.sys [83288 2011-06-30] (Citrix Systems, Inc.)

S2 CtxSbx; C:\Windows\System32\DRIVERS\CtxSbx.sys [309080 2011-06-30] (Citrix Systems, Inc.)

S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-27] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)

S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\IPSDefs\20140124.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140125.005\ENG64.SYS [126040 2013-11-27] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.1.22\Definitions\VirusDefs\20140125.005\EX64.SYS [2099288 2013-11-27] (Symantec Corporation)

S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-15] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-20] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-22] (Symantec Corporation)

S3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-17] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)

S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)

S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)

S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)

S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)

S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)

S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)

S3 vpnva; system32\DRIVERS\vpnva64.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-01-25 16:21 - 2014-01-25 16:21 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (4).exe

2014-01-25 08:11 - 2014-01-25 08:12 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64(1).exe

2014-01-25 08:10 - 2014-01-25 08:10 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (3).exe

2014-01-25 07:59 - 2014-01-25 07:59 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (2).exe

2014-01-25 07:58 - 2014-01-25 07:58 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (1).exe

2014-01-25 07:57 - 2014-01-25 16:22 - 00027406 _____ C:\Users\Scott Duncan\Downloads\FRST.txt

2014-01-25 07:56 - 2014-01-25 07:56 - 00000000 ____D C:\FRST

2014-01-25 07:55 - 2014-01-25 07:56 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64.exe

2014-01-24 19:07 - 2013-12-18 21:10 - 00877480 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll

2014-01-24 19:07 - 2013-12-18 21:10 - 00800168 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll

2014-01-24 18:40 - 2014-01-24 18:40 - 00987425 _____ C:\Users\Scott Duncan\Downloads\SecurityCheck.exe

2014-01-24 13:09 - 2014-01-24 13:34 - 00000000 ____D C:\AdwCleaner

2014-01-24 13:08 - 2014-01-24 13:08 - 01236282 _____ C:\Users\Scott Duncan\Downloads\AdwCleaner.exe

2014-01-24 12:41 - 2014-01-24 12:41 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64 (3).exe

2014-01-24 12:04 - 2014-01-24 12:04 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64 (2).exe

2014-01-24 12:01 - 2014-01-24 12:01 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64 (1).exe

2014-01-24 11:45 - 2014-01-24 11:45 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64.exe

2014-01-24 11:37 - 2014-01-24 11:37 - 00000017 _____ C:\Users\Scott Duncan\AppData\Local\resmon.resmoncfg

2014-01-22 20:24 - 2014-01-22 20:24 - 15977447 _____ C:\Users\Scott Duncan\Downloads\11th Street Long Beach.zip

2014-01-21 06:57 - 2014-01-21 06:57 - 00005175 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-21 06:57 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-01-21 06:57 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe

2014-01-21 06:57 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe

2014-01-21 06:57 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe

2014-01-17 07:24 - 2014-01-17 07:24 - 00000000 ____D C:\Program Files\Western Digital

2014-01-16 11:33 - 2014-01-16 11:33 - 00000000 ____D C:\windows\System32\Tasks\Western Digital

2014-01-16 11:12 - 2014-01-16 11:12 - 00000000 ____D C:\Users\Scott Duncan\Downloads\WDFirmwareUpdater

2014-01-16 11:11 - 2014-01-16 11:11 - 02112847 _____ C:\Users\Scott Duncan\Downloads\WDFirmwareUpdater.zip

2014-01-16 10:56 - 2014-01-25 07:03 - 00008192 _____ C:\windows\SysWOW64\WDPABKP.dat

2014-01-16 10:56 - 2014-01-16 10:56 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\Western_Digital_Technolog

2014-01-16 10:56 - 2014-01-16 10:56 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\Western Digital

2014-01-16 10:55 - 2014-01-17 07:24 - 00000000 ____D C:\Program Files\Common Files\Western Digital

2014-01-16 10:55 - 2014-01-17 07:24 - 00000000 ____D C:\Program Files (x86)\Western Digital

2014-01-16 10:55 - 2014-01-16 10:55 - 00001208 _____ C:\Users\Public\Desktop\WD Security.lnk

2014-01-16 10:55 - 2014-01-16 10:55 - 00001128 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk

2014-01-16 10:54 - 2014-01-17 07:24 - 00000000 ____D C:\ProgramData\Western Digital

2014-01-16 10:07 - 2014-01-16 10:07 - 00000000 ____D C:\Users\Scott Duncan\Documents\Taxes

