jonschmidt Posted February 8, 2014 ID:788509 Share Posted February 8, 2014 DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 11.0.9600.16428Run by eccastillo3 at 17:17:29 on 2014-02-08Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2363 [GMT -5:00].AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\windows\system32\lsm.exeC:\windows\system32\svchost.exe -k DcomLaunchC:\windows\system32\svchost.exe -k RPCSSC:\windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Program Files (x86)\iSafe\iSafeSvc.exeC:\Program Files (x86)\iSafe\iSafeSvc2.exeC:\windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\windows\system32\svchost.exe -k LocalServiceC:\windows\system32\svchost.exe -k netsvcsC:\windows\system32\svchost.exe -k NetworkServiceC:\windows\System32\spoolsv.exeC:\windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files (x86)\GorillaPrice\GorillaPrice.exeC:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exeC:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exeC:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exeC:\windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exeC:\Windows\system32\TODDSrv.exeC:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exeC:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exeC:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exeC:\ProgramData\GorillaPrice\WatGorp.exeC:\windows\System32\svchost.exe -k secsvcsC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exeC:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exeC:\Program Files\TOSHIBA\TECO\TecoService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\windows\system32\wbem\wmiprvse.exeC:\windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXEC:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\windows\System32\WUDFHost.exeC:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exeC:\windows\system32\taskeng.exeC:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exeC:\windows\system32\Dwm.exeC:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exeC:\windows\system32\taskhost.exeC:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exeC:\Program Files (x86)\DriverUpdate\DriverUpdate.exeC:\windows\Explorer.EXEC:\Program Files (x86)\iSafe\iSafeTray.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\System32\hkcmd.exeC:\Windows\System32\igfxpers.exeC:\Program Files\TOSHIBA\Power Saver\TPwrMain.exeC:\Program Files\TOSHIBA\FlashCards\TCrdMain.exeC:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files\TOSHIBA\TECO\Teco.exeC:\Program Files\Synaptics\SynTP\SynTPHelper.exeC:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exeC:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Tango\Tango.exeC:\Program Files (x86)\OpenDownloaderManager\ODM.exeC:\Program Files (x86)\Citrix\ICA Client\concentr.exeC:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exeC:\windows\system32\SearchIndexer.exeC:\windows\system32\SearchProtocolHost.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exeC:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exeC:\Program Files\TOSHIBA\TPHM\TPCHSrv.exeC:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exeC:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exeC:\windows\system32\taskeng.exeC:\windows\system32\SearchFilterHost.exeC:\windows\system32\igfxsrvc.exeC:\windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyServer = hxxp=127.0.0.1:8080uProxyOverride = <local>BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dllBHO: TidyNetwork: {6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59} - C:\Program Files (x86)\TidyNetwork\petn.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: ValueApps: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dllTB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dlluRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrunuRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -ruRun: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorunmRun: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startupmRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /puPolicies-Explorer: NoDriveTypeAutoRun = dword:145uPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htmIE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htmIE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htmIE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htmIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTCP: NameServer = 192.168.1.1TCP: Interfaces\{980ED360-C148-4614-B92D-6BD0388A26A6} : DHCPNameServer = 192.168.1.1TCP: Interfaces\{980ED360-C148-4614-B92D-6BD0388A26A6}\4445 : DHCPNameServer = 167.206.254.1 167.206.254.2 192.168.1.1TCP: Interfaces\{980ED360-C148-4614-B92D-6BD0388A26A6}\4445D27657563747 : DHCPNameServer = 167.206.254.1 167.206.254.2 192.168.33.1TCP: Interfaces\{980ED360-C148-4614-B92D-6BD0388A26A6}\6553237305 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{980ED360-C148-4614-B92D-6BD0388A26A6}\F405031343 : DHCPNameServer = 192.168.1.1TCP: Interfaces\{CDEE3EB9-EA6C-48BE-805F-A7000E4BD9AF} : DHCPNameServer = 192.168.1.1Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllAppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: TidyNetwork: {6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59} - C:\Program Files (x86)\TidyNetwork\petn64.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: ValueApps: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [igfxTray] C:\windows\System32\igfxtray.exex64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exex64-Run: [Persistence] C:\windows\System32\igfxpers.exex64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEx64-Run: [HSON] C:\Program Files (x86)\TOSHIBA\TBS\HSON.exex64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exex64-Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe /tx64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /rx64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exex64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exex64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exex64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exex64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exex64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Notify: igfxcui - igfxdev.dllx64-SSODL: WebCheck - <orphaned>.============= SERVICES / DRIVERS ===============.R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\drivers\tos_sps64.sys [2009-6-24 482384]R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]R1 iSafeNetFilter;iSafeNetFilter;C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [2014-1-26 44032]R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-2-3 2317600]R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]R2 GorillaPrice;GorillaPrice;C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -service --> C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe -service [?]R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-8-3 352248]R2 iSafeService;iSafeService;C:\Program Files (x86)\iSafe\iSafeSvc.exe [2014-1-26 491688]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-19 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-19 701512]R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe [2013-2-6 138272]R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [2012-11-8 132056]R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [2011-12-20 126392]R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-12-10 206120]R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-12-10 185640]R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2011-5-24 294848]R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-20 2656280]R2 USTSPCODiskOptimizer;USTSPCODiskOptimizer;C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [2014-1-18 283952]R2 USTSScheduler;US Tech Support Scheduling Service;C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [2013-1-17 737600]R2 WatGorp;WatGorp;C:\ProgramData\GorillaPrice\WatGorp.exe -service --> C:\ProgramData\GorillaPrice\WatGorp.exe -service [?]R3 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [2012-5-8 1160824]R3 ccSet_NIS;Norton Internet Security Settings Manager;C:\windows\System32\drivers\NISx64\1309010.00E\ccsetx64.sys [2013-2-6 167072]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-3-29 138912]R3 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSviA64.sys [2012-5-12 488568]R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]R3 iSafeKrnl;iSafeKrnl;C:\Program Files (x86)\iSafe\iSafeKrnl.sys [2014-1-26 219648]R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\System32\drivers\L1C62x64.sys [2010-11-8 76912]R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-5-19 25928]R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2011-12-20 38096]R3 QIOMem;Generic IO & Memory Access;C:\windows\System32\drivers\QIOMem.sys [2009-6-15 12800]R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2011-12-20 1109096]R3 Sftfs;Sftfs;C:\windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]R3 Sftplay;Sftplay;C:\windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]R3 Sftredir;Sftredir;C:\windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]R3 Sftvol;Sftvol;C:\windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]R3 SymDS;Symantec Data Store;C:\windows\System32\drivers\NISx64\1309010.00E\symds64.sys [2013-2-6 451192]R3 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\NISx64\1309010.00E\symefa64.sys [2013-2-6 1129120]R3 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\NISx64\1309010.00E\ironx64.sys [2013-2-6 190072]R3 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\NISx64\1309010.00E\symnets.sys [2013-2-6 405624]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2011-6-9 138152]R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2011-7-1 828856]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2013-12-12 111616]S3 Revoflt;Revoflt;C:\windows\System32\drivers\revoflt.sys [2013-5-21 31800]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-12-20 250984]S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-12-20 307304]S3 SrvHsfHDA;SrvHsfHDA;C:\windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2014-1-14 16152]S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-12-20 57216]S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-7-2 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-02-08 