Jump to content

Multiple PUPs


Recommended Posts

Helping a friend clear his computer.  Malwarebtyes scan shows multiple infections. 

 

Log files follow:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by smendez (administrator) on SMENDEZ-PC on 05-10-2014 12:37:30
Running from C:\Users\smendez\Desktop
Loaded Profile: smendez (Available profiles: smendez)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Bandoo Media Inc.) C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrUI.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\Run: [Google Update] => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-11] (Google Inc.)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-11] (Google Inc.)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-27] (Microsoft Corporation)
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-400&v=a13203-110&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL = 
SearchScopes: HKCU - {1A7B1A5C-C687-45A0-B176-258D0C94DD0D} URL = 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Search-Results Toolbar -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\smendez\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-03]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-29]
 
Chrome: 
=======
CHR Profile: C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-11]
CHR Extension: (Google Search) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-11]
CHR Extension: (Gay Male Tube - Free Porn Videos & Movies) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddgoenajdgpceggmohcjopejeaggldbl [2013-02-05]
CHR Extension: (Kindle Cloud Reader) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-04-17]
CHR Extension: (Norton Identity Safe) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-11]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3573248 2014-06-30] (Bandoo Media Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140912.003\BHDrvx64.sys [1586904 2014-09-12] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [688128 2009-08-18] (Conexant Systems Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-02] (Symantec Corporation)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg [41848 2014-06-30] (Bandoo Media Inc.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141003.001\IDSvia64.sys [633560 2014-10-02] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141004.016\ENG64.SYS [129752 2014-10-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141004.016\EX64.SYS [2137304 2014-10-02] (Symantec Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 12:37 - 2014-10-05 12:38 - 00024587 _____ () C:\Users\smendez\Desktop\FRST.txt
2014-10-05 12:37 - 2014-10-05 12:37 - 00000000 ____D () C:\FRST
2014-10-05 12:36 - 2014-10-05 12:36 - 02109440 _____ (Farbar) C:\Users\smendez\Desktop\FRST64.exe
2014-10-05 11:47 - 2014-10-05 11:47 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-05 11:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-05 11:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-05 11:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-05 11:42 - 2014-10-05 11:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\smendez\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 11:19 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-03 11:19 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-03 11:19 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-03 11:19 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-03 11:19 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-03 11:19 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-03 11:19 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-03 11:19 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-03 11:19 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-03 11:19 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-03 11:19 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-03 11:19 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-03 11:19 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-03 11:19 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-03 11:19 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-03 11:19 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-03 11:19 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-03 11:19 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-03 11:19 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-03 11:19 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-03 11:19 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-03 11:19 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-03 11:19 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-03 11:19 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-03 11:19 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-03 11:19 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-03 11:19 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-03 11:19 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-03 11:19 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-03 11:19 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-03 11:19 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-03 11:19 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-03 11:19 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-03 11:19 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-03 11:19 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-03 11:19 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-03 11:19 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-03 11:19 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-03 11:19 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-03 11:19 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-03 11:19 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-03 11:19 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-03 11:19 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-03 11:19 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-03 11:19 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-03 11:19 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-03 11:19 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-03 11:19 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-03 11:19 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-03 11:19 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-03 11:19 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-03 11:19 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-03 11:19 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-03 11:19 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-03 11:19 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-03 11:19 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-03 10:50 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-10-03 10:50 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-10-03 10:47 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-10-03 10:47 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-10-03 10:47 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-10-03 10:47 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-10-03 10:47 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-10-03 10:47 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-10-03 10:47 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-10-03 10:47 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-10-03 10:38 - 2014-10-03 10:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-10-03 10:38 - 2014-10-03 10:39 - 00001985 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-10-03 09:59 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-10-03 09:59 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-10-03 09:58 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-03 09:58 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-10-03 09:58 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-10-03 09:58 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-10-03 09:58 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-03 09:58 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-03 09:56 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-03 09:56 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-03 09:56 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-10-03 09:56 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-10-03 09:56 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-03 09:56 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-10-03 09:56 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-10-03 09:56 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-10-03 09:56 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-10-03 09:56 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-10-03 09:52 - 2014-10-03 09:52 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-10-03 09:47 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-10-03 09:47 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-10-03 09:47 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-03 09:47 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-03 09:47 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-10-03 09:43 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-10-03 09:42 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-10-03 09:42 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-10-03 09:20 - 2014-10-03 09:20 - 00000000 __SHD () C:\Users\smendez\AppData\Local\EmieUserList
2014-10-03 09:20 - 2014-10-03 09:20 - 00000000 __SHD () C:\Users\smendez\AppData\Local\EmieSiteList
2014-10-03 09:13 - 2014-10-03 09:14 - 00000000 ____D () C:\Users\smendez\Documents\Desktop Files
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 12:38 - 2014-07-01 07:40 - 00000000 ____D () C:\ProgramData\Datamngr
2014-10-05 12:36 - 2014-04-24 17:57 - 00000574 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000.job
2014-10-05 11:45 - 2012-02-11 19:53 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 11:42 - 2012-02-11 19:50 - 00000916 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA.job
2014-10-05 11:41 - 2012-02-11 19:21 - 01391168 _____ () C:\windows\WindowsUpdate.log
2014-10-05 11:38 - 2012-02-11 19:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-05 11:28 - 2012-02-11 19:53 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-05 11:28 - 2012-02-11 19:50 - 00000864 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core.job
2014-10-05 11:28 - 2009-07-13 23:51 - 00428838 _____ () C:\windows\setupact.log
2014-10-04 12:51 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 12:51 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-03 12:07 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-03 12:06 - 2009-07-13 23:45 - 00418360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-03 12:05 - 2012-02-11 20:16 - 00925640 _____ () C:\windows\PFRO.log
2014-10-03 12:01 - 2014-05-07 08:36 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-03 12:01 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-03 11:05 - 2014-02-26 09:00 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-03 11:05 - 2009-07-14 00:13 - 00775124 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-03 11:01 - 2013-07-14 07:55 - 00000000 ____D () C:\windows\system32\MRT
2014-10-03 10:38 - 2009-11-11 21:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-03 10:37 - 2012-03-24 17:13 - 00000000 ____D () C:\Users\smendez\AppData\Local\Adobe
2014-10-03 10:23 - 2012-02-11 20:00 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-03 10:23 - 2012-02-11 20:00 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-10-03 10:23 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-03 10:18 - 2012-02-11 20:05 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation
2014-10-03 10:18 - 2009-11-11 20:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-03 10:18 - 2009-11-11 20:56 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-10-03 10:18 - 2009-11-11 20:54 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-10-03 10:12 - 2012-02-11 19:53 - 00002347 _____ () C:\Users\smendez\Desktop\Google Chrome.lnk
2014-10-03 10:10 - 2012-11-28 10:39 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 10:00 - 2012-08-27 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-03 09:50 - 2013-12-29 09:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-03 09:50 - 2012-08-01 18:22 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-10-03 09:50 - 2012-08-01 18:22 - 00002330 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-03 09:50 - 2012-08-01 18:21 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-10-03 09:23 - 2012-02-11 18:56 - 00000000 ____D () C:\Users\smendez\AppData\Local\Google
2014-10-03 09:19 - 2012-11-28 10:40 - 00000000 ____D () C:\Users\smendez\AppData\Roaming\Skype
2014-10-03 09:09 - 2012-02-19 16:49 - 00000000 ____D () C:\Users\smendez\Documents\My Files
 