2014-01-16 10:06 - 2014-01-16 10:07 - 00000000 ____D C:\Users\Scott Duncan\Documents\Photography Biz

2014-01-15 22:52 - 2014-01-15 22:52 - 00001268 _____ C:\Users\Scott Duncan\Downloads\Getting Started.txt

2014-01-15 22:50 - 2014-01-25 16:18 - 00000000 ___RD C:\Users\Scott Duncan\Dropbox

2014-01-15 22:50 - 2014-01-15 22:50 - 00001064 _____ C:\Users\Scott Duncan\Desktop\Dropbox.lnk

2014-01-15 22:49 - 2014-01-15 22:50 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\DropboxMaster

2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-01-15 22:48 - 2014-01-25 07:30 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Dropbox

2014-01-15 22:48 - 2014-01-15 22:48 - 37660568 _____ (Dropbox, Inc.) C:\Users\Scott Duncan\Downloads\Dropbox 2.6.2.exe

2014-01-15 21:24 - 2014-01-15 21:24 - 17660184 _____ (Google Inc.) C:\Users\Scott Duncan\Downloads\picasa39-setup.exe

2014-01-15 07:32 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys

2014-01-15 07:32 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys

2014-01-15 07:32 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys

2014-01-15 07:32 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys

2014-01-15 07:32 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys

2014-01-15 07:32 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys

2014-01-15 07:32 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys

2014-01-15 07:32 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys

2014-01-15 07:32 - 2013-11-26 02:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-01-09 19:48 - 2014-01-16 12:15 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-09 19:13 - 2014-01-09 19:13 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-01-09 19:13 - 2014-01-09 19:13 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Mozilla

2014-01-09 19:13 - 2014-01-09 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-09 19:12 - 2014-01-09 19:12 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0 (3).exe

2014-01-09 14:47 - 2014-01-09 14:47 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0 (2).exe

2014-01-09 14:46 - 2014-01-09 14:46 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0 (1).exe

2014-01-09 14:43 - 2014-01-09 14:43 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\Mozilla

2014-01-09 14:41 - 2014-01-09 14:41 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0.exe

2014-01-07 09:50 - 2014-01-07 09:50 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-07 09:50 - 2014-01-07 09:50 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Malwarebytes

2014-01-07 09:50 - 2014-01-07 09:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-07 09:50 - 2014-01-07 09:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-07 09:50 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

2014-01-07 09:49 - 2014-01-07 09:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Scott Duncan\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important(3)

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important(2)

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important(1)

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important

2013-12-30 08:32 - 2013-12-30 08:32 - 00097286 _____ C:\Users\Scott Duncan\Downloads\Benefits

2013-12-26 07:11 - 2013-12-26 07:12 - 00000000 ____D C:\Program Files (x86)\GUM7104.tmp

 

==================== One Month Modified Files and Folders =======

 

2014-01-25 16:22 - 2014-01-25 07:57 - 00027406 _____ C:\Users\Scott Duncan\Downloads\FRST.txt

2014-01-25 16:21 - 2014-01-25 16:21 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (4).exe

2014-01-25 16:18 - 2014-01-15 22:50 - 00000000 ___RD C:\Users\Scott Duncan\Dropbox

2014-01-25 16:18 - 2011-08-18 11:37 - 01498204 _____ C:\windows\WindowsUpdate.log

2014-01-25 16:14 - 2013-09-04 17:09 - 00000884 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2949255578-4130258502-838744892-1000Core.job

2014-01-25 16:08 - 2011-08-18 12:24 - 00000908 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-01-25 16:01 - 2013-09-04 17:09 - 00000936 _____ C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2949255578-4130258502-838744892-1000UA.job

2014-01-25 16:01 - 2011-08-18 12:24 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-01-25 16:00 - 2012-04-07 01:48 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job

2014-01-25 08:12 - 2014-01-25 08:11 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64(1).exe

2014-01-25 08:12 - 2012-01-03 19:33 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\CrashDumps

2014-01-25 08:10 - 2014-01-25 08:10 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (3).exe

2014-01-25 07:59 - 2014-01-25 07:59 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (2).exe

2014-01-25 07:58 - 2014-01-25 07:58 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64 (1).exe

2014-01-25 07:56 - 2014-01-25 07:56 - 00000000 ____D C:\FRST

2014-01-25 07:56 - 2014-01-25 07:55 - 02077696 _____ (Farbar) C:\Users\Scott Duncan\Downloads\FRST64.exe