18:58:15 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9BB68302-9D0C-4CE3-BCAB-4399EB9FA10D}\mpengine.dll2014-02-08 18:46:34 -------- d-----w- C:\ProgramData\Sophos2014-02-08 18:45:41 73728 ----a-r- C:\Users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45:41 73728 ----a-r- C:\Users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45:41 73728 ----a-r- C:\Users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe2014-02-08 18:45:36 -------- d-----w- C:\Program Files (x86)\Sophos2014-02-04 17:19:42 0 ----a-w- C:\windows\SysWow64\sho74B6.tmp2014-02-02 14:47:42 0 ----a-w- C:\windows\SysWow64\shoD970.tmp2014-02-01 16:00:23 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\File Type Helper2014-01-30 21:20:41 0 ----a-w- C:\windows\SysWow64\sho1539.tmp2014-01-29 12:35:52 0 ----a-w- C:\windows\SysWow64\shoABD8.tmp2014-01-28 02:11:14 0 ----a-w- C:\windows\SysWow64\shoAF92.tmp2014-01-27 22:34:01 0 ----a-w- C:\windows\SysWow64\shoAEBE.tmp2014-01-26 17:12:55 -------- d-----w- C:\Program Files (x86)\Uninstaller2014-01-26 16:48:04 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\eCyber2014-01-26 16:43:04 -------- d-----w- C:\Users\eccastillo3\AppData\Local\newplayer2014-01-26 16:42:59 -------- d-----w- C:\Program Files\Conduit2014-01-26 16:42:58 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\ValueApps2014-01-26 16:42:52 -------- d-----w- C:\Users\eccastillo3\AppData\Local\Conduit2014-01-26 16:42:52 -------- d-----w- C:\Program Files (x86)\Conduit2014-01-26 16:42:49 -------- d-----w- C:\windows\System32\log2014-01-26 16:42:29 -------- d-----w- C:\Program Files (x86)\NewPlayer2014-01-26 16:42:15 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\iSafe2014-01-26 16:42:15 -------- d-----w- C:\Program Files (x86)\iSafe2014-01-26 16:41:42 -------- d-----w- C:\Users\eccastillo3\AppData\Local\SearchProtect2014-01-26 16:41:42 -------- d-----w- C:\Program Files (x86)\SearchProtect2014-01-18 15:36:28 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\USTechSupport2014-01-18 15:36:01 -------- d-----w- C:\Program Files (x86)\USTechSupport2014-01-18 15:36:01 -------- d-----w- C:\Program Files (x86)\Common Files\USTechSupport2014-01-18 15:35:25 -------- d-----w- C:\ProgramData\USTechSupport2014-01-18 15:08:44 -------- d-----w- C:\Users\eccastillo3\AppData\Local\LogMeIn Rescue Applet2014-01-17 23:39:02 -------- d-----w- C:\Users\eccastillo3\AppData\Local\TidyNetwork2014-01-17 23:39:02 -------- d-----w- C:\Program Files (x86)\TidyNetwork2014-01-17 23:38:45 -------- d-----w- C:\Users\eccastillo3\AppData\Local\TNT22014-01-17 14:13:23 -------- d-----w- C:\Users\eccastillo3\AppData\Roaming\Open Download Manager2014-01-17 14:13:07 -------- d-----w- C:\ProgramData\boost_interprocess2014-01-17 14:13:05 -------- d-----w- C:\ProgramData\GorillaPrice2014-01-17 14:13:05 -------- d-----w- C:\Program Files (x86)\GorillaPrice2014-01-17 14:12:43 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager2014-01-16 19:03:13 -------- d--h--w- C:\ProgramData\Common Files2014-01-15 12:01:23 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys2014-01-15 12:01:23 7808 ----a-w- C:\windows\System32\drivers\usbd.sys2014-01-15 12:01:23 53248 ----a-w- C:\windows\System32\drivers\usbehci.sys2014-01-15 12:01:23 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys2014-01-15 12:01:23 325120 ----a-w- C:\windows\System32\drivers\usbport.sys2014-01-15 12:01:23 3156480 ----a-w- C:\windows\System32\win32k.sys2014-01-15 12:01:23 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys2014-01-15 12:01:23 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys2014-01-15 12:01:21 376768 ----a-w- C:\windows\System32\drivers\netio.sys2014-01-14 16:48:20 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys2014-01-14 16:48:19 -------- d-----w- C:\Users\eccastillo3\AppData\Local\SlimWare Utilities Inc2014-01-14 16:48:09 -------- d-----w- C:\Program Files (x86)\DriverUpdate.==================== Find3M ====================.2013-12-18 11:13:56 270496 ------w- C:\windows\System32\MpSigStub.exe2013-12-17 13:48:33 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-17 13:48:33 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe2013-11-26 10:19:07 2724864 ----a-w- C:\windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\windows\System32\WMPhoto.dll2013-11-15 17:33:50 0 ----a-w- C:\windows\SysWow64\shoF758.tmp2013-11-15 12:50:34 19760 ----a-w- C:\windows\System32\roboot64.exe2013-11-12 02:23:09 2048 ----a-w- C:\windows\System32\tzres.dll2013-11-12 02:07:29 2048 ----a-w- C:\windows\SysWow64\tzres.dll.============= FINISH: 17:17:58.87 =============== .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 2/15/2012 4:06:23 PMSystem Uptime: 2/8/2014 4:58:43 PM (1 hours ago).Motherboard: Intel Corp. | | Base Board Product NameProcessor: Intel® Core i3-2350M CPU @ 2.30GHz | CPU1 | 2300/1333mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 580 GiB total, 530.672 GiB free.D: is CDROM ()E: is Removable.==== Disabled Device Manager Items =============.Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}Description: Lexmark X422Device ID: ROOT\IMAGE\0000Manufacturer: LexmarkName: Lexmark X422PNP Device ID: ROOT\IMAGE\0000Service: usbscan.==== System Restore Points ===================.RP186: 1/7/2014 8:52:27 AM - Windows UpdateRP187: 1/14/2014 8:45:06 AM - Windows UpdateRP188: 1/16/2014 1:25:19 PM - Windows UpdateRP189: 1/21/2014 7:13:27 AM - Windows UpdateRP190: 1/24/2014 8:01:41 AM - Windows UpdateRP191: 1/28/2014 9:47:30 AM - Windows UpdateRP192: 2/4/2014 9:45:07 AM - Windows UpdateRP193: 2/8/2014 1:44:48 PM - Installed Sophos Virus Removal Tool.RP194: 2/8/2014 1:57:06 PM - Windows Update.==== Installed Programs ======================.Activeris AntiMalwareAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAtheros Communications Inc.® AR81Family Gigabit/Fast Ethernet DriverCCleanerCisco EAP-FAST ModuleCisco LEAP ModuleCisco PEAP ModuleCitrix online plug-in - webCitrix online plug-in (DV)Citrix online plug-in (HDX)Citrix online plug-in (USB)Citrix online plug-in (Web)Conexant HD AudioD3DX10DriverUpdateFoxit ReaderGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGorillaPriceIHA_MessageCenterIntel® Management Engine ComponentsIntel® Processor GraphicsIntel® Rapid Storage TechnologyJava Auto UpdaterJava 6 Update 25Junk Mail filter updateLabel@Once 1.0Malwarebytes Anti-Malware version 1.75.0.1300Mesh RuntimeMicrosoft .NET Framework 4 Client ProfileMicrosoft .NET Framework 4 ExtendedMicrosoft Application Error ReportingMicrosoft Office 2010Microsoft Office Click-to-Run 2010Microsoft Office Starter 2010 - EnglishMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MyCleanPC PC OptimizerNetwaitingNewPlayerNorton Internet SecurityNorton PC CheckupOpen Downloader ManagerPlayReady PC Runtime amd64PlayReady PC Runtime x86Realtek USB 2.0 Reader DriverRealtek WLAN DriverRevo Uninstaller Pro 3.0.5Search ProtectSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft .NET Framework 4 Extended (KB2736428)Security Update for Microsoft .NET Framework 4 Extended (KB2742595)Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)Sing AlongSkype Click to CallSkype LauncherSkype™ 6.11Sophos Virus Removal ToolSynaptics Pointing Device DriverTangoTidyNetworkToshiba App PlaceTOSHIBA Application InstallerTOSHIBA AssistToshiba Book PlaceTOSHIBA Bulletin BoardTOSHIBA Disc CreatorTOSHIBA eco UtilityTOSHIBA Face RecognitionTOSHIBA Hardware SetupTOSHIBA HDD/SSD AlertToshiba Laptop CheckupTOSHIBA Media ControllerTOSHIBA Media Controller Plug-inToshiba Online BackupTOSHIBA PC Health MonitorTOSHIBA Quality ApplicationTOSHIBA Recovery Media CreatorTOSHIBA ReelTimeTOSHIBA Resolution+ Plug-in for Windows Media PlayerTOSHIBA Service StationTOSHIBA Sleep UtilityTOSHIBA Supervisor PasswordTOSHIBA Value Added PackageTOSHIBA Web Camera ApplicationTOSHIBARegistrationUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Client Profile (KB2836939)Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2836939)Update for Microsoft .NET Framework 4 Extended (KB2836939v3)US Tech Support FrameworkValueAppsVerizon Download ManagerVerizon ToolbarVz In Home AgentWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesYAC.==== Event Viewer Messages From Past Week ========.2/3/2014 7:22:00 PM, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.2/2/2014 9:47:26 AM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control..==== End Of File =========================== Thank you. Link to post Share on other sites More sharing options...
jeffce Posted February 9, 2014 ID:788579 Share Posted February 9, 2014 Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:The fixes are specific to your problem and should only be used for the issues on this machine.It's often worth reading through these instructions and printing them for ease of reference.If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.Please reply to this thread. Do not start a new topic.If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.Please be sure to subscribe to the topic if you have not already done so.IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data. Having said that.... Let's get going!! ---------- Link to post Share on other sites More sharing options...
jeffce Posted February 9, 2014 ID:788581 Share Posted February 9, 2014 Malwarebytes Anti-Rootkit Please download Malwarebytes Anti-Rootkit and save it to your desktop.Be sure to print out and follow the instructions provided on that same page.Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.Scan your system for malwareIf malware is found, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.If there is no malware found, please let me know as well.---------- AdwCleaner Please download AdwCleaner by Xplode and save to your Desktop.Double click on AdwCleaner.exe to run the toolVista/Windows 7/8 users right-click and select Run As Administrator.Click on the Scan button.AdwCleaner will begin...be patient as the scan may take some time to complete.After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.Copy and paste the contents of that logfile in your next reply.A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.---------- Also....is your system set to connect to work or school through a proxy connection that you know of?? Link to post Share on other sites More sharing options...
