Jump to content

COM Surrogate issue High memory usage


Recommended Posts

Good Morning! (or afternoon) :) 

  I am having the wicked COM Surrogate issue that, it seems, most everyone else is having. All symptoms are pretty much the same start up freezes, Norton notifications popping all the time when it used to not pop up.This has been on going for about a month or so.

I am just a regular mom of 3 teenage boys and EXTREMELY computer stupid. I am afraid you will have to use computer lingo suitable for a 7 year old. sorry, about that, I'm a book reader, not a clicker. :) Due to having 3 teenage boys that randomly use my computer, there is NO TELLING what has been downloaded on this computer. 

Norton is also telling me there is alot of programs running at start up and asks me to turn some off. Again, I dont know what any of the names are or mean, so I am afrad of accidentally turning off something i need. 

 I have ran and attached the FRST and Addition txt, as stated in the advanced set up post. 

Thank you for your Time and assistance! 

 

FRST.txt

Addition.txt

Link to post
Share on other sites

Hello tttberrr, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. xsmile.png.pagespeed.ic.CwSpBGGvqN.png
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • Please do not post logs using the CODEQUOTE or ATTACHMENT format. Logs should be posted directly in plain text. If you receive an error whilst posting, please break the log in half and use multiple posts.
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================
 

I am just a regular mom of 3 teenage boys and EXTREMELY computer stupid. I am afraid you will have to use computer lingo suitable for a 7 year old. sorry, about that, I'm a book reader, not a clicker. 

That's no problem at all. If there's anything you're unsure of, be sure to ask. :)
 

Norton is also telling me there is alot of programs running at start up and asks me to turn some off.

We can address this at the end. 