2014-01-25 07:33 - 2012-03-17 17:25 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Skype

2014-01-25 07:30 - 2014-01-15 22:48 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Dropbox

2014-01-25 07:11 - 2009-07-13 20:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-01-25 07:11 - 2009-07-13 20:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-01-25 07:03 - 2014-01-16 10:56 - 00008192 _____ C:\windows\SysWOW64\WDPABKP.dat

2014-01-25 07:02 - 2009-07-13 21:08 - 00000006 ____H C:\windows\Tasks\SA.DAT

2014-01-25 07:02 - 2009-07-13 20:51 - 00112584 _____ C:\windows\setupact.log

2014-01-24 19:07 - 2012-03-01 05:44 - 00000000 ____D C:\Program Files (x86)\Java

2014-01-24 18:40 - 2014-01-24 18:40 - 00987425 _____ C:\Users\Scott Duncan\Downloads\SecurityCheck.exe

2014-01-24 18:03 - 2013-05-01 17:06 - 00000000 ____D C:\Users\Scott Duncan\Documents\Resume Update 2013

2014-01-24 16:03 - 2010-11-20 19:47 - 00112796 _____ C:\windows\PFRO.log

2014-01-24 13:34 - 2014-01-24 13:09 - 00000000 ____D C:\AdwCleaner

2014-01-24 13:08 - 2014-01-24 13:08 - 01236282 _____ C:\Users\Scott Duncan\Downloads\AdwCleaner.exe

2014-01-24 12:41 - 2014-01-24 12:41 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64 (3).exe

2014-01-24 12:04 - 2014-01-24 12:04 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64 (2).exe

2014-01-24 12:01 - 2014-01-24 12:01 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64 (1).exe

2014-01-24 11:45 - 2014-01-24 11:45 - 04380160 _____ C:\Users\Scott Duncan\Downloads\RogueKillerX64.exe

2014-01-24 11:37 - 2014-01-24 11:37 - 00000017 _____ C:\Users\Scott Duncan\AppData\Local\resmon.resmoncfg

2014-01-23 21:27 - 2011-11-19 09:54 - 00000060 _____ C:\windows\wpd99.drv

2014-01-23 21:27 - 2011-11-19 09:54 - 00000000 ____D C:\ProgramData\pdf995

2014-01-22 20:24 - 2014-01-22 20:24 - 15977447 _____ C:\Users\Scott Duncan\Downloads\11th Street Long Beach.zip

2014-01-22 12:41 - 2009-07-13 21:13 - 00005156 _____ C:\windows\system32\PerfStringBackup.INI

2014-01-21 06:58 - 2013-10-21 06:37 - 00000000 ____D C:\ProgramData\Oracle

2014-01-21 06:57 - 2014-01-21 06:57 - 00005175 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-01-18 20:03 - 2009-07-13 21:08 - 00032546 _____ C:\windows\Tasks\SCHEDLGU.TXT

2014-01-18 12:28 - 2012-04-07 01:48 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe

2014-01-18 12:28 - 2012-04-07 01:48 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater

2014-01-18 12:28 - 2011-11-12 16:49 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-01-18 12:28 - 2011-11-06 14:28 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\Adobe

2014-01-17 07:25 - 2011-08-18 11:47 - 00033392 _____ C:\windows\DPINST.LOG

2014-01-17 07:24 - 2014-01-17 07:24 - 00000000 ____D C:\Program Files\Western Digital

2014-01-17 07:24 - 2014-01-16 10:55 - 00000000 ____D C:\Program Files\Common Files\Western Digital

2014-01-17 07:24 - 2014-01-16 10:55 - 00000000 ____D C:\Program Files (x86)\Western Digital

2014-01-17 07:24 - 2014-01-16 10:54 - 00000000 ____D C:\ProgramData\Western Digital

2014-01-17 07:18 - 2013-11-11 15:57 - 00000000 ____D C:\ProgramData\Package Cache

2014-01-16 12:15 - 2014-01-09 19:48 - 00002194 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2014-01-16 11:33 - 2014-01-16 11:33 - 00000000 ____D C:\windows\System32\Tasks\Western Digital

2014-01-16 11:12 - 2014-01-16 11:12 - 00000000 ____D C:\Users\Scott Duncan\Downloads\WDFirmwareUpdater

2014-01-16 11:11 - 2014-01-16 11:11 - 02112847 _____ C:\Users\Scott Duncan\Downloads\WDFirmwareUpdater.zip

2014-01-16 10:56 - 2014-01-16 10:56 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\Western_Digital_Technolog