jonschmidt Posted February 9, 2014 Author ID:788607 Share Posted February 9, 2014 ---------- Also....is your system set to connect to work or school through a proxy connection that you know of?? There is no proxy connection that I know of. Link to post Share on other sites More sharing options...
jeffce Posted February 9, 2014 ID:788708 Share Posted February 9, 2014 Ok thanks for letting me know.....when you get the logs from MBAR and AdwCleaner, be sure to post those and we will get started. Link to post Share on other sites More sharing options...
jonschmidt Posted February 9, 2014 Author ID:788875 Share Posted February 9, 2014 I ran MBAR but was unable to update the program. I recieved the following: Failed: Incomplete Transfer.Current database used was v2013.10.02.12 I do have an active internet connection. Scanned system twice and received a message saying nothing was found.-- Ran AdwCleaner which ran and then made me reboot my system-- Laptop is currently shutdown. Logs from above programs, follow. Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.orgDatabase version: v2013.10.02.12Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476eccastillo3 :: ECCASTILLO3-PC [administrator]2/9/2014 9:25:13 AMmbar-log-2014-02-09 (09-25-13).txtScan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled:Objects scanned: 226964Time elapsed: 16 minute(s), 25 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)Physical Sectors Detected: 0(No malicious items detected)(end) # AdwCleaner v3.018 - Report created 09/02/2014 at 14:35:59# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : eccastillo3 - ECCASTILLO3-PC# Running from : C:\Users\eccastillo3\Desktop\AdwCleaner.exe# Option : Scan***** [ Services ] *****Service Found : CltMngSvc***** [ Files / Folders ] *****File Found : C:\ENDFile Found : C:\Users\ECCAST~1\AppData\Local\Temp\Uninstall.exeFile Found : C:\Users\eccastillo3\AppData\Roaming\speedanalysis.icoFile Found : C:\windows\System32\roboot64.exeFile Found : C:\windows\System32\Tasks\EPUpdaterFolder Found C:\Program Files (x86)\ConduitFolder Found C:\Program Files (x86)\SearchprotectFolder Found C:\Program Files (x86)\TidyNetworkFolder Found C:\Program Files (x86)\tuguu slFolder Found C:\Program Files\ConduitFolder Found C:\ProgramData\boost_interprocessFolder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPCFolder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPCFolder Found C:\Users\eccastillo3\AppData\Local\ConduitFolder Found C:\Users\eccastillo3\AppData\Local\SearchprotectFolder Found C:\Users\eccastillo3\AppData\Local\TidyNetworkFolder Found C:\Users\eccastillo3\AppData\Roaming\File Type HelperFolder Found C:\Users\eccastillo3\AppData\Roaming\ValueApps***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\APN PIPKey Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39Key Found : HKCU\Software\ConduitKey Found : HKCU\Software\MapsGalaxy_39Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Found : HKCU\Software\Optimizer ProKey Found : [x64] HKCU\Software\APN PIPKey Found : [x64] HKCU\Software\ConduitKey Found : [x64] HKCU\Software\MapsGalaxy_39Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Key Found : [x64] HKCU\Software\Optimizer ProKey Found : HKLM\SOFTWARE\Classes\AmiBs.InstallerKey Found : HKLM\SOFTWARE\Classes\AmiBs.Installer.1Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Found : HKLM\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}Key Found : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Found : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}Key Found : HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FCKey Found : HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FCKey Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}Key Found : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}Key Found : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}Key Found : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Found : HKLM\SOFTWARE\Classes\speedupmypcKey Found : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Found : HKLM\Software\DomaIQKey Found : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbogKey Found : HKLM\Software\MapsGalaxy_39Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectKey Found : HKLM\Software\PIPKey Found : HKLM\Software\SearchProtectKey Found : HKLM\Software\Uniblue\SpeedUpMyPCKey Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}Key Found : [x64] HKLM\SOFTWARE\DomaIQKey Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Value Found : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]Value Found : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{364EA597-E728-4CE4-BB4A-ED846EF47970}]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428-\\ Google Chrome v32.0.1700.107[ File : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\preferences ]Found : homepageFound : search_urlFound : suggest_urlFound : keywordFound : homepageFound : search_urlFound : homepageFound : search_urlFound : suggest_url*************************AdwCleaner[R0].txt - [10014 octets] - [09/02/2014 14:35:59]########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10075 octets] ########## # AdwCleaner v3.018 - Report created 09/02/2014 at 14:37:19# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : eccastillo3 - ECCASTILLO3-PC# Running from : C:\Users\eccastillo3\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] *****Service Deleted : CltMngSvc***** [ Files / Folders ] *****Folder Deleted : C:\ProgramData\boost_interprocessFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\SpeedUpMyPCFolder Deleted : C:\Program Files (x86)\ConduitFolder Deleted : C:\Program Files (x86)\SearchprotectFolder Deleted : C:\Program Files (x86)\TidyNetworkFolder Deleted : C:\Program Files (x86)\tuguu slFolder Deleted : C:\Program Files\ConduitFolder Deleted : C:\Users\eccastillo3\AppData\Local\ConduitFolder Deleted : C:\Users\eccastillo3\AppData\Local\SearchprotectFolder Deleted : C:\Users\eccastillo3\AppData\Local\TidyNetworkFolder Deleted : C:\Users\eccastillo3\AppData\Roaming\File Type HelperFolder Deleted : C:\Users\eccastillo3\AppData\Roaming\ValueAppsFile Deleted : C:\ENDFile Deleted : C:\windows\System32\roboot64.exeFile Deleted : C:\Users\ECCAST~1\AppData\Local\Temp\Uninstall.exeFile Deleted : C:\Users\eccastillo3\AppData\Roaming\speedanalysis.icoFile Deleted : C:\windows\System32\Tasks\EPUpdater***** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [pluswinks@PlusWinks]Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [speedanalysis02@SpeedAnalysis.com]Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mocblcnaofikinigmceddfghppkkjbogKey Deleted : HKLM\SOFTWARE\Classes\AmiBs.InstallerKey Deleted : HKLM\SOFTWARE\Classes\AmiBs.Installer.1Key Deleted : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLLKey Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLLKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\speedupmypcKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{364EA597-E728-4CE4-BB4A-ED846EF47970}]Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F63AAEDC-3602-49EF-AA45-262380A98980}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\APN PIPKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\MapsGalaxy_39Key Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39Key Deleted : HKLM\Software\DomaIQKey Deleted : HKLM\Software\MapsGalaxy_39Key Deleted : HKLM\Software\PIPKey Deleted : HKLM\Software\SearchProtectKey Deleted : HKLM\Software\Uniblue\SpeedUpMyPCKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectKey Deleted : [x64] HKLM\SOFTWARE\DomaIQKey Deleted : HKLM\Software\Classes\Installer\Features\0C776EBEBCBCFBE408892EE7B12517FCKey Deleted : HKLM\Software\Classes\Installer\Products\0C776EBEBCBCFBE408892EE7B12517FC***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.16428Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]-\\ Google Chrome v32.0.1700.107[ File : C:\Users\eccastillo3\AppData\Local\Google\Chrome\User Data\Default\preferences ]Deleted : homepageDeleted : search_urlDeleted : suggest_urlDeleted : keyword*************************AdwCleaner[R0].txt - [10264 octets] - [09/02/2014 14:35:59]AdwCleaner[s0].txt - [9747 octets] - [09/02/2014 14:37:19]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [9807 octets] ########## Link to post Share on other sites More sharing options...
jonschmidt Posted February 9, 2014 Author ID:788876 Share Posted February 9, 2014 sorry for the additional [s0] log... Link to post Share on other sites More sharing options...
jeffce Posted February 9, 2014 ID:788878 Share Posted February 9, 2014 Hi, Looks like we have some work to do. ComboFix Download Combofix from either of the links below, and save it to your desktop. Link 1Link 2 **Note: It is important that it is saved directly to your desktop**If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer. -------------------------------------------------------------------- IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here -------------------------------------------------------------------- Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.When finished, it will produce a report for you.Please post the C:\ComboFix.txt for further review. Link to post Share on other sites More sharing options...