Some content of TEMP:
====================
C:\Users\smendez\AppData\Local\Temp\msvcp110.dll
C:\Users\smendez\AppData\Local\Temp\msvcr110.dll
C:\Users\smendez\AppData\Local\Temp\ose00000.exe
C:\Users\smendez\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\smendez\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-22 09:09
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by smendez at 2014-10-05 12:39:02
Running from C:\Users\smendez\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccompanEase (HKLM-x32\...\AccompanEase) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{15BEAEBD-74D6-C40A-0089-5BFD0E689BFE}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2238.38827 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.12.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.16.61 - Conexant)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.0.1555 (HKCU\...\GoToMeeting) (Version: 6.4.0.1555 - CitrixOnline)
iLivid (HKLM-x32\...\iLivid) (Version: 4.0.0.2717 - Bandoo Media Inc) <==== ATTENTION
Java 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Search-Results Toolbar (HKLM-x32\...\ilividtoolbargaw) (Version: 1.2.0.0 - APN LLC) <==== ATTENTION
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.1.2.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.5.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version:  - )
TOSHIBA Hardware Setup (Version: 4.01.01.00 - TOSHIBA) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.3 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.3 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.5.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version:  - )
TOSHIBA Supervisor Password (Version: 4.01.01.00 - TOSHIBA) Hidden
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
12-08-2014 12:48:02 Windows Update
13-08-2014 12:25:54 Windows Update
03-10-2014 15:09:46 Removed Skype™ 6.16
03-10-2014 15:18:32 Removed Skype Launcher
03-10-2014 15:20:56 Removed Skype Click to Call
03-10-2014 15:26:40 PC Decrapifier Restore Point
03-10-2014 15:45:04 Windows Update
04-10-2014 16:12:40 Windows Update
05-10-2014 16:28:54 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {24FA618A-3764-43B6-ACDE-0F5EB56C13B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {266F4053-BE2C-4739-AD8C-5BF2B59763B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {3DF3A766-7047-47DB-8BB7-BFB0B3232892} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {6FF56F50-CE38-4AEF-97FA-4B49FB4FBC91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {B16A6D6D-99EB-4FE6-970B-15DF3CA395B3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B29644DB-4033-40A6-B611-73B0CFF64893} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C8D6AA17-B648-4B3D-9919-54BF0C521775} - System32\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000 => C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1555\g2mupdate.exe [2014-08-13] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {CE84E498-1741-4495-B595-CCDF2F42FE18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {D5CF2876-BF86-4DF5-A45C-C07BBDDBCE33} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000.job => C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1555\g2mupdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core.job => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA.job => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-07-01 07:40 - 2014-06-30 04:50 - 00662528 ____N () C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\apcrtldr.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-11 20:57 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-05-04 13:45 - 2009-05-04 13:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-02-11 19:40 - 2012-02-11 19:40 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-09-17 18:41 - 2009-09-17 18:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-07-01 07:40 - 2014-06-30 04:50 - 00019456 _____ () C:\Program Files (x86)\Movies Toolbar\Datamngr\mgrldr.dll
2014-07-01 07:40 - 2014-06-30 04:50 - 00488448 ____N () C:\Program Files (x86)\Movies Toolbar\Datamngr\apcrtldr.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-03 12:16 - 2014-10-03 12:16 - 00098816 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32api.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00110080 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\pywintypes27.dll
2014-10-03 12:16 - 2014-10-03 12:16 - 00364544 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\pythoncom27.dll
2014-10-03 12:16 - 2014-10-03 12:16 - 00045568 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\_socket.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 01160704 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\_ssl.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00320512 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32com.shell.shell.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00713216 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\_hashlib.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 01175040 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._core_.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00805888 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._gdi_.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00811008 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._windows_.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 01062400 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._controls_.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00735232 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._misc_.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00128512 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\_elementtree.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00127488 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\pyexpat.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00557056 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\pysqlite2._sqlite.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00007168 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\hashobjs_ext.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00087552 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\_ctypes.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00119808 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32file.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00108544 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32security.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00018432 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32event.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00038912 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32inet.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00070656 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._html2.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00167936 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32gui.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00011264 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32crypt.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00027136 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\_multiprocessing.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00686080 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\unicodedata.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00122368 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._wizard.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00010240 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\select.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00024064 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32pipe.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00025600 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32pdh.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00525640 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\windows._lib_cacheinvalidation.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00035840 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32process.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00017408 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32profile.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00022528 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\win32ts.pyd
2014-10-03 12:16 - 2014-10-03 12:16 - 00078336 _____ () C:\Users\smendez\AppData\Local\Temp\_MEI37522\wx._animate.pyd
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-972666469-1660125299-2285417380-500 - Administrator - Disabled)
Guest (S-1-5-21-972666469-1660125299-2285417380-501 - Limited - Disabled)
smendez (S-1-5-21-972666469-1660125299-2285417380-1000 - Administrator - Enabled) => C:\Users\smendez
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/05/2014 11:38:59 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/04/2014 11:22:52 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/04/2014 11:22:46 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: MCESidebarCtrl, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005
 
Error: (10/04/2014 11:22:38 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005
 
Error: (10/04/2014 11:22:31 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.MediaCenter.iTv, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
 
Error: (10/04/2014 11:22:29 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Mcx2Dvcs, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005
 
Error: (10/03/2014 11:17:38 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/13/2014 07:39:05 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/12/2014 07:58:52 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (08/11/2014 08:23:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (10/05/2014 11:40:14 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
 
Error: (10/05/2014 11:28:34 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/04/2014 11:25:42 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
 
Error: (10/04/2014 11:11:57 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/03/2014 00:07:13 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/03/2014 00:06:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/03/2014 00:06:43 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (10/03/2014 11:17:44 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
 
Error: (10/03/2014 11:03:45 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053MSIServer{000C101C-0000-0000-C000-000000000046}
 
Error: (10/03/2014 11:03:45 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Installer service failed to start due to the following error: 
%%1053
 
 
Microsoft Office Sessions:
=========================
Error: (10/05/2014 11:38:59 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (10/04/2014 11:22:52 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (10/04/2014 11:22:46 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: MCESidebarCtrl, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 
MCESidebarCtrl, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil
 
Error: (10/04/2014 11:22:38 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil . Error code = 0x80070005 
EventViewer, Version=6.1.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil
 
Error: (10/04/2014 11:22:31 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Microsoft.MediaCenter.iTv, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005 
Microsoft.MediaCenter.iTv, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (10/04/2014 11:22:29 AM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to compile: Mcx2Dvcs, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35 . Error code = 0x80070005 
Mcx2Dvcs, Version=6.1.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
 
Error: (10/03/2014 11:17:38 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (08/13/2014 07:39:05 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (08/12/2014 07:58:52 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (08/11/2014 08:23:24 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion Neo X2 Dual Core Processor L625
Percentage of memory in use: 47%
Total physical RAM: 3838.36 MB
Available physical RAM: 1996.12 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5657.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (TI105238W0E) (Fixed) (Total:287.73 GB) (Free:203 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 83BAAE1E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=17)
 
==================== End Of Log ============================

 

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.

If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Link to post
Share on other sites

Thank you for your response and assistance.  Here is the contents of fixlog.txt

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by smendez at 2014-10-09 08:48:24 Run:1
Running from C:\Users\smendez\Desktop
Loaded Profile: smendez (Available profiles: smendez)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\bpsvc.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
IFEO\jumpflip: [Debugger] tasklist.exe
IFEO\protectedsearch.exe: [Debugger] tasklist.exe
IFEO\searchinstaller.exe: [Debugger] tasklist.exe
IFEO\searchprotection.exe: [Debugger] tasklist.exe
IFEO\searchprotector.exe: [Debugger] tasklist.exe
IFEO\searchsettings.exe: [Debugger] tasklist.exe
IFEO\searchsettings64.exe: [Debugger] tasklist.exe
IFEO\snapdo.exe: [Debugger] tasklist.exe
IFEO\stinst32.exe: [Debugger] tasklist.exe
IFEO\stinst64.exe: [Debugger] tasklist.exe
IFEO\umbrella.exe: [Debugger] tasklist.exe
IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
IFEO\volaro: [Debugger] tasklist.exe
IFEO\vonteera: [Debugger] tasklist.exe
IFEO\websteroids.exe: [Debugger] tasklist.exe
IFEO\websteroidsservice.exe: [Debugger] tasklist.exe
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [DATAMNGR] => C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~2.EXE
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\Run: [Google Update] => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-02-11] (Google Inc.)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-02-11] (Google Inc.)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\MountPoints2: D - D:\SETUP.EXE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search.as...=a13203-110&t=4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
SearchScopes: HKLM - DefaultScope {1A7B1A5C-C687-45A0-B176-258D0C94DD0D} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {1A7B1A5C-C687-45A0-B176-258D0C94DD0D} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {828BC60E-B0BD-4014-8292-F554A672D61E} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {828BC60E-B0BD-4014-8292-F554A672D61E} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKCU - DefaultScope Software\Microsoft\Internet Explorer\SearchScopes URL = 
SearchScopes: HKCU - {1A7B1A5C-C687-45A0-B176-258D0C94DD0D} URL = 
SearchScopes: HKCU - {4EED39F7-4B03-42BB-A4ED-8F76C1F25BB8} URL = http://www.google.co...1I7TSNA_enUS470
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {828BC60E-B0BD-4014-8292-F554A672D61E} URL = http://www.google.co...ng}&rlz=1I7TSNA
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search.as...q={searchTerms}
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Search-Results Toolbar -> {377e5d4d-77e5-476a-8716-7e70a9272da0} -> C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Search-Results Toolbar - {377e5d4d-77e5-476a-8716-7e70a9272da0} - C:\PROGRA~2\SEARCH~1\Datamngr\SRTOOL~1\searchresultsDx.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
C:\PROGRA~2\SEARCH~1\Datamngr
R2 DatamngrCoordinator; C:\Program Files (x86)\Movies Toolbar\Datamngr\DatamngrCoordinator.exe [3573248 2014-06-30] (Bandoo Media Inc.)
R1 F06DEFF2-5B9C-490D-910F-35D3A91196222; C:\Program Files (x86)\Movies Toolbar\Datamngr\x64\setmgrc2.cfg [41848 2014-06-30] (Bandoo Media Inc.)
C:\Program Files (x86)\Movies Toolbar\
C:\Users\smendez\AppData\Local\Temp\msvcp110.dll
C:\Users\smendez\AppData\Local\Temp\msvcr110.dll
C:\Users\smendez\AppData\Local\Temp\ose00000.exe
C:\Users\smendez\AppData\Local\Temp\pc-decrapifier.exe
C:\Users\smendez\AppData\Local\Temp\sqlite3.dll
Task: {24FA618A-3764-43B6-ACDE-0F5EB56C13B8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {266F4053-BE2C-4739-AD8C-5BF2B59763B0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {6FF56F50-CE38-4AEF-97FA-4B49FB4FBC91} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: {CE84E498-1741-4495-B595-CCDF2F42FE18} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-11] (Google Inc.)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core.job => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA.job => C:\Users\smendez\AppData\Local\Google\Update\GoogleUpdate.exe
EmptyTemp:
Reboot:
 