2014-01-16 10:56 - 2014-01-16 10:56 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\Western Digital

2014-01-16 10:55 - 2014-01-16 10:55 - 00001208 _____ C:\Users\Public\Desktop\WD Security.lnk

2014-01-16 10:55 - 2014-01-16 10:55 - 00001128 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk

2014-01-16 10:07 - 2014-01-16 10:07 - 00000000 ____D C:\Users\Scott Duncan\Documents\Taxes

2014-01-16 10:07 - 2014-01-16 10:06 - 00000000 ____D C:\Users\Scott Duncan\Documents\Photography Biz

2014-01-15 22:52 - 2014-01-15 22:52 - 00001268 _____ C:\Users\Scott Duncan\Downloads\Getting Started.txt

2014-01-15 22:50 - 2014-01-15 22:50 - 00001064 _____ C:\Users\Scott Duncan\Desktop\Dropbox.lnk

2014-01-15 22:50 - 2014-01-15 22:49 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\DropboxMaster

2014-01-15 22:50 - 2011-11-05 10:26 - 00000000 ____D C:\Users\Scott Duncan

2014-01-15 22:49 - 2014-01-15 22:49 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-01-15 22:49 - 2011-11-05 10:28 - 00000000 ___RD C:\Users\Scott Duncan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2014-01-15 22:48 - 2014-01-15 22:48 - 37660568 _____ (Dropbox, Inc.) C:\Users\Scott Duncan\Downloads\Dropbox 2.6.2.exe

2014-01-15 22:20 - 2009-07-13 20:45 - 04994864 _____ C:\windows\system32\FNTCACHE.DAT

2014-01-15 22:14 - 2013-07-14 15:35 - 00000000 ____D C:\windows\system32\MRT

2014-01-15 22:12 - 2011-11-06 12:32 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-01-15 21:24 - 2014-01-15 21:24 - 17660184 _____ (Google Inc.) C:\Users\Scott Duncan\Downloads\picasa39-setup.exe

2014-01-15 18:38 - 2011-12-08 18:29 - 00002030 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-01-12 14:41 - 2009-07-13 21:09 - 00000000 ____D C:\windows\System32\Tasks\WPD

2014-01-09 19:13 - 2014-01-09 19:13 - 00001158 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-01-09 19:13 - 2014-01-09 19:13 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Mozilla

2014-01-09 19:13 - 2014-01-09 19:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2014-01-09 19:13 - 2013-05-26 04:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2014-01-09 19:12 - 2014-01-09 19:12 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0 (3).exe

2014-01-09 14:47 - 2014-01-09 14:47 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0 (2).exe

2014-01-09 14:46 - 2014-01-09 14:46 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0 (1).exe

2014-01-09 14:43 - 2014-01-09 14:43 - 00000000 ____D C:\Users\Scott Duncan\AppData\Local\Mozilla

2014-01-09 14:41 - 2014-01-09 14:41 - 00282992 _____ (Mozilla) C:\Users\Scott Duncan\Downloads\Firefox Setup Stub 26.0.exe

2014-01-07 09:50 - 2014-01-07 09:50 - 00001120 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-01-07 09:50 - 2014-01-07 09:50 - 00000000 ____D C:\Users\Scott Duncan\AppData\Roaming\Malwarebytes

2014-01-07 09:50 - 2014-01-07 09:50 - 00000000 ____D C:\ProgramData\Malwarebytes

2014-01-07 09:50 - 2014-01-07 09:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2014-01-07 09:49 - 2014-01-07 09:49 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\Scott Duncan\Downloads\mbam-setup-1.75.0.1300.exe

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important(3)

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important(2)

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important(1)

2014-01-06 14:26 - 2014-01-06 14:26 - 00599461 _____ C:\Users\Scott Duncan\Downloads\Important

2014-01-03 18:02 - 2013-09-22 15:00 - 00000098 _____ C:\Users\Scott Duncan\AppData\Roaming\WB.CFG

2013-12-31 07:14 - 2012-03-17 17:25 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-12-31 07:14 - 2012-03-17 17:25 - 00000000 ____D C:\ProgramData\Skype

2013-12-30 08:32 - 2013-12-30 08:32 - 00097286 _____ C:\Users\Scott Duncan\Downloads\Benefits

2013-12-26 07:15 - 2013-08-05 10:05 - 00003984 _____ C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan

2013-12-26 07:14 - 2013-08-05 10:03 - 00000000 ____D C:\Program Files (x86)\PC Checkup