jonschmidt Posted February 10, 2014 Author ID:788930 Share Posted February 10, 2014 ComboFix 14-02-05.02 - eccastillo3 02/09/2014 21:25:42.5.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2051 [GMT -5:00]Running from: c:\users\eccastillo3\Desktop\ComboFix.exeAV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-01-10 to 2014-02-10 )))))))))))))))))))))))))))))))..2014-02-10 02:35 . 2014-02-10 02:35 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-02-10 02:35 . 2014-02-10 02:35 -------- d-----w- c:\users\Public\AppData\Local\temp2014-02-10 02:35 . 2014-02-10 02:35 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-09 19:38 . 2014-02-10 02:19 -------- d-----w- c:\programdata\boost_interprocess2014-02-09 19:35 . 2014-02-09 19:37 -------- d-----w- C:\AdwCleaner2014-02-09 14:25 . 2014-02-09 19:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-02-09 14:24 . 2014-02-09 17:19 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-02-08 18:58 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BB68302-9D0C-4CE3-BCAB-4399EB9FA10D}\mpengine.dll2014-02-08 18:46 . 2014-02-08 18:46 -------- d-----w- c:\programdata\Sophos2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe2014-02-08 18:45 . 2014-02-08 18:45 -------- d-----w- c:\program files (x86)\Sophos2014-02-04 17:19 . 2014-02-04 17:19 0 ----a-w- c:\windows\SysWow64\sho74B6.tmp2014-02-02 14:47 . 2014-02-02 14:47 0 ----a-w- c:\windows\SysWow64\shoD970.tmp2014-01-30 21:20 . 2014-01-30 21:20 0 ----a-w- c:\windows\SysWow64\sho1539.tmp2014-01-29 12:35 . 2014-01-29 12:35 0 ----a-w- c:\windows\SysWow64\shoABD8.tmp2014-01-28 02:11 . 2014-01-28 02:11 0 ----a-w- c:\windows\SysWow64\shoAF92.tmp2014-01-27 22:34 . 2014-01-27 22:34 0 ----a-w- c:\windows\SysWow64\shoAEBE.tmp2014-01-26 17:12 . 2014-01-26 17:12 -------- d-----w- c:\program files (x86)\Uninstaller2014-01-26 16:48 . 2014-01-26 16:48 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\eCyber2014-01-26 16:43 . 2014-01-26 16:43 -------- d-----w- c:\users\eccastillo3\AppData\Local\newplayer2014-01-26 16:42 . 2014-01-26 16:42 -------- d-----w- c:\windows\system32\log2014-01-26 16:42 . 2014-01-29 15:06 -------- d-----w- c:\program files (x86)\NewPlayer2014-01-26 16:42 . 2014-02-10 02:29 -------- d-----w- c:\program files (x86)\iSafe2014-01-26 16:42 . 2014-02-04 17:00 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\iSafe2014-01-18 15:36 . 2014-01-18 15:36 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\USTechSupport2014-01-18 15:36 . 2014-01-18 15:36 -------- d-----w- c:\program files (x86)\USTechSupport2014-01-18 15:36 . 2014-01-18 15:36 -------- d-----w- c:\program files (x86)\Common Files\USTechSupport2014-01-18 15:35 . 2014-01-18 15:38 -------- d-----w- c:\programdata\USTechSupport2014-01-18 15:08 . 2014-01-26 14:27 -------- d-----w- c:\users\eccastillo3\AppData\Local\LogMeIn Rescue Applet2014-01-17 23:38 . 2014-01-17 23:38 -------- d-----w- c:\users\eccastillo3\AppData\Local\TNT22014-01-17 14:13 . 2014-02-10 02:35 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\Open Download Manager2014-01-17 14:13 . 2014-01-17 14:13 -------- d-----w- c:\programdata\GorillaPrice2014-01-17 14:13 . 2014-01-17 14:13 -------- d-----w- c:\program files (x86)\GorillaPrice2014-01-17 14:12 . 2014-01-17 14:13 -------- d-----w- c:\program files (x86)\OpenDownloaderManager2014-01-16 19:03 . 2014-01-16 19:03 -------- d--h--w- c:\programdata\Common Files2014-01-15 12:01 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-15 12:01 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-15 12:01 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-15 12:01 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-15 12:01 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-15 12:01 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-15 12:01 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-15 12:01 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-15 12:01 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys2014-01-14 16:48 . 2014-02-10 02:20 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys2014-01-14 16:48 . 2014-01-14 16:48 -------- d-----w- c:\users\eccastillo3\AppData\Local\SlimWare Utilities Inc2014-01-14 16:48 . 2014-01-14 16:48 -------- d-----w- c:\program files (x86)\DriverUpdate...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-16 18:27 . 2013-04-28 13:19 86054176 ----a-w- c:\windows\system32\MRT.exe2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2013-12-17 13:48 . 2012-07-03 11:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-17 13:48 . 2011-11-03 06:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-05 11:19 . 2013-12-05 11:19 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-12-05 11:19 . 2013-12-05 11:19 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-12-05 11:19 . 2013-12-05 11:19 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-12-05 11:19 . 2013-12-05 11:19 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-12-05 11:19 . 2013-12-05 11:19 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-12-05 11:19 . 2013-12-05 11:19 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-12-05 11:19 . 2013-12-05 11:19 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-12-05 11:19 . 2013-12-05 11:19 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-12-05 11:19 . 2013-12-05 11:19 81408 ----a-w- c:\windows\system32\icardie.dll2013-12-05 11:19 . 2013-12-05 11:19 774144 ----a-w- c:\windows\system32\jscript.dll2013-12-05 11:19 . 2013-12-05 11:19 77312 ----a-w- c:\windows\system32\tdc.ocx2013-12-05 11:19 . 2013-12-05 11:19 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-12-05 11:19 . 2013-12-05 11:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-12-05 11:19 . 2013-12-05 11:19 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-12-05 11:19 . 2013-12-05 11:19 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-12-05 11:19 . 2013-12-05 11:19 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-12-05 11:19 . 2013-12-05 11:19 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-12-05 11:19 . 2013-12-05 11:19 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-12-05 11:19 . 2013-12-05 11:19 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-12-05 11:19 . 2013-12-05 11:19 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-12-05 11:19 . 2013-12-05 11:19 548352 ----a-w- c:\windows\system32\vbscript.dll2013-12-05 11:19 . 2013-12-05 11:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-12-05 11:19 . 2013-12-05 11:19 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-12-05 11:19 . 2013-12-05 11:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-12-05 11:19 . 2013-12-05 11:19 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-12-05 11:19 . 2013-12-05 11:19 48128 ----a-w- c:\windows\system32\imgutil.dll2013-12-05 11:19 . 2013-12-05 11:19 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-12-05 11:19 . 2013-12-05 11:19 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-12-05 11:19 . 2013-12-05 11:19 413696 ----a-w- c:\windows\system32\html.iec2013-12-05 11:19 . 2013-12-05 11:19 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-12-05 11:19 . 2013-12-05 11:19 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-12-05 11:19 . 2013-12-05 11:19 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-12-05 11:19 . 2013-12-05 11:19 337408 ----a-w- c:\windows\SysWow64\html.iec2013-12-05 11:19 . 2013-12-05 11:19 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-12-05 11:19 . 2013-12-05 11:19 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-12-05 11:19 . 2013-12-05 11:19 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-12-05 11:19 . 2013-12-05 11:19 247808 ----a-w- c:\windows\system32\msls31.dll2013-12-05 11:19 . 2013-12-05 11:19 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-12-05 11:19 . 2013-12-05 11:19 243200 ----a-w- c:\windows\system32\webcheck.dll2013-12-05 11:19 . 2013-12-05 11:19 235520 ----a-w- c:\windows\system32\url.dll2013-12-05 11:19 . 2013-12-05 11:19 235008 ----a-w- c:\windows\system32\elshyph.dll2013-12-05 11:19 . 2013-12-05 11:19 195584 ----a-w- c:\windows\system32\msrating.dll2013-12-05 11:19 . 2013-12-05 11:19 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-12-05 11:19 . 2013-12-05 11:19 167424 ----a-w- c:\windows\system32\iexpress.exe2013-12-05 11:19 . 2013-12-05 11:19 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-12-05 11:19 . 2013-12-05 11:19 147968 ----a-w- c:\windows\system32\occache.dll2013-12-05 11:19 . 2013-12-05 11:19 143872 ----a-w- c:\windows\system32\wextract.exe2013-12-05 11:19 . 2013-12-05 11:19 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-12-05 11:19 . 2013-12-05 11:19 13824 ----a-w- c:\windows\system32\mshta.exe2013-12-05 11:19 . 2013-12-05 11:19 135680 ----a-w- c:\windows\system32\iepeers.dll2013-12-05 11:19 . 2013-12-05 11:19 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-12-05 11:19 . 2013-12-05 11:19 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-12-05 11:19 . 2013-12-05 11:19 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-12-05 11:19 . 2013-12-05 11:19 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-12-05 11:19 . 2013-12-05 11:19 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-12-05 11:19 . 2013-12-05 11:19 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-12-05 11:19 . 2013-12-05 11:19 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-12-05 11:19 . 2013-12-05 11:19 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-12-05 11:19 . 2013-12-05 11:19 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-26 11:54 . 2013-12-12 08:01 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-12 08:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-12 08:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-12 08:01 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-12 08:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-12 08:01 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-12 08:01 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-12 08:01 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-12 08:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-12 08:01 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-12 08:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-12 08:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-12 08:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-12 08:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-12 08:00 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-12 08:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-12 08:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-12 08:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-12 08:01 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-12 08:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-12 08:01 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-12 08:01 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-12 08:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-12 08:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-12 00:24 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-12 00:24 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-11-15 17:33 . 