*****************
 
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bitguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bpsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserdefender.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browserprotect.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\browsersafeguard.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dprotectsvc.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\jumpflip" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\protectedsearch.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchinstaller.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotection.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchprotector.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\searchsettings64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\snapdo.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst32.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\stinst64.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\umbrella.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\utiljumpflip.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\volaro" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\vonteera" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroids.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\websteroidsservice.exe" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR => Value not found.
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => value deleted successfully.
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleDriveSync => value deleted successfully.
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\Software\Microsoft\Windows\CurrentVersion\Run\\swg => value deleted successfully.
"HKU\S-1-5-21-972666469-1660125299-2285417380-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\S-1-5-21-972666469-1660125299-2285417380-1000" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A7B1A5C-C687-45A0-B176-258D0C94DD0D}" => Key deleted successfully.
"HKCR\CLSID\{1A7B1A5C-C687-45A0-B176-258D0C94DD0D}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{828BC60E-B0BD-4014-8292-F554A672D61E}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{828BC60E-B0BD-4014-8292-F554A672D61E}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A7B1A5C-C687-45A0-B176-258D0C94DD0D}" => Key deleted successfully.
"HKCR\CLSID\{1A7B1A5C-C687-45A0-B176-258D0C94DD0D}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EED39F7-4B03-42BB-A4ED-8F76C1F25BB8}" => Key deleted successfully.
"HKCR\CLSID\{4EED39F7-4B03-42BB-A4ED-8F76C1F25BB8}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key deleted successfully.
"HKCR\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{828BC60E-B0BD-4014-8292-F554A672D61E}" => Key deleted successfully.
"HKCR\CLSID\{828BC60E-B0BD-4014-8292-F554A672D61E}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
"HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
"HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377e5d4d-77e5-476a-8716-7e70a9272da0}" => Key not found.
"HKCR\Wow6432Node\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{377e5d4d-77e5-476a-8716-7e70a9272da0} => Value not found.
"HKCR\Wow6432Node\CLSID\{377e5d4d-77e5-476a-8716-7e70a9272da0}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
"C:\PROGRA~2\SEARCH~1\Datamngr" => File/Directory not found.
DatamngrCoordinator => Service not found.
F06DEFF2-5B9C-490D-910F-35D3A91196222 => Service not found.
C:\Program Files (x86)\Movies Toolbar => Moved successfully.
C:\Users\smendez\AppData\Local\Temp\msvcp110.dll => Moved successfully.
C:\Users\smendez\AppData\Local\Temp\msvcr110.dll => Moved successfully.
C:\Users\smendez\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\smendez\AppData\Local\Temp\pc-decrapifier.exe => Moved successfully.
C:\Users\smendez\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{24FA618A-3764-43B6-ACDE-0F5EB56C13B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{24FA618A-3764-43B6-ACDE-0F5EB56C13B8}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{266F4053-BE2C-4739-AD8C-5BF2B59763B0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{266F4053-BE2C-4739-AD8C-5BF2B59763B0}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FF56F50-CE38-4AEF-97FA-4B49FB4FBC91}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FF56F50-CE38-4AEF-97FA-4B49FB4FBC91}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE84E498-1741-4495-B595-CCDF2F42FE18}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE84E498-1741-4495-B595-CCDF2F42FE18}" => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => Key deleted successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000Core.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-972666469-1660125299-2285417380-1000UA.job => Moved successfully.
EmptyTemp: => Removed 1.1 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

  • Root Admin

Please read the following and post back the logs when ready and we'll see about getting you cleaned up further

General P2P/Piracy Warning:

 

 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

 

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

 

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites

Thanks for your continued help.  Here are the log files you requested.

 

Dale

 

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 10/9/2014

Scan Time: 3:16:50 PM

Logfile: malwarebytes-log.txt

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.10.09.10

Rootkit Database: v2014.10.08.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: smendez

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 343905

Time Elapsed: 41 min, 8 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

 

 


RogueKiller V10.0.0.0 (x64) [Oct  7 2014] by Adlice Software





 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : smendez [Administrator]

Mode : Scan -- Date : 10/09/2014  16:07:39

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 7 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3CF2280A-5C39-4101-ACAA-24631075852F} | DhcpNameServer : 10.10.200.30 10.10.200.50  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{3CF2280A-5C39-4101-ACAA-24631075852F} | DhcpNameServer : 10.10.200.30 10.10.200.50  -> Found

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{3CF2280A-5C39-4101-ACAA-24631075852F} | DhcpNameServer : 10.10.200.30 10.10.200.50  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 2 (Driver: Loaded) ¤¤¤

[Filter()] \Driver\atapi @ \Device\Ide\IdeDeviceP0T0L0-0 : \Driver\Thpdrv @ \Device\THPDRV1 (\SystemRoot\system32\DRIVERS\thpdrv.sys)

[Filter(Root.Keylogger)] \Driver\kbdclass @ \Device\KeyboardClass0 : \Driver\SynTP @ \Device\00000079 (\SystemRoot\system32\drivers\afd.sys)

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK3263GSX ATA Device +++++

--- User ---

[MBR] 65466a6445ca784b968cd9bf323c9a47

[bSP] a4af4c33fecd7959b13cfc42db315947 : HP MBR Code

Partition table:

0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 294638 MB

2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 606492672 | Size: 9106 MB

User = LL1 ... OK

User = LL2 ... OK

 

Link to post
Share on other sites

  • Root Admin

Great, thanks. Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

Here are the logs you requested.  Thanks again for your assistance:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.2 (10.09.2014:1)
OS: Windows 7 Home Premium x64
Ran by smendez on Fri 10/10/2014 at 11:04:45.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\smendez\appdata\local\google\chrome\user data\default\local storage\http_www.lyricsfreak.com_0.localstorage"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\wincert"
Failed to delete: [Folder] "C:\Users\smendez\appdata\local\ilivid"
Successfully deleted: [Folder] "C:\Program Files (x86)\search results toolbar"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 10/10/2014 at 11:24:00.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.311 - Report created 10/10/2014 at 11:35:57
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : smendez - SMENDEZ-PC
# Running from : C:\Users\smendez\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
[#] Folder Deleted : C:\ProgramData\BitGuard
[#] Folder Deleted : C:\ProgramData\Browser Manager
[#] Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Users\smendez\AppData\Local\iLivid
File Deleted : C:\Users\smendez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKCU\Software\APN DTX
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Google Chrome v
 
[ File : C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=400&systemid=406&v=a13203-110&apn_uid=2842290223044317&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
Deleted [search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [search Provider] : hxxp://www.netflix.com/WiSearch?raw_query=&ac_category_type=none&ac_rel_posn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=
 
*************************
 
AdwCleaner[R0].txt - [1797 octets] - [10/10/2014 11:31:08]
AdwCleaner[R1].txt - [1797 octets] - [10/10/2014 11:31:29]
AdwCleaner[s0].txt - [2166 octets] - [10/10/2014 11:35:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2226 octets] ##########
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/10/2014
Scan Time: 11:45:55 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.10.06
Rootkit Database: v2014.10.08.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: smendez
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 344202
Time Elapsed: 42 min, 57 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET List of Found Threats
 