2013-12-26 07:14 - 2009-07-13 19:20 - 00000000 ____D C:\windows\rescache

2013-12-26 07:12 - 2013-12-26 07:11 - 00000000 ____D C:\Program Files (x86)\GUM7104.tmp

 

Some content of TEMP:

====================

C:\Users\Scott Duncan\AppData\Local\Temp\15744uninstall.exe

C:\Users\Scott Duncan\AppData\Local\Temp\16531uninstall.exe

C:\Users\Scott Duncan\AppData\Local\Temp\38795uninstall.exe

C:\Users\Scott Duncan\AppData\Local\Temp\65758uninstall.exe

C:\Users\Scott Duncan\AppData\Local\Temp\contentDATs.exe

C:\Users\Scott Duncan\AppData\Local\Temp\DefaultAssets.exe

C:\Users\Scott Duncan\AppData\Local\Temp\DefaultOfflineContent.exe

C:\Users\Scott Duncan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdhorsl.dll

C:\Users\Scott Duncan\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe

C:\Users\Scott Duncan\AppData\Local\Temp\mssinstaller.exe

C:\Users\Scott Duncan\AppData\Local\Temp\NLStubInstallerResources.dll

C:\Users\Scott Duncan\AppData\Local\Temp\ntdll_dump.dll

C:\Users\Scott Duncan\AppData\Local\Temp\PCCU_Installer.exe

C:\Users\Scott Duncan\AppData\Local\Temp\Quarantine.exe

C:\Users\Scott Duncan\AppData\Local\Temp\SearchWithGoogleUpdate.exe

C:\Users\Scott Duncan\AppData\Local\Temp\SecurityScan_Release.exe

C:\Users\Scott Duncan\AppData\Local\Temp\setup.exe

C:\Users\Scott Duncan\AppData\Local\Temp\SkypeSetup.exe

C:\Users\Scott Duncan\AppData\Local\Temp\Sqlite3.dll

C:\Users\Scott Duncan\AppData\Local\Temp\_FAEC.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2014-01-19 05:25

 

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-01-2014 01

Ran by Scott Duncan at 2014-01-25 16:23:11

Running from C:\Users\Scott Duncan\Downloads

Boot Mode: Safe Mode (with Networking)

==========================================================

 

 

==================== Security Center ========================

 

AV: Norton Internet Security (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Norton Internet Security (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Internet Security (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

 

==================== Installed Programs ======================

 

7-Zip 9.21 (x32 Version: 9.21.00.0 - Igor Pavlov)

Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.)

Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden

Adobe Community Help (x32 Version: 3.0.0 - Adobe Systems Incorporated) Hidden

Adobe Community Help (x32 Version: 3.0.0.400 - Adobe Systems Incorporated)

Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated)

Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden

Adobe Photoshop CS5 (x32 Version: 12.0 - Adobe Systems Incorporated)

Adobe Photoshop Lightroom 3.6 64-bit (Version: 3.6.1 - Adobe)

Adobe Reader X (10.1.9) MUI (x32 Version: 10.1.9 - Adobe Systems Incorporated)

Amazon Links (x32 Version: 2.02 - TOSHIBA Corporation)

Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)

Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) <==== ATTENTION

Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 1.0.0.36 - Atheros Communications Inc.)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Bonjour (Version: 3.0.0.10 - Apple Inc.)

Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Citrix Offline Plug-in (x32 Version: 6.5.0.6684 - Citrix Systems, Inc.)

Citrix online plug-in - web (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.)

Citrix online plug-in (DV) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (HDX) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (USB) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden

Citrix online plug-in (Web) (x32 Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden

Conexant HD Audio (Version: 8.51.1.0 - Conexant)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Dropbox (HKCU Version: 2.6.2 - Dropbox, Inc.)

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

FileOpener (x32 Version: 1.1.1 - Tweaks)

FileOpener Packages (HKCU Version:  - ) <==== ATTENTION

Google Chrome (x32 Version: 32.0.1700.76 - Google Inc.)

Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320 - Google Inc.)

Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden

iCloud (Version: 3.1.0.40 - Apple Inc.)

IHA_MessageCenter (x32 Version: 1.8.17 - Verizon) <==== ATTENTION

Intel® Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (x32 Version: 8.15.10.2353 - Intel Corporation) <==== ATTENTION

Intel® Rapid Storage Technology (x32 Version: 10.1.2.1004 - Intel Corporation)

iTunes (Version: 11.1.3.8 - Apple Inc.)

Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)

Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden

Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Label@Once 1.0 (x32 Version: 1.0 - Corel) <==== ATTENTION

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Office 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation) <==== ATTENTION

Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) <==== ATTENTION

Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION

Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (x32 Version: 11.0.51106.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden

Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden

Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden

Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)

Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla) <==== ATTENTION

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

Music Manager (HKCU Version:  - Google, Inc.)

Nik Collection (x32 Version: 1.1.0.9 - Google)

Norton Internet Security (x32 Version: 20.4.0.40 - Symantec Corporation)

Norton PC Checkup (x32 Version: 3.0.5.38.0 - Symantec Corporation)

PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden

Pdf995 (x32 Version:  - )

PdfEdit995 (x32 Version:  - )

Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden

Photomatix Pro version 4.1.3 (Version: 4.1.3 - HDRsoft Sarl)

Photomatix Pro version 4.2.7 (Version: 4.2.7 - HDRsoft Ltd)

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95 - WildTangent) Hidden

PlayReady PC Runtime amd64 (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (x32 Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden

QuickTime (x32 Version: 7.74.80.86 - Apple Inc.)

Realtek USB 2.0 Reader Driver (x32 Version: 1.0.0.12 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (x32 Version: 2.00.0013 - REALTEK Semiconductor Corp.)

Sendori (x32 Version: 2.0.15 - Sendori, Inc.)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden <==== ATTENTION

Signature995 (x32 Version:  - )

Skype Click to Call (x32 Version: 6.9.12585 - Skype Technologies S.A.)

Skype Launcher (x32 Version: 2.01 - TOSHIBA Corporation)

Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)

Smart Shooter 2 (x32 Version:  - Francis Hart)

Synaptics Pointing Device Driver (Version: 15.2.11.1 - Synaptics Incorporated) <==== ATTENTION

Tom Clancy's Splinter Cell (x32 Version: 2.2.0.97 - WildTangent) Hidden <==== ATTENTION

TomTom HOME (x32 Version: 2.9.0 - TomTom)

TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2 - TomTom International B.V.)

Toshiba App Place (x32 Version: 1.0.6.3 - Toshiba) <==== ATTENTION

TOSHIBA Application Installer (x32 Version: 9.0.1.1 - TOSHIBA)

TOSHIBA Assist (x32 Version: 4.02.02 - TOSHIBA CORPORATION)

Toshiba Book Place (x32 Version: 2.2.6775 - K-NFB Reading Technology, Inc.) <==== ATTENTION

TOSHIBA Bulletin Board (Version: 1.6.08.64 - TOSHIBA Corporation) Hidden

TOSHIBA Bulletin Board (x32 Version: 1.6.08.64 - TOSHIBA Corporation)

TOSHIBA Disc Creator (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)

TOSHIBA eco Utility (Version: 1.2.25.64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (Version: 3.1.8.64 - TOSHIBA Corporation) Hidden <==== ATTENTION

TOSHIBA Face Recognition (x32 Version: 3.1.8.64 - TOSHIBA Corporation) <==== ATTENTION

TOSHIBA Hardware Setup (Version: 4.08.06.00 - TOSHIBA) Hidden

TOSHIBA Hardware Setup (x32 Version: 4.08.06.00 - )

TOSHIBA HDD/SSD Alert (Version: 3.1.64.7 - TOSHIBA Corporation) Hidden

TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.7 - TOSHIBA Corporation) Hidden

Toshiba Laptop Checkup (x32 Version: 2.0.10.26 - Symantec Corporation)

TOSHIBA Media Controller (x32 Version: 1.0.86.2 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (x32 Version: 1.0.6.1 - TOSHIBA CORPORATION)

Toshiba Online Backup (x32 Version: 2.0.0.25 - Toshiba)

TOSHIBA PC Health Monitor (Version: 1.7.4.64 - TOSHIBA Corporation)

TOSHIBA Quality Application (x32 Version: 1.0.3 - TOSHIBA)

TOSHIBA Recovery Media Creator (x32 Version: 2.1.3.5109 - TOSHIBA CORPORATION)

TOSHIBA ReelTime (Version: 1.7.17.64 - TOSHIBA Corporation) Hidden

TOSHIBA ReelTime (x32 Version: 1.7.17.64 - TOSHIBA Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.1.0 - TOSHIBA Corporation)

TOSHIBA Service Station (x32 Version: 2.1.52 - TOSHIBA) <==== ATTENTION

TOSHIBA Sleep Utility (x32 Version: 1.4.2.7 - TOSHIBA Corporation)