2013-11-15 17:33 0 ----a-w- c:\windows\SysWow64\shoF758.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59}]c:\program files (x86)\TidyNetwork\petn.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}]c:\program files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll [bU].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]"Tango"="c:\program files (x86)\Tango\Tango.exe" [2011-11-04 13489992]"Open Download Manager"="c:\program files (x86)\OpenDownloaderManager\odm.exe" [2013-05-31 6369280].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 GorillaPrice;GorillaPrice;c:\program files (x86)\GorillaPrice\GorillaPrice.exe;c:\program files (x86)\GorillaPrice\GorillaPrice.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R2 WatGorp;WatGorp;c:\programdata\GorillaPrice\WatGorp.exe;c:\programdata\GorillaPrice\WatGorp.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S1 iSafeNetFilter;iSafeNetFilter;c:\program files (x86)\iSafe\iSafeNetFilter.sys;c:\program files (x86)\iSafe\iSafeNetFilter.sys [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]S2 iSafeService;iSafeService;c:\program files (x86)\iSafe\iSafeSvc.exe;c:\program files (x86)\iSafe\iSafeSvc.exe [x]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 USTSPCODiskOptimizer;USTSPCODiskOptimizer;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [x]S2 USTSScheduler;US Tech Support Scheduling Service;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [x]S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [x]S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iSafeKrnl;iSafeKrnl;c:\program files (x86)\iSafe\iSafeKrnl.sys;c:\program files (x86)\iSafe\iSafeKrnl.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-04 00:06 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 13:48].2014-02-10 c:\windows\Tasks\DriverUpdate Startup.job- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 20:26].2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34].2014-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34].2014-02-10 c:\windows\Tasks\USTSPCO-USTSPCOOneClickCare.job- c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2014-01-18 12:50]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:8080TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exeAddRemove-InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exeAddRemove-InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exeAddRemove-singalong@xenophesoft.com - c:\program files (x86)\SingAlong\uninstall.exeAddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GorillaPrice]"ImagePath"="c:\program files (x86)\GorillaPrice\GorillaPrice.exe -service"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatGorp]"ImagePath"="c:\programdata\GorillaPrice\WatGorp.exe -service".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GorillaPrice]@Denied: (A B 2 3) (Everyone)"Type"=dword:00000010"Start"=dword:00000002"ErrorControl"=dword:00000001"ImagePath"=expand:"c:\\Program Files (x86)\\GorillaPrice\\GorillaPrice.exe -service""DisplayName"="GorillaPrice""WOW64"=dword:00000001"ObjectName"="LocalSystem""Description"="This service will show you offers from GorillaPrice in a seperate window, up to 8 offers per day.".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WatGorp]@Denied: (A B 2 3) (Everyone)"Type"=dword:00000010"Start"=dword:00000002"ErrorControl"=dword:00000001"ImagePath"=expand:"c:\\ProgramData\\GorillaPrice\\WatGorp.exe -service""DisplayName"="WatGorp""WOW64"=dword:00000001"ObjectName"="LocalSystem""Description"="The service control our applications working. Updating it, if new version available. Removing it, when user want uninstall it.".Completion time: 2014-02-09 21:49:53ComboFix-quarantined-files.txt 2014-02-10 02:49ComboFix2.txt 2014-02-10 02:16.Pre-Run: 569,152,364,544 bytes freePost-Run: 569,088,897,024 bytes free.- - End Of File - - 7809F833765E982BB86E8CCB9621C005 Link to post Share on other sites More sharing options...
jeffce Posted February 10, 2014 ID:789324 Share Posted February 10, 2014 Sorry for any delay... ComboFixPlease open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:ClearJavaCache:: DDS::uProxyServer = hxxp=127.0.0.1:8080BHO: TidyNetwork: {6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59} - C:\Program Files (x86)\TidyNetwork\petn.dllBHO: ValueApps: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dllTB: MapsGalaxy: {364ea597-e728-4ce4-bb4a-ed846ef47970} -uRun: [Tango] C:\Program Files (x86)\Tango\Tango.exe -ruRun: [Open Download Manager] C:\Program Files (x86)\OpenDownloaderManager\odm.exe -autorunIE: Download all with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlall.htmIE: Download selected with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlselected.htmIE: Download video with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dlfvideo.htmIE: Download with Open Download Manager - C:\Program Files (x86)\OpenDownloaderManager\dllink.htmAppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dllx64-BHO: TidyNetwork: {6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59} - C:\Program Files (x86)\TidyNetwork\petn64.dllx64-BHO: ValueApps: {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll File::c:\program files (x86)\GorillaPrice\GorillaPrice.exe c:\programdata\GorillaPrice\WatGorp.exe Folder::c:\users\eccastillo3\AppData\Roaming\Open Download Managerc:\programdata\GorillaPricec:\program files (x86)\GorillaPrice Driver::GorillaPriceWatGorpSave this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.---------- Post the new log and let me know how your system is running. Link to post Share on other sites More sharing options...
jonschmidt Posted February 11, 2014 Author ID:789437 Share Posted February 11, 2014 ComboFix 14-02-05.02 - eccastillo3 02/10/2014 20:01:48.6.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.2451 [GMT -5:00]Running from: c:\users\eccastillo3\Desktop\ComboFix.exeCommand switches used :: c:\users\eccastillo3\Desktop\CFScript.txtAV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point.FILE ::"c:\program files (x86)\GorillaPrice\GorillaPrice.exe""c:\programdata\GorillaPrice\WatGorp.exe"..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\program files (x86)\GorillaPricec:\program files (x86)\GorillaPrice\GorillaPrice.exec:\program files (x86)\OpenDownloaderManager\dlall.htmc:\program files (x86)\OpenDownloaderManager\dlfvideo.htmc:\program files (x86)\OpenDownloaderManager\dllink.htmc:\program files (x86)\OpenDownloaderManager\dlselected.htmc:\program files (x86)\OpenDownloaderManager\odm.exec:\program files (x86)\Tango\Tango.exec:\programdata\GorillaPricec:\programdata\GorillaPrice\config.datc:\programdata\GorillaPrice\GorillaPrice.exec:\programdata\GorillaPrice\WatGorp.exec:\users\eccastillo3\AppData\Roaming\Open Download Managerc:\users\eccastillo3\AppData\Roaming\Open Download Manager\dlmgrsi.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\downloads.del.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\downloads.his.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\downloads.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\groups.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\history.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\schedules.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\sites.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\spider.savc:\users\eccastillo3\AppData\Roaming\Open Download Manager\tips.dat..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Service_GorillaPrice-------\Service_WatGorp..((((((((((((((((((((((((( Files Created from 2014-01-11 to 2014-02-11 )))))))))))))))))))))))))))))))..2014-02-11 01:12 . 2014-02-11 01:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-02-11 01:12 . 2014-02-11 01:12 -------- d-----w- c:\users\Public\AppData\Local\temp2014-02-11 01:12 . 2014-02-11 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-09 19:38 . 2014-02-11 00:45 -------- d-----w- c:\programdata\boost_interprocess2014-02-09 19:35 . 2014-02-09 19:37 -------- d-----w- C:\AdwCleaner2014-02-09 14:25 . 2014-02-09 19:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-02-09 14:24 . 2014-02-09 17:19 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-02-08 18:58 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9BB68302-9D0C-4CE3-BCAB-4399EB9FA10D}\mpengine.dll2014-02-08 18:46 . 2014-02-08 18:46 -------- d-----w- c:\programdata\Sophos2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe2014-02-08 18:45 . 2014-02-08 18:45 -------- d-----w- c:\program files (x86)\Sophos2014-02-04 17:19 . 2014-02-04 17:19 0 ----a-w- c:\windows\SysWow64\sho74B6.tmp2014-02-02 14:47 . 2014-02-02 14:47 0 ----a-w- c:\windows\SysWow64\shoD970.tmp2014-01-30 21:20 . 2014-01-30 21:20 0 ----a-w- c:\windows\SysWow64\sho1539.tmp2014-01-29 12:35 . 2014-01-29 12:35 0 ----a-w- c:\windows\SysWow64\shoABD8.tmp2014-01-28 02:11 . 2014-01-28 02:11 0 ----a-w- c:\windows\SysWow64\shoAF92.tmp2014-01-27 22:34 . 2014-01-27 22:34 0 ----a-w- c:\windows\SysWow64\shoAEBE.tmp2014-01-26 17:12 . 2014-01-26 17:12 -------- d-----w- c:\program files (x86)\Uninstaller2014-01-26 16:48 . 2014-01-26 16:48 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\eCyber2014-01-26 16:43 . 2014-01-26 16:43 -------- d-----w- c:\users\eccastillo3\AppData\Local\newplayer2014-01-26 16:42 . 2014-01-26 16:42 -------- d-----w- c:\windows\system32\log2014-01-26 16:42 . 2014-01-29 15:06 -------- d-----w- c:\program files (x86)\NewPlayer2014-01-26 16:42 . 2014-02-11 01:17 -------- d-----w- c:\program files (x86)\iSafe2014-01-26 16:42 . 2014-02-04 17:00 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\iSafe2014-01-18 15:36 . 2014-01-18 15:36 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\USTechSupport2014-01-18 15:36 . 2014-01-18 15:36 -------- d-----w- c:\program files (x86)\USTechSupport2014-01-18 15:36 . 2014-01-18 15:36 -------- d-----w- c:\program files (x86)\Common Files\USTechSupport2014-01-18 15:35 . 2014-01-18 15:38 -------- d-----w- c:\programdata\USTechSupport2014-01-18 15:08 . 2014-01-26 14:27 -------- d-----w- c:\users\eccastillo3\AppData\Local\LogMeIn Rescue Applet2014-01-17 23:38 . 2014-01-17 23:38 -------- d-----w- c:\users\eccastillo3\AppData\Local\TNT22014-01-17 14:12 . 2014-02-11 01:07 -------- d-----w- c:\program files (x86)\OpenDownloaderManager2014-01-16 19:03 . 