C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\File System\000\t\00\00000000 Win32/AdWare.1ClickDownload.AT application
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-10-2014
Ran by smendez at 2014-10-11 08:48:55
Running from C:\Users\smendez\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccompanEase (HKLM-x32\...\AccompanEase) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{15BEAEBD-74D6-C40A-0089-5BFD0E689BFE}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2238.38827 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.12.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.16.61 - Conexant)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 7.0.1.1796 (HKCU\...\GoToMeeting) (Version: 7.0.1.1796 - CitrixOnline)
Java 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.1.2.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.5.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version:  - )
TOSHIBA Hardware Setup (Version: 4.01.01.00 - TOSHIBA) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.3 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.3 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.5.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version:  - )
TOSHIBA Supervisor Password (Version: 4.01.01.00 - TOSHIBA) Hidden
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
03-10-2014 15:09:46 Removed Skype™ 6.16
03-10-2014 15:18:32 Removed Skype Launcher
03-10-2014 15:20:56 Removed Skype Click to Call
03-10-2014 15:26:40 PC Decrapifier Restore Point
03-10-2014 15:45:04 Windows Update
04-10-2014 16:12:40 Windows Update
05-10-2014 16:28:54 Windows Update
09-10-2014 01:45:27 Windows Update
10-10-2014 15:57:09 Windows Update
11-10-2014 13:17:03 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3DF3A766-7047-47DB-8BB7-BFB0B3232892} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {B16A6D6D-99EB-4FE6-970B-15DF3CA395B3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B29644DB-4033-40A6-B611-73B0CFF64893} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C8D6AA17-B648-4B3D-9919-54BF0C521775} - System32\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000 => C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe [2014-10-09] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D5CF2876-BF86-4DF5-A45C-C07BBDDBCE33} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000.job => C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1796\g2mupdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-11 20:57 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-05-04 13:45 - 2009-05-04 13:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-02-11 19:40 - 2012-02-11 19:40 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-09-17 18:41 - 2009-09-17 18:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-972666469-1660125299-2285417380-500 - Administrator - Disabled)
Guest (S-1-5-21-972666469-1660125299-2285417380-501 - Limited - Disabled)
smendez (S-1-5-21-972666469-1660125299-2285417380-1000 - Administrator - Enabled) => C:\Users\smendez
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/11/2014 08:29:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/10/2014 11:25:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (10/11/2014 08:32:22 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
 
Error: (10/11/2014 08:16:13 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
 
Error: (10/11/2014 08:15:31 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/11/2014 08:15:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/10/2014 11:40:37 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
 
Error: (10/10/2014 11:40:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (10/10/2014 11:38:48 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/10/2014 11:38:17 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/10/2014 11:38:17 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (10/10/2014 11:26:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition.
 
 
Microsoft Office Sessions:
=========================
Error: (10/11/2014 08:29:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (10/10/2014 11:25:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion Neo X2 Dual Core Processor L625
Percentage of memory in use: 44%
Total physical RAM: 3838.36 MB
Available physical RAM: 2112.18 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 5786.08 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (TI105238W0E) (Fixed) (Total:287.73 GB) (Free:203.04 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 83BAAE1E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=17)
 
==================== End Of Log ============================
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-10-2014
Ran by smendez (administrator) on SMENDEZ-PC on 11-10-2014 08:47:55
Running from C:\Users\smendez\Desktop
Loaded Profile: smendez (Available profiles: smendez)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\smendez\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-10]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-400&v=a13203-110&t=4
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-11]
CHR Extension: (Google Search) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-11]
CHR Extension: (Gay Male Tube - Free Porn Videos & Movies) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddgoenajdgpceggmohcjopejeaggldbl [2013-02-05]
CHR Extension: (Kindle Cloud Reader) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-04-17]
CHR Extension: (Norton Identity Safe) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [688128 2009-08-18] (Conexant Systems Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-02] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141010.001\IDSvia64.sys [633560 2014-10-02] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141010.009\ENG64.SYS [129752 2014-10-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141010.009\EX64.SYS [2137304 2014-10-02] (Symantec Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-10 12:33 - 2014-10-10 12:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-10 11:40 - 2014-10-10 11:40 - 00002310 _____ () C:\Users\smendez\Desktop\AdwCleaner[s0].txt
2014-10-10 11:35 - 2014-10-10 11:35 - 00001797 _____ () C:\Users\smendez\Desktop\AdwCleaner[R0].txt
2014-10-10 11:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-10 11:30 - 2014-10-10 11:36 - 00000000 ____D () C:\AdwCleaner
2014-10-10 11:29 - 2014-10-10 11:29 - 01375089 _____ () C:\Users\smendez\Desktop\AdwCleaner.exe
2014-10-10 11:24 - 2014-10-10 11:24 - 00001194 _____ () C:\Users\smendez\Desktop\JRT.txt
2014-10-10 11:04 - 2014-10-10 11:04 - 00000000 ____D () C:\windows\ERUNT
2014-10-10 10:58 - 2014-10-10 10:58 - 01705755 _____ (Thisisu) C:\Users\smendez\Desktop\JRT.exe
2014-10-09 16:01 - 2014-10-09 16:01 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-09 16:01 - 2014-10-09 16:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-09 16:00 - 2014-10-09 16:00 - 18482776 _____ () C:\Users\smendez\Desktop\RogueKillerX64.exe
2014-10-09 15:15 - 2014-10-09 15:15 - 00000000 ____D () C:\windows\ERDNT
2014-10-09 15:14 - 2014-10-09 15:14 - 00791393 _____ (Lars Hederer ) C:\Users\smendez\Desktop\erunt-setup.exe
2014-10-09 15:14 - 2014-10-09 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-10-09 15:14 - 2014-10-09 15:14 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-10-09 15:08 - 2014-10-09 15:13 - 00002360 _____ () C:\Users\smendez\Desktop\Rkill.txt
2014-10-09 15:08 - 2014-10-09 15:08 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\smendez\Desktop\rkill.exe
2014-10-09 08:46 - 2014-10-09 08:46 - 00000000 ____D () C:\Users\smendez\Desktop\FRST-OlderVersion
2014-10-05 12:37 - 2014-10-11 08:48 - 00017525 _____ () C:\Users\smendez\Desktop\FRST.txt
2014-10-05 12:37 - 2014-10-11 08:47 - 00000000 ____D () C:\FRST
2014-10-05 12:36 - 2014-10-11 08:44 - 02109952 _____ (Farbar) C:\Users\smendez\Desktop\FRST64.exe
2014-10-05 11:47 - 2014-10-11 08:17 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-05 11:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-05 11:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-05 11:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-05 11:42 - 2014-10-05 11:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\smendez\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 11:19 - 2014-08-19 13:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-03 11:19 - 2014-08-19 12:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-03 11:19 - 2014-08-18 18:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-03 11:19 - 2014-08-18 17:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-03 11:19 - 2014-08-18 17:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-03 11:19 - 2014-08-18 17:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-03 11:19 - 2014-08-18 17:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-03 11:19 - 2014-08-18 17:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-03 11:19 - 2014-08-18 17:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-03 11:19 - 2014-08-18 17:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-03 11:19 - 2014-08-18 17:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-03 11:19 - 2014-08-18 17:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-03 11:19 - 2014-08-18 17:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-03 11:19 - 2014-08-18 17:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-03 11:19 - 2014-08-18 17:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-03 11:19 - 2014-08-18 17:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-03 11:19 - 2014-08-18 17:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-03 11:19 - 2014-08-18 17:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-03 11:19 - 2014-08-18 17:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-03 11:19 - 2014-08-18 16:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-03 11:19 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-03 11:19 - 2014-08-18 16:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-03 11:19 - 2014-08-18 16:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-03 11:19 - 2014-08-18 16:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-03 11:19 - 2014-08-18 16:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-03 11:19 - 2014-08-18 16:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-03 11:19 - 2014-08-18 16:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-03 11:19 - 2014-08-18 16:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-03 11:19 - 2014-08-18 16:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-03 11:19 - 2014-08-18 16:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-03 11:19 - 2014-08-18 16:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-03 11:19 - 2014-08-18 16:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-03 11:19 - 2014-08-18 16:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-03 11:19 - 2014-08-18 16:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-03 11:19 - 2014-08-18 16:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-03 11:19 - 2014-08-18 16:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-03 11:19 - 2014-08-18 16:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-03 11:19 - 2014-08-18 16:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-03 11:19 - 2014-08-18 16:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-03 11:19 - 2014-08-18 16:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-03 11:19 - 2014-08-18 16:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-03 11:19 - 2014-08-18 16:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-03 11:19 - 2014-08-18 16:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-03 11:19 - 2014-08-18 16:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-03 11:19 - 2014-08-18 16:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-03 11:19 - 2014-08-18 16:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-03 11:19 - 2014-08-18 16:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-03 11:19 - 2014-08-18 16:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-03 11:19 - 2014-08-18 16:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-03 11:19 - 2014-08-18 16:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-03 11:19 - 2014-08-18 16:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-03 11:19 - 2014-08-18 15:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-03 11:19 - 2014-08-18 15:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-03 11:19 - 2014-08-18 15:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-03 11:19 - 2014-08-18 15:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-03 11:19 - 2014-08-18 15:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-03 10:50 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-10-03 10:50 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-10-03 10:47 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-10-03 10:47 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-10-03 10:47 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-10-03 10:47 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-10-03 10:47 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-10-03 10:47 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-10-03 10:47 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-10-03 10:47 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-10-03 10:38 - 2014-10-03 10:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-10-03 10:38 - 2014-10-03 10:39 - 00001985 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-10-03 09:59 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-10-03 09:59 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-10-03 09:58 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-03 09:58 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-10-03 09:58 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-10-03 09:58 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-10-03 09:58 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-03 09:58 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-03 09:56 - 2014-09-04 21:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-03 09:56 - 2014-09-04 21:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-03 09:56 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-10-03 09:56 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-10-03 09:56 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-03 09:56 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-10-03 09:56 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-10-03 09:56 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-10-03 09:56 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-10-03 09:56 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-10-03 09:52 - 2014-10-03 09:52 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-10-03 09:47 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-10-03 09:47 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-10-03 09:47 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-03 09:47 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-03 09:47 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-10-03 09:43 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-10-03 09:42 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-10-03 09:42 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-10-03 09:20 - 2014-10-03 09:20 - 00000000 __SHD () C:\Users\smendez\AppData\Local\EmieUserList
2014-10-03 09:20 - 2014-10-03 09:20 - 00000000 __SHD () C:\Users\smendez\AppData\Local\EmieSiteList
2014-10-03 09:13 - 2014-10-03 09:14 - 00000000 ____D () C:\Users\smendez\Documents\Desktop Files
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-11 08:33 - 2012-02-11 19:21 - 01540442 _____ () C:\windows\WindowsUpdate.log
2014-10-11 08:31 - 2014-04-24 17:57 - 00000574 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000.job
2014-10-11 08:28 - 2012-02-11 19:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-11 08:16 - 2009-07-13 23:51 - 00429678 _____ () C:\windows\setupact.log
2014-10-10 11:46 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 11:46 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 11:38 - 2012-02-11 20:16 - 01129272 _____ () C:\windows\PFRO.log
2014-10-10 11:38 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-09 15:07 - 2014-04-24 17:57 - 00003608 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000
2014-10-03 12:06 - 2009-07-13 23:45 - 00418360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-03 12:01 - 2014-05-07 08:36 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-03 12:01 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-03 11:05 - 2014-02-26 09:00 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-03 11:05 - 2009-07-14 00:13 - 00775124 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-03 11:01 - 2013-07-14 07:55 - 00000000 ____D () C:\windows\system32\MRT
2014-10-03 10:38 - 2009-11-11 21:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-03 10:37 - 2012-03-24 17:13 - 00000000 ____D () C:\Users\smendez\AppData\Local\Adobe
2014-10-03 10:23 - 2012-02-11 20:00 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-03 10:23 - 2012-02-11 20:00 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-10-03 10:23 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-03 10:18 - 2012-02-11 20:05 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation
2014-10-03 10:18 - 2009-11-11 20:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-03 10:18 - 2009-11-11 20:56 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-10-03 10:18 - 2009-11-11 20:54 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-10-03 10:12 - 2012-02-11 19:53 - 00002347 _____ () C:\Users\smendez\Desktop\Google Chrome.lnk
2014-10-03 10:10 - 2012-11-28 10:39 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 10:00 - 2012-08-27 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-03 09:50 - 2013-12-29 09:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-03 09:50 - 2012-08-01 18:22 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-10-03 09:50 - 2012-08-01 18:22 - 00002330 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-03 09:50 - 2012-08-01 18:21 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-10-03 09:23 - 2012-02-11 18:56 - 00000000 ____D () C:\Users\smendez\AppData\Local\Google
2014-10-03 09:19 - 2012-11-28 10:40 - 00000000 ____D () C:\Users\smendez\AppData\Roaming\Skype
2014-10-03 09:09 - 2012-02-19 16:49 - 00000000 ____D () C:\Users\smendez\Documents\My Files
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-22 09:09
 