TOSHIBA Supervisor Password (Version: 4.08.06.00 - TOSHIBA) Hidden

TOSHIBA Supervisor Password (x32 Version: 4.08.06.00 - )

TOSHIBA Value Added Package (Version: 1.5.4.64 - TOSHIBA Corporation) Hidden

TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation)

TOSHIBA Value Added Package (x32 Version: 1.5.4.64 - TOSHIBA Corporation) Hidden

TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (x32 Version: 2.0.0.19 - TOSHIBA Corporation) Hidden

TOSHIBA Wireless LAN Indicator (x32 Version: 1.0.3 - TOSHIBA CORPORATION)

ToshibaRegistration (x32 Version: 1.0.4 - Toshiba)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version:  - Microsoft) <==== ATTENTION

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version:  - Microsoft)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vz In Home Agent (x32 Version: 8.03.54 - Verizon)

Vz In-Home Agent (x32 Version: 9.0.35.0 - Verizon)

WD Drive Utilities (x32 Version: 1.0.6.3 - Western Digital Technologies, Inc.)

WD Quick View (x32 Version: 2.2.1.6 - Western Digital Technologies, Inc.)

WD Security (x32 Version: 1.0.6.3 - Western Digital Technologies, Inc.)

WD SmartWare (Version: 2.2.1.6 - Western Digital Technologies, Inc.)

WD SmartWare Installer (x32 Version: 2.2.1.6 - Western Digital Technologies, Inc.)

WildTangent Games (x32 Version: 1.0.2.5 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.4.16 - WildTangent) Hidden

Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Essentials (x32 Version: 15.4.3508.1109 - Microsoft Corporation)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Language Selector (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2 - Microsoft Corporation)

Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden <==== ATTENTION

Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden <==== ATTENTION

Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden <==== ATTENTION

Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden

Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden <==== ATTENTION

Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

 

==================== Restore Points  =========================

 

16-01-2014 17:12:23 Windows Backup

17-01-2014 15:17:20 WD SmartWare Installer

21-01-2014 14:56:19 Installed Java 7 Update 51

25-01-2014 03:05:51 Removed Java 6 Update 37

25-01-2014 03:06:38 Removed Java 6 Update 37

 

==================== Hosts content: ==========================

 

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0CD567AF-3A16-4035-94C5-D913899368E6} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2949255578-4130258502-838744892-1000Core => C:\Users\Scott Duncan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-04] (Google Inc.)

Task: {30BF87B7-E8C9-41E4-BDFA-13ADAF78FA3D} - System32\Tasks\Updater21802.exe => C:\Users\Scott

Task: {34F8B800-EA5A-4106-A891-F7E1AF74CE77} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2013-12-26] (Symantec Corporation)

Task: {425BA744-0B9B-414A-92C2-0CB75E609EBC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)

Task: {54355DBE-5A87-40A0-950F-153D81A5D352} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-18] (Adobe Systems Incorporated)

Task: {543DFE84-88C3-415B-9895-C83B14535A43} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-03] (Symantec Corporation)

Task: {5CF0707E-4AEC-4245-A474-90276BDCEDBE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {84DE06EF-DF18-4056-82B2-26EE54FD3E2E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2949255578-4130258502-838744892-1000UA => C:\Users\Scott Duncan\AppData\Local\Google\Update\GoogleUpdate.exe [2013-09-04] (Google Inc.)

Task: {A45CFA0F-4534-47C7-98A9-8FF6849A972D} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {C4FF36E6-B5F9-4635-AEF0-2627B1D3D11F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup

Task: {CCA11930-D41D-4435-B4BB-EBF334F00A30} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)

Task: {EB3595AC-9935-44DE-81DE-B12A79BAACCE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-08-18] (Google Inc.)

Task: {FE732D04-B00B-408F-A956-9AC55ECC346E} - System32\Tasks\AdobeAAMUpdater-1.0-ScottDuncan-PC-Scott Duncan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2949255578-4130258502-838744892-1000Core.job => C:\Users\Scott Duncan\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2949255578-4130258502-838744892-1000UA.job => C:\Users\Scott Duncan\AppData\Local\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

2014-01-16 12:15 - 2014-01-11 02:29 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\pdf.dll

2014-01-16 12:15 - 2014-01-11 02:29 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll

2014-01-16 12:15 - 2014-01-11 02:28 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

 

==================== Faulty Device Manager Devices =============

 

Name: Security Processor Loader Driver

Description: Security Processor Loader Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer: 