2014-01-16 19:03 -------- d--h--w- c:\programdata\Common Files2014-01-15 12:01 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2014-01-15 12:01 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2014-01-15 12:01 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2014-01-15 12:01 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2014-01-15 12:01 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2014-01-15 12:01 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2014-01-15 12:01 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2014-01-15 12:01 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys2014-01-15 12:01 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys2014-01-14 16:48 . 2014-02-11 01:21 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys2014-01-14 16:48 . 2014-01-14 16:48 -------- d-----w- c:\users\eccastillo3\AppData\Local\SlimWare Utilities Inc2014-01-14 16:48 . 2014-01-14 16:48 -------- d-----w- c:\program files (x86)\DriverUpdate...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-01-16 18:27 . 2013-04-28 13:19 86054176 ----a-w- c:\windows\system32\MRT.exe2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2013-12-17 13:48 . 2012-07-03 11:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2013-12-17 13:48 . 2011-11-03 06:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2013-12-05 11:19 . 2013-12-05 11:19 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-12-05 11:19 . 2013-12-05 11:19 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-12-05 11:19 . 2013-12-05 11:19 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-12-05 11:19 . 2013-12-05 11:19 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-12-05 11:19 . 2013-12-05 11:19 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-12-05 11:19 . 2013-12-05 11:19 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-12-05 11:19 . 2013-12-05 11:19 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-12-05 11:19 . 2013-12-05 11:19 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-12-05 11:19 . 2013-12-05 11:19 81408 ----a-w- c:\windows\system32\icardie.dll2013-12-05 11:19 . 2013-12-05 11:19 774144 ----a-w- c:\windows\system32\jscript.dll2013-12-05 11:19 . 2013-12-05 11:19 77312 ----a-w- c:\windows\system32\tdc.ocx2013-12-05 11:19 . 2013-12-05 11:19 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-12-05 11:19 . 2013-12-05 11:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-12-05 11:19 . 2013-12-05 11:19 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-12-05 11:19 . 2013-12-05 11:19 626176 ----a-w- c:\windows\system32\msfeeds.dll2013-12-05 11:19 . 2013-12-05 11:19 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-12-05 11:19 . 2013-12-05 11:19 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-12-05 11:19 . 2013-12-05 11:19 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-12-05 11:19 . 2013-12-05 11:19 61952 ----a-w- c:\windows\SysWow64\iesetup.dll2013-12-05 11:19 . 2013-12-05 11:19 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-12-05 11:19 . 2013-12-05 11:19 548352 ----a-w- c:\windows\system32\vbscript.dll2013-12-05 11:19 . 2013-12-05 11:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-12-05 11:19 . 2013-12-05 11:19 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2013-12-05 11:19 . 2013-12-05 11:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-12-05 11:19 . 2013-12-05 11:19 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-12-05 11:19 . 2013-12-05 11:19 48128 ----a-w- c:\windows\system32\imgutil.dll2013-12-05 11:19 . 2013-12-05 11:19 454656 ----a-w- c:\windows\SysWow64\vbscript.dll2013-12-05 11:19 . 2013-12-05 11:19 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-12-05 11:19 . 2013-12-05 11:19 413696 ----a-w- c:\windows\system32\html.iec2013-12-05 11:19 . 2013-12-05 11:19 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-12-05 11:19 . 2013-12-05 11:19 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-12-05 11:19 . 2013-12-05 11:19 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-12-05 11:19 . 2013-12-05 11:19 337408 ----a-w- c:\windows\SysWow64\html.iec2013-12-05 11:19 . 2013-12-05 11:19 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-12-05 11:19 . 2013-12-05 11:19 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-12-05 11:19 . 2013-12-05 11:19 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-12-05 11:19 . 2013-12-05 11:19 247808 ----a-w- c:\windows\system32\msls31.dll2013-12-05 11:19 . 2013-12-05 11:19 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-12-05 11:19 . 2013-12-05 11:19 243200 ----a-w- c:\windows\system32\webcheck.dll2013-12-05 11:19 . 2013-12-05 11:19 235520 ----a-w- c:\windows\system32\url.dll2013-12-05 11:19 . 2013-12-05 11:19 235008 ----a-w- c:\windows\system32\elshyph.dll2013-12-05 11:19 . 2013-12-05 11:19 195584 ----a-w- c:\windows\system32\msrating.dll2013-12-05 11:19 . 2013-12-05 11:19 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-12-05 11:19 . 2013-12-05 11:19 167424 ----a-w- c:\windows\system32\iexpress.exe2013-12-05 11:19 . 2013-12-05 11:19 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-12-05 11:19 . 2013-12-05 11:19 147968 ----a-w- c:\windows\system32\occache.dll2013-12-05 11:19 . 2013-12-05 11:19 143872 ----a-w- c:\windows\system32\wextract.exe2013-12-05 11:19 . 2013-12-05 11:19 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-12-05 11:19 . 2013-12-05 11:19 13824 ----a-w- c:\windows\system32\mshta.exe2013-12-05 11:19 . 2013-12-05 11:19 135680 ----a-w- c:\windows\system32\iepeers.dll2013-12-05 11:19 . 2013-12-05 11:19 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-12-05 11:19 . 2013-12-05 11:19 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-12-05 11:19 . 2013-12-05 11:19 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-12-05 11:19 . 2013-12-05 11:19 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-12-05 11:19 . 2013-12-05 11:19 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe2013-12-05 11:19 . 2013-12-05 11:19 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-12-05 11:19 . 2013-12-05 11:19 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-12-05 11:19 . 2013-12-05 11:19 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-12-05 11:19 . 2013-12-05 11:19 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-26 11:54 . 2013-12-12 08:01 23183360 ----a-w- c:\windows\system32\mshtml.dll2013-11-26 10:19 . 2013-12-12 08:01 2724864 ----a-w- c:\windows\system32\mshtml.tlb2013-11-26 10:18 . 2013-12-12 08:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2013-11-26 09:48 . 2013-12-12 08:01 66048 ----a-w- c:\windows\system32\iesetup.dll2013-11-26 09:46 . 2013-12-12 08:01 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2013-11-26 09:41 . 2013-12-12 08:01 2764288 ----a-w- c:\windows\system32\iertutil.dll2013-11-26 09:29 . 2013-12-12 08:01 53760 ----a-w- c:\windows\system32\jsproxy.dll2013-11-26 09:27 . 2013-12-12 08:01 33792 ----a-w- c:\windows\system32\iernonce.dll2013-11-26 09:23 . 2013-12-12 08:01 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2013-11-26 09:21 . 2013-12-12 08:01 574976 ----a-w- c:\windows\system32\ieui.dll2013-11-26 09:18 . 2013-12-12 08:01 139264 ----a-w- c:\windows\system32\ieUnatt.exe2013-11-26 09:18 . 2013-12-12 08:01 111616 ----a-w- c:\windows\system32\ieetwcollector.exe2013-11-26 09:16 . 2013-12-12 08:01 708608 ----a-w- c:\windows\system32\jscript9diag.dll2013-11-26 08:57 . 2013-12-12 08:01 218624 ----a-w- c:\windows\system32\ie4uinit.exe2013-11-26 08:35 . 2013-12-12 08:00 5769216 ----a-w- c:\windows\system32\jscript9.dll2013-11-26 08:28 . 2013-12-12 08:01 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll2013-11-26 08:16 . 2013-12-12 08:00 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll2013-11-26 08:02 . 2013-12-12 08:01 1995264 ----a-w- c:\windows\system32\inetcpl.cpl2013-11-26 07:48 . 2013-12-12 08:01 12996608 ----a-w- c:\windows\system32\ieframe.dll2013-11-26 07:32 . 2013-12-12 08:01 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl2013-11-26 07:07 . 2013-12-12 08:01 2334208 ----a-w- c:\windows\system32\wininet.dll2013-11-26 06:40 . 2013-12-12 08:01 1395200 ----a-w- c:\windows\system32\urlmon.dll2013-11-26 06:34 . 2013-12-12 08:01 817664 ----a-w- c:\windows\system32\ieapfltr.dll2013-11-26 06:33 . 2013-12-12 08:01 1820160 ----a-w- c:\windows\SysWow64\wininet.dll2013-11-23 18:26 . 2013-12-12 00:24 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll2013-11-23 17:47 . 2013-12-12 00:24 465920 ----a-w- c:\windows\system32\WMPhoto.dll2013-11-15 17:33 . 2013-11-15 17:33 0 ----a-w- c:\windows\SysWow64\shoF758.tmp..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59}]c:\program files (x86)\TidyNetwork\petn.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}]c:\program files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll [bU].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S1 iSafeNetFilter;iSafeNetFilter;c:\program files (x86)\iSafe\iSafeNetFilter.sys;c:\program files (x86)\iSafe\iSafeNetFilter.sys [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]S2 iSafeService;iSafeService;c:\program files (x86)\iSafe\iSafeSvc.exe;c:\program files (x86)\iSafe\iSafeSvc.exe [x]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 USTSPCODiskOptimizer;USTSPCODiskOptimizer;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [x]S2 USTSScheduler;US Tech Support Scheduling Service;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [x]S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [x]S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iSafeKrnl;iSafeKrnl;c:\program files (x86)\iSafe\iSafeKrnl.sys;c:\program files (x86)\iSafe\iSafeKrnl.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-04 00:06 1211720 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-11 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 13:48].2014-02-11 c:\windows\Tasks\DriverUpdate Startup.job- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 20:26].2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34].2014-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34].2014-02-11 c:\windows\Tasks\USTSPCO-USTSPCOOneClickCare.job- c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2014-01-18 12:50]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>uInternet Settings,ProxyServer = http=127.0.0.1:8080TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exeAddRemove-InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exeAddRemove-InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exeAddRemove-singalong@xenophesoft.com - c:\program files (x86)\SingAlong\uninstall.exeAddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\iSafe\iSafeSvc2.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2014-02-10 20:47:19 - machine was rebootedComboFix-quarantined-files.txt 2014-02-11 01:47ComboFix2.txt 2014-02-10 02:16.Pre-Run: 570,487,922,688 bytes freePost-Run: 569,878,626,304 bytes free.- - End Of File - - 226DB2A1BA7241CAC6346355235901E8 Link to post Share on other sites More sharing options...