==================== End Of Log ============================
 
Link to post
Share on other sites

  • Root Admin

Sorry for the delay. Please run the following.

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Please download Malwarebytes Anti-Rootkit from HERE

If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

Thank you.  Second log file attached because it is too big to post.

 

TDSSKiller.3.0.0.40_16.10.2014_11.14.33_log.txt

 

11:02:00.0031 0x1104  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
11:02:10.0435 0x1104  ============================================================
11:02:10.0435 0x1104  Current date / time: 2014/10/16 11:02:10.0435
11:02:10.0435 0x1104  SystemInfo:
11:02:10.0435 0x1104  
11:02:10.0435 0x1104  OS Version: 6.1.7601 ServicePack: 1.0
11:02:10.0435 0x1104  Product type: Workstation
11:02:10.0435 0x1104  ComputerName: SMENDEZ-PC
11:02:10.0442 0x1104  UserName: smendez
11:02:10.0442 0x1104  Windows directory: C:\windows
11:02:10.0442 0x1104  System windows directory: C:\windows
11:02:10.0442 0x1104  Running under WOW64
11:02:10.0442 0x1104  Processor architecture: Intel x64
11:02:10.0442 0x1104  Number of processors: 2
11:02:10.0442 0x1104  Page size: 0x1000
11:02:10.0442 0x1104  Boot type: Normal boot
11:02:10.0442 0x1104  ============================================================
11:02:20.0098 0x1104  KLMD registered as C:\windows\system32\drivers\66111115.sys
11:02:20.0775 0x1104  System UUID: {813CAE28-3773-644B-8822-F95F136B11B7}
11:02:24.0157 0x1104  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 ( 298.09 Gb ), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:02:24.0191 0x1104  ============================================================
11:02:24.0191 0x1104  \Device\Harddisk0\DR0:
11:02:24.0438 0x1104  MBR partitions:
11:02:24.0438 0x1104  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x23F77000
11:02:24.0438 0x1104  ============================================================
11:02:24.0456 0x1104  C: <-> \Device\Harddisk0\DR0\Partition1
11:02:24.0469 0x1104  ============================================================
11:02:24.0469 0x1104  Initialize success
11:02:24.0469 0x1104  ============================================================
11:09:27.0721 0x0598  KLMD registered as C:\windows\system32\drivers\42935588.sys
11:09:36.0162 0x0598  Deinitialize success
 
Link to post
Share on other sites

Sorry for missing the final step.  Here are the logs:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17280
 
Java version: 1.6.0_14
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.600000 GHz
Memory total: 4024811520, free: 2183811072
 
Downloaded database version: v2014.10.17.02
Downloaded database version: v2014.10.15.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 83BAAE1E
 
Partition information:
 
    Partition 0 type is Other (0x27)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 3072000
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3074048  Numsec = 603418624
 
    Partition 2 type is HIDDEN (0x17)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 606492672  Numsec = 18649088
    Partition is not bootable
Hidden partition VBR is not infected.
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 320072933376 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-606492672-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org
 
Database version: v2014.10.17.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17280
smendez :: SMENDEZ-PC [administrator]
 
10/16/2014 8:44:05 PM
mbar-log-2014-10-16 (20-44-05).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 346250
Time elapsed: 44 minute(s), 7 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
Link to post
Share on other sites

  • Root Admin

There should have been another log. But that's okay for now. Please look inside the folder where you ran MBAR and there should be a folder named Plugins. Inside that folder is a file named FIXDAMAGE.EXE please right click over that file and choose "Run as administrator" - it will run quickly. Then when done please restart the computer.

 

Then run a new FRST scan and make sure you place a check mark in the Additions.txt check box and post back both new logs.

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.


 