STEP 1
6JO0hXH.png Revo Uninstaller

  • Please download and install Revo Uninstaller Free.
  • Double-click Revo Uninstaller to run the programme. 
  • From the list of programmes, locate the following, or anything similar and carry out the steps below one at a time.
    • Catalina Savings Printer
    • Coupon Printer for Windows
    • iLivid
    • Media Player Classic - Home Cinema v1.5.2.3456
    • Retrogamer toolbar
    • Search App by Ask
  • Double-click the programme. 
  • When prompted if you want to uninstall click Yes.
  • Ensure the Moderate option is selected and click Next.
  • The programme uninstaller will run. If prompted again click Yes.
  • Work your way through the uninstaller, ensuring you read each page thoroughly.
  • Note: Ensure you decline offers of additional software if applicable. 
  • Once the built-in uninstaller is finished click Next.
  • Once the programme has searched for leftovers click Next.
  • Check items in bold only in the list and click Delete. You may have to expand folders by clicking the "+" mark.
  • When prompted click Yes, followed by Next.
  • Click Select all, followed by Delete.
  • When prompted click Yes, followed by Next.
  • Once done click Finish.
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exeC:\Program Files (x86)\CouponsHKLM\...\Run: [] => [X]HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\Run: [PuxubAduxi] => regsvr32.exe "C:\ProgramData\PuxubAduxi\PuxubAduxi.dat"C:\ProgramData\PuxubAduxiHKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\MountPoints2: {5f4ab95e-fc61-11e2-87d7-446d5742bf2d} - E:\setup.exe -aHKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\MountPoints2: {76cf4fc9-0751-11e4-8c11-00266c138aa4} - E:\VerizonSWUpgradeAssistantLauncher.exeHKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONSearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_15_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCyC0CtCtAzz0A0AyE0C0Dzz0FtN0D0Tzu0SzztBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByB0Azz0EyCtAtBtGyByDtAyDtGtC0FzyzztGzztC0FyDtGyB0DzzyDzzzztDzz0ByEtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0ByBzz0B0CyCtGyCtC0CzztGzyyE0F0AtGzyzy0FtCtGyEtCyCyEtDyCyD0C0FtByE0F2Q&cr=1513342027&ir=SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=cmi_14_15_ch&cd=2XzuyEtN2Y1L1QzutDtDtByCyC0CtCtAzz0A0AyE0C0Dzz0FtN0D0Tzu0SzztBzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyByB0Azz0EyCtAtBtGyByDtAyDtGtC0FzyzztGzztC0FyDtGyB0DzzyDzzzztDzz0ByEtCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyCtA0ByBzz0B0CyCtGyCtC0CzztGzyyE0F0AtGzyzy0FtCtGyEtCyCyEtDyCyD0C0FtByE0F2Q&cr=1513342027&ir=SearchScopes: HKLM-x32 - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0744986233044200&q={searchTerms}SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=0744986233044200&q={searchTerms}SearchScopes: HKLM-x32 - {ef80d754-fb77-4a7f-be75-489beebb20c9} URL = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm008YYus&ptnrS=RGxdm008YYus&ptb=3ABC2771-D489-4E77-AD67-403246BE59BD&ind=2012102815&n=77ee409f&psa=&st=sb&searchfor={searchTerms}SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}SearchScopes: HKCU - {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =BHO-x32: Toolbar BHO -> {03123bb6-a811-407e-b323-66cf0be510b1} -> C:\PROGRA~2\RETROG~3\bar\1.bin\4wbar.dll No FileC:\PROGRA~2\RETROG~3Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileFF DefaultSearchEngine: Bing FF SearchEngineOrder.1: Search ResultsFF SearchEngineOrder.3: Bing FF SelectedSearchEngine: searchFF Keyword.URL: hxxp://www.bing.com/search?FORM=U079DF&PC=U079&q=FF Plugin-x32: @Retrogamer_4w.com/Plugin -> C:\Program Files (x86)\Retrogamer_4w\bar\1.bin\NP4wStub.dll No FileC:\Program Files (x86)\Retrogamer_4wFF Plugin HKCU: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Tina\AppData\Roaming\CATALI~2\NPBCSK~1.DLL (Catalina Marketing Corporation)C:\Users\Tina\AppData\Roaming\CATALI~2FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll (Coupons, Inc.)FF SearchPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\1thh09tt.default\searchplugins\bingp.xmlFF SearchPlugin: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\1thh09tt.default\searchplugins\search.xmlFF Extension: MyWordTool - C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\1thh09tt.default\Extensions\emily@wilford.biz [2013-11-17]FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [Not Found]C:\Program Files (x86)\Coupons.com CouponBarCHR HomePage: Default -> hxxp://www.aol.com/CHR StartupUrls: Default -> "hxxp://www.aol.com/"CHR HKLM-x32\...\Chrome\Extension: [cnpkmcjgpcihgfnkcjapiaabbbplkcmf] - C:\Program Files (x86)\Coupons.com CouponBar\chrome\Coupons.com.crx [2014-10-03]CHR HKLM-x32\...