jonschmidt Posted February 11, 2014 Author ID:789464 Share Posted February 11, 2014 Sorry for any delay... ComboFixPlease open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.---------- Post the new log and let me know how your system is running. had to manually delete some programs I didn't recognize, rebooted and they seem to have been uninstalled [they didn't come back]i wasn't able to update malwarebytes anti-malware program previously, but now was successful and is running the latest database. thanks. Link to post Share on other sites More sharing options...
jeffce Posted February 11, 2014 ID:789502 Share Posted February 11, 2014 Good.....I just returned from class, but there is still some work to do on your system. I have to get some homework complete but will have more instructions in the morning. Thanks for your patience. Link to post Share on other sites More sharing options...
jeffce Posted February 12, 2014 ID:790049 Share Posted February 12, 2014 Sorry for any delay.... I want to get a look at a file before we continue: Please go to: VirusTotalOn the page you'll find a "Choose File" button.Click on the Choose File button.In the Choose File to Upload window which opens, copy and paste this into the File Name box. c:\windows\SysWow64\shoF758.tmp Next, click the Open button.Then click the "Scan It!" button just below.This will scan the file. Please be patient.If you get a message saying File has already been analyzed: click Reanalyze file nowOnce scanned, copy and paste the link to the results page in your next reply.---------- Link to post Share on other sites More sharing options...
jonschmidt Posted February 13, 2014 Author ID:790466 Share Posted February 13, 2014 Sorry for any delay.... I want to get a look at a file before we continue: Please go to: VirusTotalOn the page you'll find a "Choose File" button.Click on the Choose File button.In the Choose File to Upload window which opens, copy and paste this into the File Name box. c:\windows\SysWow64\shoF758.tmp Next, click the Open button.Then click the "Scan It!" button just below.This will scan the file. Please be patient.If you get a message saying File has already been analyzed: click Reanalyze file nowOnce scanned, copy and paste the link to the results page in your next reply.---------- hope I did this part right -https://www.virustotal.com/en/file/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855/analysis/1392261503/ Link to post Share on other sites More sharing options...
jeffce Posted February 13, 2014 ID:790565 Share Posted February 13, 2014 That was perfect....thanks! ComboFixPlease open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:ClearJavaCache:: DDS::uInternet Settings,ProxyServer = http=127.0.0.1:8080 Folder::c:\program files (x86)\TidyNetworkc:\program files (x86)\Conduit Registry::[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59}][-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}]Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.ComboFix may request an update; please allow it.ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.---------- Post the new ComboFix log and let me know how your system is running. Link to post Share on other sites More sharing options...
jeffce Posted February 15, 2014 ID:791628 Share Posted February 15, 2014 Still here? Link to post Share on other sites More sharing options...
jonschmidt Posted February 17, 2014 Author ID:792297 Share Posted February 17, 2014 Sorry, I am. Away for the holiday weekend.Back tomorrow night to complete the task!! Link to post Share on other sites More sharing options...
jeffce Posted February 17, 2014 ID:792454 Share Posted February 17, 2014 Ok Link to post Share on other sites More sharing options...
jeffce Posted February 19, 2014 ID:793819 Share Posted February 19, 2014 Still need help? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted February 21, 2014 Root Admin ID:794582 Share Posted February 21, 2014 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
jeffce Posted February 22, 2014 ID:795173 Share Posted February 22, 2014 Since this topic has been reopened....please follow the instructions from post 16. Link to post Share on other sites More sharing options...
jonschmidt Posted February 23, 2014 Author ID:795440 Share Posted February 23, 2014 ComboFix 14-02-23.01 - eccastillo3 02/23/2014 9:17.7.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4044.1962 [GMT -5:00]Running from: E:\ComboFix.exeCommand switches used :: c:\users\eccastillo3\Desktop\CFScript.txtAV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2014-01-23 to 2014-02-23 )))))))))))))))))))))))))))))))..2014-02-23 14:27 . 2014-02-23 14:27 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp2014-02-23 14:27 . 2014-02-23 14:27 -------- d-----w- c:\users\Public\AppData\Local\temp2014-02-23 14:27 . 2014-02-23 14:27 -------- d-----w- c:\users\Default\AppData\Local\temp2014-02-22 00:51 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2CEB6B05-1C03-4932-9C7B-842952DD3AC1}\mpengine.dll2014-02-12 03:30 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll2014-02-09 19:38 . 2014-02-11 00:45 -------- d-----w- c:\programdata\boost_interprocess2014-02-09 19:35 . 2014-02-09 19:37 -------- d-----w- C:\AdwCleaner2014-02-09 14:25 . 2014-02-09 19:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)2014-02-09 14:24 . 2014-02-09 17:19 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-02-08 18:46 . 2014-02-08 18:46 -------- d-----w- c:\programdata\Sophos2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe2014-02-08 18:45 . 2014-02-08 18:45 73728 ----a-r- c:\users\eccastillo3\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe2014-02-08 18:45 . 2014-02-08 18:45 -------- d-----w- c:\program files (x86)\Sophos2014-02-04 17:19 . 2014-02-04 17:19 0 ----a-w- c:\windows\SysWow64\sho74B6.tmp2014-02-02 14:47 . 2014-02-02 14:47 0 ----a-w- c:\windows\SysWow64\shoD970.tmp2014-01-30 21:20 . 2014-01-30 21:20 0 ----a-w- c:\windows\SysWow64\sho1539.tmp2014-01-29 12:35 . 2014-01-29 12:35 0 ----a-w- c:\windows\SysWow64\shoABD8.tmp2014-01-28 02:11 . 2014-01-28 02:11 0 ----a-w- c:\windows\SysWow64\shoAF92.tmp2014-01-27 22:34 . 2014-01-27 22:34 0 ----a-w- c:\windows\SysWow64\shoAEBE.tmp2014-01-26 17:12 . 2014-01-26 17:12 -------- d-----w- c:\program files (x86)\Uninstaller2014-01-26 16:48 . 2014-01-26 16:48 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\eCyber2014-01-26 16:43 . 2014-01-26 16:43 -------- d-----w- c:\users\eccastillo3\AppData\Local\newplayer2014-01-26 16:42 . 2014-01-26 16:42 -------- d-----w- c:\windows\system32\log2014-01-26 16:42 . 2014-01-29 15:06 -------- d-----w- c:\program files (x86)\NewPlayer2014-01-26 16:42 . 2014-02-04 17:00 -------- d-----w- c:\users\eccastillo3\AppData\Roaming\iSafe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2014-02-23 14:12 . 2014-01-14 16:48 16152 ----a-w- c:\windows\system32\drivers\SWDUMon.sys2014-02-22 03:22 . 2012-07-03 11:30 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2014-02-22 03:22 . 2011-11-03 06:12 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-22 01:03 . 2013-04-28 13:19 88567024 ----a-w- c:\windows\system32\MRT.exe2013-12-18 11:13 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe2013-12-05 11:19 . 2013-12-05 11:19 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2013-12-05 11:19 . 2013-12-05 11:19 194048 ----a-w- c:\windows\SysWow64\elshyph.dll2013-12-05 11:19 . 2013-12-05 11:19 942592 ----a-w- c:\windows\system32\jsIntl.dll2013-12-05 11:19 . 2013-12-05 11:19 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe2013-12-05 11:19 . 2013-12-05 11:19 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll2013-12-05 11:19 . 2013-12-05 11:19 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe2013-12-05 11:19 . 2013-12-05 11:19 84992 ----a-w- c:\windows\system32\mshtmled.dll2013-12-05 11:19 . 2013-12-05 11:19 83968 ----a-w- c:\windows\system32\MshtmlDac.dll2013-12-05 11:19 . 2013-12-05 11:19 81408 ----a-w- c:\windows\system32\icardie.dll2013-12-05 11:19 . 2013-12-05 11:19 774144 ----a-w- c:\windows\system32\jscript.dll2013-12-05 11:19 . 2013-12-05 11:19 77312 ----a-w- c:\windows\system32\tdc.ocx2013-12-05 11:19 . 2013-12-05 11:19 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe2013-12-05 11:19 . 2013-12-05 11:19 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe2013-12-05 11:19 . 2013-12-05 11:19 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll2013-12-05 11:19 . 2013-12-05 11:19 62464 ----a-w- c:\windows\SysWow64\tdc.ocx2013-12-05 11:19 . 2013-12-05 11:19 62464 ----a-w- c:\windows\system32\pngfilt.dll2013-12-05 11:19 . 