Link to post
Share on other sites

I could swear that I uploaded but logs.  At any rate, here are the next set of logs:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-10-2014
Ran by smendez (administrator) on SMENDEZ-PC on 17-10-2014 11:30:42
Running from C:\Users\smendez\Desktop\New folder
Loaded Profile: smendez (Available profiles: smendez)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Users\smendez\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [508472 2009-10-09] (Conexant Systems, Inc.)
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-07-16] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1794856 2009-05-29] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [497504 2009-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [smoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [909624 2009-08-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711000 2009-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1482592 2009-09-28] (TOSHIBA Corporation)
HKLM\...\Run: [smartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [ConexantAudioPatch] => C:\Program Files\ConexantAudioPatch\Audioreset.exe [284472 2009-09-02] ()
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2009-09-17] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2009-10-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [34648 2009-10-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TUSBSleepChargeSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe [252288 2009-07-02] (TOSHIBA)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-07-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2446648 2009-11-05] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKU\S-1-5-21-972666469-1660125299-2285417380-1000\...\MountPoints2: D - D:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [sPReview] => C:\windows\System32\SPReview\SPReview.exe [301568 2013-03-27] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\smendez\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-29]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-400&v=a13203-110&t=4
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-26]
CHR Extension: (YouTube) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-02-11]
CHR Extension: (Google Search) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-02-11]
CHR Extension: (Gay Male Tube - Free Porn Videos & Movies) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddgoenajdgpceggmohcjopejeaggldbl [2013-02-05]
CHR Extension: (Kindle Cloud Reader) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2013-04-17]
CHR Extension: (Norton Identity Safe) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Users\smendez\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-02-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [688128 2009-08-18] (Conexant Systems Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-02] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-02] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141016.001\IDSvia64.sys [633560 2014-10-02] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-17] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141016.034\ENG64.SYS [129752 2014-10-02] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20141016.034\EX64.SYS [2137304 2014-10-02] (Symantec Corporation)
S3 RSUSBSTOR; C:\Windows\SysWOW64\Drivers\RtsUStor.sys [225280 2009-09-22] (Realtek Semiconductor Corp.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 11:28 - 2014-10-17 11:30 - 00000000 ____D () C:\Users\smendez\Desktop\New folder
2014-10-16 20:43 - 2014-10-16 21:28 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-16 20:42 - 2014-10-16 21:28 - 00000000 ____D () C:\Users\smendez\Desktop\mbar
2014-10-16 20:40 - 2014-10-16 20:40 - 14349744 _____ (Malwarebytes Corp.) C:\Users\smendez\Desktop\mbar-1.07.0.1012.exe
2014-10-16 11:10 - 2014-10-06 21:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-16 11:10 - 2014-10-06 21:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-16 11:10 - 2014-09-25 17:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-16 11:10 - 2014-09-25 17:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-16 11:10 - 2014-09-25 17:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-16 11:10 - 2014-09-25 17:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-16 11:10 - 2014-09-25 17:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-16 11:10 - 2014-09-25 17:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-16 11:10 - 2014-09-25 17:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-16 11:10 - 2014-09-18 21:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-16 11:10 - 2014-09-18 20:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-16 11:10 - 2014-09-18 20:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-16 11:10 - 2014-09-18 20:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-16 11:10 - 2014-09-18 20:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-16 11:10 - 2014-09-18 20:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-16 11:10 - 2014-09-18 20:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-16 11:10 - 2014-09-18 20:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-16 11:10 - 2014-09-18 20:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-16 11:10 - 2014-09-18 20:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-16 11:10 - 2014-09-18 20:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-16 11:10 - 2014-09-18 20:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-16 11:10 - 2014-09-18 20:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-16 11:10 - 2014-09-18 20:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-16 11:10 - 2014-09-18 20:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-16 11:10 - 2014-09-18 20:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-16 11:10 - 2014-09-18 20:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-16 11:10 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-16 11:10 - 2014-09-18 20:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-16 11:10 - 2014-09-18 20:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-16 11:10 - 2014-09-18 20:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 11:10 - 2014-09-18 20:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-16 11:10 - 2014-09-18 20:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-16 11:10 - 2014-09-18 20:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-16 11:10 - 2014-09-18 20:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-16 11:10 - 2014-09-18 20:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-16 11:10 - 2014-09-18 19:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-16 11:10 - 2014-09-18 19:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-16 11:10 - 2014-09-18 19:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-16 11:10 - 2014-09-18 19:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-16 11:10 - 2014-09-18 19:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-16 11:10 - 2014-09-18 19:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-16 11:10 - 2014-09-18 19:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-16 11:10 - 2014-09-18 19:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-16 11:10 - 2014-09-18 19:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-16 11:10 - 2014-09-18 19:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-16 11:10 - 2014-09-18 19:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-16 11:10 - 2014-09-18 19:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 11:10 - 2014-09-18 19:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-16 11:10 - 2014-09-18 19:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-16 11:10 - 2014-09-18 19:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-16 11:10 - 2014-09-18 19:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-16 11:10 - 2014-09-18 19:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-16 11:10 - 2014-09-18 18:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-16 11:10 - 2014-09-18 18:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-16 11:10 - 2014-09-18 18:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-16 11:10 - 2014-09-18 18:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-16 11:10 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 11:10 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-16 11:10 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-16 11:10 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 11:10 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-16 11:10 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-16 11:09 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-16 11:09 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-16 11:09 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-16 11:09 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-16 11:09 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-16 11:09 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-16 11:09 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-16 11:09 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-16 11:09 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-16 11:09 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-16 11:09 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-16 11:09 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-16 11:09 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-16 11:09 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-16 11:09 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-16 11:09 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-16 11:09 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-16 11:09 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-10-16 11:09 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-10-16 11:07 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-16 11:07 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-16 11:07 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-16 11:07 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-16 11:07 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-16 11:07 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-16 11:07 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-16 11:07 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-16 11:07 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-16 11:07 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-16 11:07 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-16 11:07 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-16 11:07 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-16 11:07 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-16 11:07 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-16 11:07 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-16 11:05 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-16 11:05 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-16 08:26 - 2014-10-16 08:26 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\smendez\Desktop\tdsskiller.exe
2014-10-11 08:48 - 2014-10-11 08:49 - 00029921 _____ () C:\Users\smendez\Desktop\Addition.txt
2014-10-10 12:33 - 2014-10-10 12:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-10 11:40 - 2014-10-10 11:40 - 00002310 _____ () C:\Users\smendez\Desktop\AdwCleaner[s0].txt
2014-10-10 11:35 - 2014-10-10 11:35 - 00001797 _____ () C:\Users\smendez\Desktop\AdwCleaner[R0].txt
2014-10-10 11:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\windows\SysWOW64\sqlite3.dll
2014-10-10 11:30 - 2014-10-10 11:36 - 00000000 ____D () C:\AdwCleaner
2014-10-10 11:29 - 2014-10-10 11:29 - 01375089 _____ () C:\Users\smendez\Desktop\AdwCleaner.exe
2014-10-10 11:24 - 2014-10-10 11:24 - 00001194 _____ () C:\Users\smendez\Desktop\JRT.txt
2014-10-10 11:04 - 2014-10-10 11:04 - 00000000 ____D () C:\windows\ERUNT
2014-10-10 10:58 - 2014-10-10 10:58 - 01705755 _____ (Thisisu) C:\Users\smendez\Desktop\JRT.exe
2014-10-09 16:01 - 2014-10-09 16:01 - 00037624 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-10-09 16:01 - 2014-10-09 16:01 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-09 16:00 - 2014-10-09 16:00 - 18482776 _____ () C:\Users\smendez\Desktop\RogueKillerX64.exe
2014-10-09 15:15 - 2014-10-09 15:15 - 00000000 ____D () C:\windows\ERDNT
2014-10-09 15:14 - 2014-10-09 15:14 - 00791393 _____ (Lars Hederer ) C:\Users\smendez\Desktop\erunt-setup.exe
2014-10-09 15:14 - 2014-10-09 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-10-09 15:14 - 2014-10-09 15:14 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-10-09 15:08 - 2014-10-09 15:13 - 00002360 _____ () C:\Users\smendez\Desktop\Rkill.txt
2014-10-09 15:08 - 2014-10-09 15:08 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\smendez\Desktop\rkill.exe
2014-10-09 08:46 - 2014-10-17 11:26 - 00000000 ____D () C:\Users\smendez\Desktop\FRST-OlderVersion
2014-10-05 12:37 - 2014-10-17 11:30 - 00000000 ____D () C:\FRST
2014-10-05 12:37 - 2014-10-11 08:49 - 00036625 _____ () C:\Users\smendez\Desktop\FRST.txt
2014-10-05 11:47 - 2014-10-17 11:20 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 11:45 - 2014-10-16 20:42 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-05 11:45 - 2014-10-05 11:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-05 11:45 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-05 11:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-05 11:42 - 2014-10-05 11:43 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\smendez\Desktop\mbam-setup-2.0.2.1012.exe
2014-10-03 10:50 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-10-03 10:50 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-10-03 10:47 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-10-03 10:47 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-10-03 10:47 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-10-03 10:47 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-10-03 10:47 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-10-03 10:47 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-10-03 10:47 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-10-03 10:47 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-10-03 10:38 - 2014-10-03 10:39 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
2014-10-03 10:38 - 2014-10-03 10:39 - 00001985 _____ () C:\Users\Public\Desktop\Adobe Reader 9.lnk
2014-10-03 09:59 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-10-03 09:59 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-10-03 09:58 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-03 09:58 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-10-03 09:58 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-10-03 09:58 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-10-03 09:58 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-10-03 09:58 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-10-03 09:56 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-10-03 09:56 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-10-03 09:56 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-03 09:56 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-10-03 09:56 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-10-03 09:56 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-10-03 09:56 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-10-03 09:56 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-10-03 09:52 - 2014-10-03 09:52 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-10-03 09:47 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-10-03 09:47 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-10-03 09:47 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-10-03 09:47 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-10-03 09:47 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-10-03 09:43 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-10-03 09:42 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-10-03 09:42 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-10-03 09:20 - 2014-10-03 09:20 - 00000000 __SHD () C:\Users\smendez\AppData\Local\EmieUserList
2014-10-03 09:20 - 2014-10-03 09:20 - 00000000 __SHD () C:\Users\smendez\AppData\Local\EmieSiteList
2014-10-03 09:13 - 2014-10-03 09:14 - 00000000 ____D () C:\Users\smendez\Documents\Desktop Files
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-17 11:30 - 2012-02-11 19:21 - 01487544 _____ () C:\windows\WindowsUpdate.log
2014-10-17 11:27 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:27 - 2009-07-13 23:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-17 11:18 - 2012-02-11 20:16 - 01131558 _____ () C:\windows\PFRO.log
2014-10-17 11:18 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-17 11:18 - 2009-07-13 23:51 - 00430574 _____ () C:\windows\setupact.log
2014-10-17 11:15 - 2014-05-07 08:36 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-17 11:09 - 2012-02-11 19:27 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-17 10:48 - 2013-07-14 07:55 - 00000000 ____D () C:\windows\system32\MRT
2014-10-17 10:35 - 2014-04-24 17:57 - 00000574 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000.job
2014-10-17 10:35 - 2013-04-15 20:10 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-17 10:34 - 2014-04-24 17:57 - 00003608 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000
2014-10-03 12:06 - 2009-07-13 23:45 - 00418360 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-03 12:01 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-03 11:05 - 2014-02-26 09:00 - 00775124 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-10-03 11:05 - 2009-07-14 00:13 - 00775124 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-03 10:38 - 2009-11-11 21:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-03 10:37 - 2012-03-24 17:13 - 00000000 ____D () C:\Users\smendez\AppData\Local\Adobe
2014-10-03 10:23 - 2012-02-11 20:00 - 00000000 ____D () C:\ProgramData\WildTangent
2014-10-03 10:23 - 2012-02-11 20:00 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Games
2014-10-03 10:23 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-03 10:18 - 2012-02-11 20:05 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA Corporation
2014-10-03 10:18 - 2009-11-11 20:56 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-10-03 10:18 - 2009-11-11 20:56 - 00000000 ____D () C:\Program Files\TOSHIBA
2014-10-03 10:18 - 2009-11-11 20:54 - 00000000 ____D () C:\Program Files (x86)\TOSHIBA
2014-10-03 10:12 - 2012-02-11 19:53 - 00002347 _____ () C:\Users\smendez\Desktop\Google Chrome.lnk
2014-10-03 10:10 - 2012-11-28 10:39 - 00000000 ____D () C:\ProgramData\Skype
2014-10-03 10:00 - 2012-08-27 22:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-10-03 09:50 - 2013-12-29 09:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-03 09:50 - 2012-08-01 18:22 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-10-03 09:50 - 2012-08-01 18:22 - 00002330 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-03 09:50 - 2012-08-01 18:21 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-10-03 09:23 - 2012-02-11 18:56 - 00000000 ____D () C:\Users\smendez\AppData\Local\Google
2014-10-03 09:19 - 2012-11-28 10:40 - 00000000 ____D () C:\Users\smendez\AppData\Roaming\Skype
2014-10-03 09:09 - 2012-02-19 16:49 - 00000000 ____D () C:\Users\smendez\Documents\My Files
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-04-22 09:09
 