\Chrome\Extension: [pnjnnnhampgflieglcelomcofocioegp] - C:\Users\Tina\AppData\Local\CRE\pnjnnnhampgflieglcelomcofocioegp.crx [2013-04-13]R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-10-10] (APN LLC.)C:\Program Files (x86)\AskPartnerNetworkR2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [176624 2014-02-13] (Coupons.com Inc.)S2 Retrogamer_4wService; C:\PROGRA~2\RETROG~3\bar\1.bin\4wbarsvc.exe [X]2014-11-08 09:30 - 2014-11-08 09:30 - 01055936 _____ (Adobe) C:\Users\Tina\Downloads\install_flashplayer15x32axau_mssa_aaa_aih.exe2014-11-05 18:24 - 2014-11-05 18:24 - 00000000 ____D () C:\Users\Tina\AppData\Local\{699C6C72-3B0C-4E47-AEE1-EB6D6BC7A9FE}2014-11-05 05:59 - 2014-11-06 18:50 - 00000153 _____ () C:\Users\Tina\AppData\Local\svcxdcl32.dat2014-11-05 05:59 - 2014-11-05 07:50 - 00000000 ____D () C:\ProgramData\YerquLwavj2014-11-05 05:59 - 2014-11-05 05:59 - 00266270 _____ (bhyvgtcfrd) C:\windows\system32\d3diWNet.exe2014-11-04 06:20 - 2014-11-04 23:13 - 00000000 ____D () C:\ProgramData\TweakBit2014-11-04 06:19 - 2014-11-05 06:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit2014-11-04 06:19 - 2014-11-04 21:52 - 00000000 ____D () C:\Program Files (x86)\TweakBit2014-11-04 06:07 - 2014-11-04 06:07 - 08493704 _____ (Auslogics Labs Pty Ltd ) C:\Users\Tina\Downloads\pc-speed-up-setup (2).exe2014-11-04 06:06 - 2014-11-04 06:07 - 08493704 _____ (Auslogics Labs Pty Ltd ) C:\Users\Tina\Downloads\pc-speed-up-setup (1).exe2014-11-04 06:06 - 2014-11-04 06:06 - 08493704 _____ (Auslogics Labs Pty Ltd ) C:\Users\Tina\Downloads\pc-speed-up-setup.exe2014-10-20 16:06 - 2014-11-09 06:08 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}2014-10-24 06:38 - 2014-10-24 06:38 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\ParetoLogic2014-10-24 06:37 - 2014-10-24 08:44 - 00000000 ____D () C:\ProgramData\ParetoLogic2014-10-21 05:39 - 2014-10-21 05:39 - 00000000 ____D () C:\Users\Tina\AppData\Local\AskPartnerNetwork2014-10-21 05:39 - 2014-10-21 05:39 - 00000000 ____D () C:\ProgramData\AskPartnerNetwork2014-10-21 05:39 - 2014-10-21 05:39 - 00000000 ____D () C:\ProgramData\APN2014-10-21 05:39 - 2014-10-21 05:39 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork2014-10-23 21:56 - 2014-04-08 21:20 - 00000000 ____D () C:\Users\Tina\AppData\Local\iLividC:\Users\Tina\AppData\Local\Temp\driver-updater-setup.exeC:\Users\Tina\AppData\Local\Temp\UpdateFlashPlayer_802ce148.exe2014-11-09 08:53 - 2013-09-07 23:53 - 00000286 _____ () C:\windows\Tasks\Dealply.jobCustomCLSID: HKU\S-1-5-21-1885051997-1458977773-2881551217-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?CustomCLSID: HKU\S-1-5-21-1885051997-1458977773-2881551217-1000_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\shdocvw.dll (Microsoft Corporation)Task: {03FDA58A-6ACE-4524-BA24-8BA4D55FD2B6} - \Dealply No Task File <==== ATTENTIONTask: {2E22184A-FDA5-4564-A839-BEE3D2A23F8D} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONC:\Program Files (x86)\AnyProtectExTask: {A7D434BC-1874-439A-AFB0-21191BD8BEC3} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: {BDF764C4-4EFB-4274-A78B-162935A0609F} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\windows\Tasks\Dealply.job => C:\Users\Tina\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTIONC:\Users\Tina\AppData\Roaming\DealplyAlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6AlternateDataStreams: C:\ProgramData\TEMP:063969F8AlternateDataStreams: C:\ProgramData\TEMP:0AC32449AlternateDataStreams: C:\ProgramData\TEMP:0E61938BAlternateDataStreams: C:\ProgramData\TEMP:10F6E97EAlternateDataStreams: C:\ProgramData\TEMP:258D2F8BAlternateDataStreams: C:\ProgramData\TEMP:38A0E181AlternateDataStreams: C:\ProgramData\TEMP:413E2927AlternateDataStreams: C:\ProgramData\TEMP:5539129FAlternateDataStreams: C:\ProgramData\TEMP:7D288858AlternateDataStreams: C:\ProgramData\TEMP:997DA6D7AlternateDataStreams: C:\ProgramData\TEMP:A02025CEAlternateDataStreams: C:\ProgramData\TEMP:A039EDF9AlternateDataStreams: C:\ProgramData\TEMP:A819A132AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09AlternateDataStreams: C:\ProgramData\TEMP:B722BCE5AlternateDataStreams: C:\ProgramData\TEMP:D2397415AlternateDataStreams: C:\ProgramData\TEMP:D3A8AA31AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCEreg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Retrogamer Search Scope Monitor" /freg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Retrogamer_4w Browser Plugin Loader" /fFolder: C:\07ff25f192f504bef610202f2c68322bFolder: C:\Users\Tina\AppDataFolder: C:\ProgramDataCMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name.
  • Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. This log will be very large. Ensure you attach the file.
     