Service: spldr

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (01/25/2014 04:21:03 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2014 08:58:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:53:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:48:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:43:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:38:13 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:33:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:28:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:23:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:18:12 AM) (Source: SendoriService) (User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

 

System errors:

=============

Error: (01/25/2014 04:23:09 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:23:09 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:23:09 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:22:59 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:22:59 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:22:59 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:21:53 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:21:53 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:21:53 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

Error: (01/25/2014 04:21:41 PM) (Source: Service Control Manager) (User: )

Description: The Computer Browser service depends on the Server service which failed to start because of the following error: 

%%1068

 

 

Microsoft Office Sessions:

=========================

Error: (01/25/2014 04:21:03 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

Error: (01/25/2014 08:58:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:53:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:48:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:43:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:38:13 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:33:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:28:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:23:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

Error: (01/25/2014 08:18:12 AM) (Source: SendoriService)(User: )

Description: In the enable methodRetrieving the COM class factory for component with CLSID {6EEBC7FF-67DA-4B90-9251-C2C5696E4B48} failed due to the following error: 80040154.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 17%

Total physical RAM: 6091.86 MB

Available physical RAM: 5002.47 MB

Total Pagefile: 12181.9 MB

Available Pagefile: 11124.44 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB

 

==================== Drives ================================

 

Drive c: (TI106139W0E) (Fixed) (Total:450.57 GB) (Free:344.19 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 4E59E2AF)

Partition 1: (Active) - (Size=1 GB) - (Type=27)

Partition 2: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=14 GB) - (Type=17)

 

==================== End Of Log ============================

Link to post
Share on other sites

Yes App BBC Good Food 5 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnkffnoliaheoidfeejcmnidkkgilkja\5_0

Yes App Gmail 7 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

Yes App Google Drive 6.3 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0

Yes App Google Search 0.0.0.20 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0

Yes App YouTube 4.2.6 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0

Yes Extension Google Docs 0.5 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0

Yes Extension Google Wallet 0.0.6.0 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_1

Yes Extension MWAddon Chromium Client 1.72 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\llfmkjppmncfcgdebajkjnopgodlcaoe\1.72_0

No Extension Norton Identity Protection 2013.4.5.2 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.5.2_0

Yes Extension WiseStamp Web 0.0.780 First user C:\Users\Scott Duncan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjjniaenghhbffhplhdcipdgidbajdp\0.0.780_0
Link to post
Share on other sites

That all looks OK, if there's an extension you don't recognize or didn't install we can delete it.

Chrome has to be set manually so give this a try:

For Chrome...........

First make sure you have the latest version of Chrome:

Open up Chrome > Click on the 3 bars in the upper right hand corner

Click on About Google Chrome

If there's an update available it will automatically update

Next:

Go to Tools > Clear Browser Data

Put a check next to all of these:

  • Clear browsing history
  • Clear download history
  • Delete cookies and other site and plug-in data
  • Empty the cache
Click "Clear Browsing Data"

-------------------------------

Next:

Click the Chrome menu on the browser toolbar.

Select Settings.

In the "Search" section, click Manage search engines.

Check if (Default) is displayed next to your preferred search engine. If not, mouse over it and click Make default.

Mouse over any other suspicious search engine entries that are not familiar and click X to remove them.

-------------------------------------

Click the Chrome menu .

Select Settings.

In the "On startup" section, select Open a specific page or set of pages.

Click Set pages. (in blue to the right)

Remove any unfamiliar pages.

-----------------------

Click the Chrome menu .

Select Settings.

In the "Appearance" section, if the "Show Home button" checkbox is selected, see if the page listed below is the home page you’d like to use.

If the page isn't the home page you'd like to use, click Change and select your preferred page.

-------------------------

Carefully check for any odd extensions or plugins: (it's a good idea to disable them all and see if you're still redirected and then add each one back until you find the culprit)

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

-----------------------------

We can always reset Chrome as a last resort:

https://support.google.com/chrome/answer/3296214?hl=en <---reset

Let me know.....MrC

Link to post
Share on other sites

Every thing checks out until I get to chrome:plugins. I just wasn't sure of the ones listed below. Does anything jump out at you, and shall I disable them?

 

I did disable a add-on that I thought might be the culprit, but doubt it, as my issue was first with Firefox and I don't have it on Firefox, but I did disable it just to be sure.

 

Widevine Content Decryption Module Version: 1.4.1.377

Enables Widevine licenses for playback of HTML audio/video content.
 
Native Client
 
Silverlight Version: 5.1.20913.0
Link to post
Share on other sites

That looks OK.....give this try:

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
MrC
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.