==================== End Of Log ============================
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16-10-2014
Ran by smendez at 2014-10-17 11:34:34
Running from C:\Users\smendez\Desktop\New folder
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Disabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AccompanEase (HKLM-x32\...\AccompanEase) (Version:  - )
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.10 - Atheros Communications Inc.)
ATI Catalyst Install Manager (HKLM\...\{15BEAEBD-74D6-C40A-0089-5BFD0E689BFE}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Full New (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Light (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2009.0729.2238.38827 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
CCC Help Chinese Standard (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Chinese Traditional (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Czech (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Danish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Dutch (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help English (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Finnish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help French (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help German (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Greek (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Hungarian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Italian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Japanese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Korean (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Norwegian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Polish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Portuguese (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Russian (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Spanish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Swedish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Thai (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
CCC Help Turkish (x32 Version: 2009.0729.2237.38827 - ATI) Hidden
ccc-core-static (x32 Version: 2009.0729.2238.38827 - ATI) Hidden
ccc-utility64 (Version: 2009.0729.2238.38827 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.12.0 - Conexant)
Conexant HD Audio (HKLM\...\CNXT_AUDIO) (Version: 4.98.16.61 - Conexant)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version:  - Microsoft)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 6.4.4.1831 (HKCU\...\GoToMeeting) (Version: 6.4.4.1831 - CitrixOnline)
Java 6 Update 14 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version:  - Microsoft)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
NetZero Launcher (HKLM-x32\...\{9AEAF9CC-390B-49C0-8F7F-14092BF163B6}) (Version: 2.01 - TOSHIBA Corporation)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Quickbooks Financial Center (HKLM-x32\...\{3B843B38-04B1-4CE6-8888-586273E0F289}) (Version: 2.02 - TOSHIBA Corporation)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30105 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{0FB630AB-7BD8-40AE-B223-60397D57C3C9}) (Version: 2.00.0006 - Realtek)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.1.2.0 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.0 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{1B87C40B-A60B-4EF3-9A68-706CF4B69978}) (Version: 3.00.09 - TOSHIBA)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{F64684A0-754B-4637-B7F9-6E8DAA8CD5CD}) (Version: 1.5.05.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.5.05.64 - TOSHIBA Corporation) Hidden
TOSHIBA ConfigFree (HKLM-x32\...\{F3529665-D75E-4D6D-98F0-745C78C68E9B}) (Version: 8.0.25 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.2 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM-x32\...\InstallShield_{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.1.12.64 - TOSHIBA Corporation)
TOSHIBA eco Utility (Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA eco Utility (x32 Version: 1.1.12.64 - TOSHIBA Corporation) Hidden
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM-x32\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version:  - )
TOSHIBA Extended Tiles for Windows Mobility Center (Version: 1.01.00 - TOSHIBA Corporation) Hidden
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.1.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version:  - )
TOSHIBA Hardware Setup (Version: 4.01.01.00 - TOSHIBA) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.0.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.3 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (Version: 3.1.64.3 - TOSHIBA Corporation) Hidden
TOSHIBA HDD/SSD Alert (x32 Version: 3.1.64.3 - TOSHIBA Corporation) Hidden
TOSHIBA Media Controller (HKLM-x32\...\{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}) (Version: 1.0.65 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 1.2.0.38 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.4.1.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.1 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.0.4 for x64 - TOSHIBA Corporation)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{5BCC94A1-DEF1-4AB4-8046-BC13048E929A}) (Version: 1.5.07.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.5.07.64 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.40 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version:  - )
TOSHIBA Supervisor Password (Version: 4.01.01.00 - TOSHIBA) Hidden
TOSHIBA USB Sleep and Charge Utility (HKLM-x32\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.2.3.0 - TOSHIBA Corporation)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.2.26.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.2.26.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\{5E6F6CF3-BACC-4144-868C-E14622C658F3}) (Version: 1.1.1.7 - TOSHIBA Corporation)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.3 - Toshiba)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{18B3CF2A-73F7-4716-B1AE-86D68726D408}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{EFB525A0-E1C0-4E32-9968-FE401BC87363}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ED31DE9A-3E13-4E2C-9106-E0D8AFFB9FA6}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BC6DFBFD-16DD-47E1-A7EF-2C062930FA4F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Windows Live Call (x32 Version: 14.0.8064.0206 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8064.206 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8091.0730 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 14.0.8081.709 - Microsoft Corporation) Hidden
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8089.0726 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-972666469-1660125299-2285417380-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\smendez\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
04-10-2014 16:12:40 Windows Update
05-10-2014 16:28:54 Windows Update
09-10-2014 01:45:27 Windows Update
10-10-2014 15:57:09 Windows Update
11-10-2014 13:17:03 Windows Update
13-10-2014 01:36:19 Windows Update
13-10-2014 14:45:29 Windows Update
16-10-2014 13:25:55 Windows Update
17-10-2014 15:34:41 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {3DF3A766-7047-47DB-8BB7-BFB0B3232892} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {B16A6D6D-99EB-4FE6-970B-15DF3CA395B3} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B29644DB-4033-40A6-B611-73B0CFF64893} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C8D6AA17-B648-4B3D-9919-54BF0C521775} - System32\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000 => C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-17] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {D5CF2876-BF86-4DF5-A45C-C07BBDDBCE33} - System32\Tasks\ConfigFree Startup Programs => C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe [2009-10-28] (TOSHIBA CORPORATION)
Task: C:\windows\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000.job => C:\Users\smendez\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2009-07-16 18:27 - 2009-07-16 18:27 - 07244600 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2009-07-16 18:27 - 2009-07-16 18:27 - 00051512 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2009-11-11 20:57 - 2009-06-22 18:40 - 00022328 _____ () C:\Program Files\TOSHIBA\Toshiba Assist\NotifyX.dll
2009-03-12 22:08 - 2009-03-12 22:08 - 00048640 _____ () C:\Program Files (x86)\Toshiba\PCDiag\NotifyPCD.dll
2009-07-25 20:38 - 2009-07-25 20:38 - 00017800 _____ () C:\Program Files\TOSHIBA\TOSHIBA Disc Creator\NotifyTDC.dll
2009-05-04 13:45 - 2009-05-04 13:45 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2012-02-11 19:40 - 2012-02-11 19:40 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2009-09-17 18:41 - 2009-09-17 18:41 - 00079192 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-10-03 10:12 - 2014-09-22 23:06 - 01098056 _____ () C:\Users\smendez\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-10-03 10:12 - 2014-09-22 23:06 - 00174408 _____ () C:\Users\smendez\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-10-03 10:12 - 2014-09-22 23:07 - 08577864 _____ () C:\Users\smendez\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-10-03 10:12 - 2014-09-22 23:07 - 00331592 _____ () C:\Users\smendez\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-10-03 10:12 - 2014-09-22 23:06 - 01660232 _____ () C:\Users\smendez\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96166719.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\96166719.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-972666469-1660125299-2285417380-500 - Administrator - Disabled)
Guest (S-1-5-21-972666469-1660125299-2285417380-501 - Limited - Disabled)
smendez (S-1-5-21-972666469-1660125299-2285417380-1000 - Administrator - Enabled) => C:\Users\smendez
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/16/2014 10:47:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/13/2014 09:54:00 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/12/2014 08:50:15 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/11/2014 08:29:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (10/10/2014 11:25:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Product: Microsoft Office Professional Plus 2010 - Update 'Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition' could not be installed. Error code 1603. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127
 