2013-12-05 11:19 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2013-12-05 11:19 . 2013-12-05 11:19 616104 ----a-w- c:\windows\system32\ieapfltr.dat2013-12-05 11:19 . 2013-12-05 11:19 52224 ----a-w- c:\windows\system32\msfeedsbs.dll2013-12-05 11:19 . 2013-12-05 11:19 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll2013-12-05 11:19 . 2013-12-05 11:19 48640 ----a-w- c:\windows\system32\mshtmler.dll2013-12-05 11:19 . 2013-12-05 11:19 48128 ----a-w- c:\windows\system32\imgutil.dll2013-12-05 11:19 . 2013-12-05 11:19 453120 ----a-w- c:\windows\system32\dxtmsft.dll2013-12-05 11:19 . 2013-12-05 11:19 413696 ----a-w- c:\windows\system32\html.iec2013-12-05 11:19 . 2013-12-05 11:19 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2013-12-05 11:19 . 2013-12-05 11:19 36352 ----a-w- c:\windows\SysWow64\imgutil.dll2013-12-05 11:19 . 2013-12-05 11:19 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2013-12-05 11:19 . 2013-12-05 11:19 337408 ----a-w- c:\windows\SysWow64\html.iec2013-12-05 11:19 . 2013-12-05 11:19 30208 ----a-w- c:\windows\system32\licmgr10.dll2013-12-05 11:19 . 2013-12-05 11:19 296960 ----a-w- c:\windows\system32\dxtrans.dll2013-12-05 11:19 . 2013-12-05 11:19 263376 ----a-w- c:\windows\system32\iedkcs32.dll2013-12-05 11:19 . 2013-12-05 11:19 247808 ----a-w- c:\windows\system32\msls31.dll2013-12-05 11:19 . 2013-12-05 11:19 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll2013-12-05 11:19 . 2013-12-05 11:19 243200 ----a-w- c:\windows\system32\webcheck.dll2013-12-05 11:19 . 2013-12-05 11:19 235520 ----a-w- c:\windows\system32\url.dll2013-12-05 11:19 . 2013-12-05 11:19 235008 ----a-w- c:\windows\system32\elshyph.dll2013-12-05 11:19 . 2013-12-05 11:19 182272 ----a-w- c:\windows\SysWow64\msls31.dll2013-12-05 11:19 . 2013-12-05 11:19 167424 ----a-w- c:\windows\system32\iexpress.exe2013-12-05 11:19 . 2013-12-05 11:19 151552 ----a-w- c:\windows\SysWow64\iexpress.exe2013-12-05 11:19 . 2013-12-05 11:19 147968 ----a-w- c:\windows\system32\occache.dll2013-12-05 11:19 . 2013-12-05 11:19 143872 ----a-w- c:\windows\system32\wextract.exe2013-12-05 11:19 . 2013-12-05 11:19 139264 ----a-w- c:\windows\SysWow64\wextract.exe2013-12-05 11:19 . 2013-12-05 11:19 13824 ----a-w- c:\windows\system32\mshta.exe2013-12-05 11:19 . 2013-12-05 11:19 135680 ----a-w- c:\windows\system32\iepeers.dll2013-12-05 11:19 . 2013-12-05 11:19 13312 ----a-w- c:\windows\SysWow64\mshta.exe2013-12-05 11:19 . 2013-12-05 11:19 13312 ----a-w- c:\windows\system32\msfeedssync.exe2013-12-05 11:19 . 2013-12-05 11:19 131072 ----a-w- c:\windows\system32\IEAdvpack.dll2013-12-05 11:19 . 2013-12-05 11:19 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll2013-12-05 11:19 . 2013-12-05 11:19 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll2013-12-05 11:19 . 2013-12-05 11:19 105984 ----a-w- c:\windows\system32\iesysprep.dll2013-12-05 11:19 . 2013-12-05 11:19 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2013-12-05 11:19 . 2013-12-05 11:19 101376 ----a-w- c:\windows\system32\inseng.dll2013-11-27 01:41 . 2014-01-15 12:01 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys2013-11-27 01:41 . 2014-01-15 12:01 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys2013-11-27 01:41 . 2014-01-15 12:01 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys2013-11-27 01:41 . 2014-01-15 12:01 325120 ----a-w- c:\windows\system32\drivers\usbport.sys2013-11-27 01:41 . 2014-01-15 12:01 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys2013-11-27 01:41 . 2014-01-15 12:01 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys2013-11-27 01:41 . 2014-01-15 12:01 7808 ----a-w- c:\windows\system32\drivers\usbd.sys2013-11-26 11:40 . 2014-01-15 12:01 376768 ----a-w- c:\windows\system32\drivers\netio.sys2013-11-26 10:32 . 2014-01-15 12:01 3156480 ----a-w- c:\windows\system32\win32k.sys..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{6FEB2922-CCF7-3EB5-FC79-21F7EAA27D59}]c:\program files (x86)\TidyNetwork\petn.dll [bU].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{93DBF2BB-A2B3-4683-A92E-57E60751F346}]c:\program files (x86)\Conduit\ValueApps\IE\ValueAppsLoader.dll [bU].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-13 103768].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]"LoadAppInit_DLLs"=1 (0x1).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys;c:\windows\SYSNATIVE\DRIVERS\revoflt.sys [x]R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]R3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys;c:\windows\SYSNATIVE\Drivers\RTSUVSTOR.sys [x]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe [x]S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe;c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [x]S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe;c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S2 USTSScheduler;US Tech Support Scheduling Service;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [x]S3 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120507.001\BHDrvx64.sys [x]S3 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309010.00E\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\ccSetx64.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120511.001\IDSvia64.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309010.00E\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMDS64.SYS [x]S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309010.00E\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\SYMEFA64.SYS [x]S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309010.00E\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1309010.00E\Ironx64.SYS [x]S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309010.00E\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1309010.00E\SYMNETS.SYS [x]S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]..[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]2014-02-22 02:46 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe.Contents of the 'Scheduled Tasks' folder.2014-02-23 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 03:22].2014-02-23 c:\windows\Tasks\DriverUpdate Startup.job- c:\program files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22 20:26].2014-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34].2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-21 01:34]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-09 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-09 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-09 416024]"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [bU]"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [bU]"TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [bU]"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2011-03-25 310912]"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2011-07-01 562304]"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [bU]"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [bU]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [bU]"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [bU].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)AddRemove-Activeris AntiMalware_is1 - c:\program files (x86)\Activeris AntiMalware\unins000.exeAddRemove-Adobe AIR - c:\program files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exeAddRemove-InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exeAddRemove-InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} - c:\progra~2\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exeAddRemove-singalong@xenophesoft.com - c:\program files (x86)\SingAlong\uninstall.exeAddRemove-verizontb - c:\program files (x86)\verizontb\uninstall.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1"--.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCCUJobMgr]"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.12".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]@Denied: (A 2) (Everyone)@="IFlashBroker5".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2014-02-23 09:38:32ComboFix-quarantined-files.txt 2014-02-23 14:38ComboFix2.txt 2014-02-11 01:47ComboFix3.txt 2014-02-10 02:16.Pre-Run: 567,979,634,688 bytes freePost-Run: 567,955,505,152 bytes free.- - End Of File - - 65DD8805E4C4D34C066861BB0D329982 Link to post Share on other sites More sharing options...
jeffce Posted February 23, 2014 ID:795503 Share Posted February 23, 2014 and let me know how your system is running. Link to post Share on other sites More sharing options...
jeffce Posted February 26, 2014 ID:796475 Share Posted February 26, 2014 Still here? Link to post Share on other sites More sharing options...
Recommended Posts