 
System errors:
=============
Error: (10/17/2014 11:22:49 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB2952664).
 
Error: (10/17/2014 11:18:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (10/17/2014 11:18:18 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/17/2014 11:18:18 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
 
Error: (10/17/2014 11:14:38 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 for x64-based Systems (KB3000061).
 
Error: (10/17/2014 10:32:39 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/16/2014 10:49:39 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/16/2014 08:38:14 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
 
Error: (10/16/2014 08:38:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (10/16/2014 11:15:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (10/16/2014 10:47:27 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (10/13/2014 09:54:00 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (10/12/2014 08:50:15 PM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (10/11/2014 08:29:50 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
Error: (10/10/2014 11:25:01 AM) (Source: MsiInstaller) (EventID: 1024) (User: NT AUTHORITY)
Description: Microsoft Office Professional Plus 2010Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition1603(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Processor: AMD Turion Neo X2 Dual Core Processor L625
Percentage of memory in use: 53%
Total physical RAM: 3838.36 MB
Available physical RAM: 1793.95 MB
Total Pagefile: 7674.9 MB
Available Pagefile: 4983.31 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (TI105238W0E) (Fixed) (Total:287.73 GB) (Free:203.18 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 83BAAE1E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=287.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.9 GB) - (Type=17)
 
==================== End Of Log ============================
Link to post
Share on other sites

  • Root Admin

Let me have you run the following please.

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Here is the log file:

 

ComboFix 14-10-15.01 - smendez 10/17/2014  22:06:45.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3838.2432 [GMT -5:00]
Running from: c:\users\smendez\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-18 to 2014-10-18  )))))))))))))))))))))))))))))))
.
.
2014-10-18 03:15 . 2014-10-18 03:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-17 01:43 . 2014-10-17 02:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-16 16:09 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-10-16 16:07 . 2014-07-17 01:39 3221504 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-10-16 16:05 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-16 16:05 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
2014-10-10 17:33 . 2014-10-10 17:33 -------- d-----w- c:\program files (x86)\ESET
2014-10-10 16:33 . 2010-08-30 13:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-10-10 16:30 . 2014-10-10 16:36 -------- d-----w- C:\AdwCleaner
2014-10-10 16:04 . 2014-10-10 16:04 -------- d-----w- c:\windows\ERUNT
2014-10-09 21:01 . 2014-10-09 21:01 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-10-09 21:01 . 2014-10-09 21:01 -------- d-----w- c:\programdata\RogueKiller
2014-10-09 20:14 . 2014-10-09 20:14 -------- d-----w- c:\program files (x86)\ERUNT
2014-10-05 17:37 . 2014-10-17 16:36 -------- d-----w- C:\FRST
2014-10-05 16:47 . 2014-10-18 02:54 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 16:45 . 2014-10-17 01:42 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 16:45 . 2014-10-05 16:45 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-10-05 16:45 . 2014-10-05 16:45 -------- d-----w- c:\programdata\Malwarebytes
2014-10-05 16:45 . 2014-05-12 12:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-05 16:45 . 2014-05-12 12:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-10-05 16:45 . 2014-10-05 16:45 -------- d-----w- c:\users\smendez\AppData\Local\Programs
2014-10-03 15:50 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-10-03 15:50 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-10-03 15:47 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-10-03 15:47 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-10-03 15:47 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-10-03 15:47 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-10-03 15:47 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-10-03 15:47 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-10-03 15:47 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-10-03 15:47 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-10-03 14:59 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-10-03 14:59 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-10-03 14:58 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-10-03 14:58 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-10-03 14:58 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-10-03 14:58 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-10-03 14:58 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-10-03 14:58 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-03 14:56 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-10-03 14:56 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-10-03 14:56 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-10-03 14:56 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-10-03 14:56 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-10-03 14:56 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-10-03 14:56 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-10-03 14:56 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-10-03 14:47 . 2014-06-25 02:05 14175744 ----a-w- c:\windows\system32\shell32.dll
2014-10-03 14:47 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2014-10-03 14:47 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2014-10-03 14:47 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2014-10-03 14:47 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2014-10-03 14:47 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-10-03 14:43 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-10-03 14:42 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-10-03 14:42 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-10-03 14:36 . 2014-10-16 15:59 -------- d-----w- c:\windows\system32\drivers\N360x64\1506000.020
2014-10-03 14:20 . 2014-10-03 14:20 -------- d-sh--w- c:\users\smendez\AppData\Local\EmieUserList
2014-10-03 14:20 . 2014-10-03 14:20 -------- d-sh--w- c:\users\smendez\AppData\Local\EmieSiteList
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-17 15:35 . 2013-04-16 01:10 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-07-25 07:35 . 2014-07-25 07:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 04:47 . 2014-07-25 04:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2009-10-06 1294136]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2009-11-05 2446648]
"NortonOnlineBackupReminder"="c:\program files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" [2009-08-10 529256]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\96166719.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20141003.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141016.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20141016.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys;c:\windows\SYSNATIVE\drivers\CHDMI64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys;c:\windows\SYSNATIVE\DRIVERS\QIOMem.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-18 c:\windows\Tasks\G2MUpdateTask-S-1-5-21-972666469-1660125299-2285417380-1000.job
- c:\users\smendez\AppData\Local\Citrix\GoToMeeting\1831\g2mupdate.exe [2014-10-17 15:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 15:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-10-09 508472]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-07-16 307768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-05-30 1794856]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2009-09-17 709976]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-TUSBSleepChargeSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA USB Sleep and Charge Utility\TUSBSleepChargeSrv.exe
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-SmoothView - c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe
HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-SmartFaceVWatcher - c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe
HKLM-Run-ConexantAudioPatch - c:\program files (x86)\ConexantAudioPatch\Audioreset.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
"Key"="ActionsPane3"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0]
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias]
"0"="Microsoft Actions Pane 3"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-17  22:19:15
ComboFix-quarantined-files.txt  2014-10-18 03:19
.
Pre-Run: 217,842,827,264 bytes free
Post-Run: 218,421,141,504 bytes free
.
- - End Of File - - 87EC3F69B5E839F4CA50050144CB22F1
5B5E648D12FCADC244C1EC30318E1EB9
Link to post
Share on other sites

  • Root Admin

How is the computer running now?

Are there still any signs of an infection?

Please download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
Link to post
Share on other sites

The computer definitely seems to be running quicker now.  Norton 360 is scanning files again when they are downloaded.  However, I haven't been using this computer very much. I wanted to complete this process first.  

 

Thanks.

 

Here's the log:

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 6 Update 14  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 15.0.0.189  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

OK. Here is the second log after installing the newest versions of Adobe Reader and JAVA.

 

I'm not quite sure why it is still listing Java as out of date since it is the latest version.  

 

Thanks for all your help.

 

_______________________________

 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton 360    
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 25  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.189  
 Adobe Reader 9  
 Adobe Reader XI  
 Google Chrome 36.0.1985.125  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 5% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

  • Root Admin

It's possible it's just reading the file wrong is all, not a big issue.

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot

Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:
If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.
 
 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.