STEP 3
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did the programmes uninstall OK?
  • Fixlog.txt (attached!)
  • MBAM log
Link to post
Share on other sites

ok Adam, I'm Tina. 

I have done all 4 steps and have attached the Fixlog an below is the FBAM log...

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/9/2014
Scan Time: 2:56:27 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.09.07
Rootkit Database: v2014.11.08.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Tina
 
Scan Type: Threat Scan
Result: Cancelled
Objects Scanned: 0
(No malicious items detected)
Time Elapsed: 0 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

Fixlog.txt

Link to post
Share on other sites

Hi Tina, 
 
Please work your way through the following.
 
STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    start2014-10-20 16:06 - 2014-11-09 11:37 - 0000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}2014-03-30 15:51 - 2014-03-30 15:50 - 1172776 _____ (AnyProtect.com) C:\Users\Tina\AppData\Local\nss5F57.tmp2014-10-06 23:27 - 2014-10-06 23:27 - 0000000 _____ () C:\Users\Tina\AppData\Local\{6F07CAAF-A9F6-4663-BC8A-E1A3D8337ABA}2014-04-08 20:37 - 2014-04-08 19:18 - 1083403 _____ (AnyProtect.com) C:\Users\Tina\AppData\Local\AnyProtectScannerSetup.exe2012-09-05 17:09 - 2012-09-05 17:10 - 0000000 ____D () C:\Users\Tina\AppData\Local\{15D041A8-C308-4091-BA37-1C1AF3FBF8BA}2013-08-02 22:54 - 2013-08-02 22:55 - 0000000 ____D () C:\Users\Tina\AppData\Local\{1957958A-D22D-4E8D-A363-A414A2EE4D6C}2014-02-09 13:24 - 2014-02-09 13:25 - 0000000 ____D () C:\Users\Tina\AppData\Local\{1BB8BDF6-455E-4F9B-9710-91AA75923C34}2013-05-04 06:52 - 2013-05-04 06:52 - 0000000 ____D () C:\Users\Tina\AppData\Local\{1E304279-E109-4101-9023-19CE1C0A5B44}2014-02-01 19:45 - 2014-02-01 19:45 - 0000000 ____D () C:\Users\Tina\AppData\Local\{2D375AF6-296F-443C-B8C2-20570AFAC5E8}2013-02-05 19:46 - 2013-02-05 19:46 - 0000000 ____D () C:\Users\Tina\AppData\Local\{30C8F82B-2E7A-4423-8D43-A137DA8FD26E}2013-05-20 13:09 - 2013-05-20 13:09 - 0000000 ____D () C:\Users\Tina\AppData\Local\{3D2E030A-54E4-4076-BCBD-9486F5AF3669}2014-07-17 15:56 - 2014-07-17 15:57 - 0000000 ____D () C:\Users\Tina\AppData\Local\{3E2E96FE-E6C1-44E0-8F0E-F0CB2EE1B55A}2012-08-20 13:46 - 2012-08-20 13:47 - 0000000 ____D () C:\Users\Tina\AppData\Local\{3FBF7CBC-BE23-4983-B564-D376706DC17B}2014-09-12 15:24 - 2014-09-12 15:24 - 0000000 ____D () C:\Users\Tina\AppData\Local\{4276D419-CCAA-4A0B-BBC8-49A8122062BD}2014-02-08 09:51 - 2014-02-08 09:51 - 0000000 ____D () C:\Users\Tina\AppData\Local\{453DFF97-BFA2-48C3-B697-0506B49FF479}2014-07-05 08:06 - 2014-07-05 08:06 - 0000000 ____D () C:\Users\Tina\AppData\Local\{473AA512-A33A-447F-A51C-648922801E13}2014-07-16 07:53 - 2014-07-16 07:53 - 0000000 ____D () C:\Users\Tina\AppData\Local\{536DD4CD-7DB2-4242-AABE-C989D9CE242C}2014-07-10 04:19 - 2014-07-10 04:20 - 0000000 ____D () C:\Users\Tina\AppData\Local\{5563C61D-5732-4328-873E-E0E9AAB7F9D9}2013-07-31 18:28 - 2013-07-31 18:28 - 0000000 ____D () C:\Users\Tina\AppData\Local\{5B2425A4-3885-4D35-A4B4-5EB5D0E3BDBB}2014-07-27 05:15 - 2014-07-27 05:16 - 0000000 ____D () C:\Users\Tina\AppData\Local\{649A7F4F-0CFA-49E4-B96D-0D07EF33FD23}2013-10-27 10:53 - 2013-10-27 10:54 - 0000000 ____D () C:\Users\Tina\AppData\Local\{660F873A-3174-41D8-8953-F12038AE1B3F}2014-08-10 17:57 - 2014-08-10 17:57 - 0000000 ____D () C:\Users\Tina\AppData\Local\{663333F2-314B-469C-9734-B7713D2FD5E5}2014-07-30 19:33 - 2014-07-30 19:33 - 0000000 ____D () C:\Users\Tina\AppData\Local\{66CBD8C8-32CD-42B1-88BB-106FF668FB4E}2014-03-04 21:35 - 2014-03-04 21:35 - 0000000 ____D () C:\Users\Tina\AppData\Local\{6F89B57E-C809-4FC5-AE4B-7FF0C179DA94}2014-07-08 04:49 - 2014-07-08 04:49 - 0000000 ____D () C:\Users\Tina\AppData\Local\{802F168D-B76B-4A28-8E25-1151ECE06E90}2013-01-05 20:08 - 2013-01-05 20:08 - 0000000 ____D () C:\Users\Tina\AppData\Local\{829F6E1A-BA8F-4CFD-8354-B615F4FEA942}2014-07-11 17:36 - 2014-07-11 17:36 - 0000000 ____D () C:\Users\Tina\AppData\Local\{950517C2-309D-4230-99F0-63943538C8A9}2014-01-09 18:19 - 2014-01-09 18:19 - 0000000 ____D () C:\Users\Tina\AppData\Local\{9C47A669-D942-4B73-89B9-A89AEA9FED89}2014-07-16 08:09 - 2014-07-16 08:09 - 0000000 ____D () C:\Users\Tina\AppData\Local\{9ED37B40-52BE-402D-BA09-5CDC180B5A1E}2012-09-05 17:09 - 2012-09-05 17:11 - 0000000 ____D () C:\Users\Tina\AppData\Local\{A6088A5A-5733-40D0-B7A4-522856897B0B}2014-07-16 08:10 - 2014-07-16 08:10 - 0000000 ____D () C:\Users\Tina\AppData\Local\{AEE08942-D739-43E9-9A1B-4BA2DFEEF059}2014-06-01 19:49 - 2014-06-01 19:50 - 0000000 ____D () C:\Users\Tina\AppData\Local\{B4492754-F866-4952-BB1C-E8E7643E263C}2014-01-10 04:22 - 2014-01-10 04:22 - 0000000 ____D () C:\Users\Tina\AppData\Local\{C1FC95DB-FFEB-4F20-AD11-7D7F186F74E0}2012-08-20 13:46 - 2012-08-20 13:46 - 0000000 ____D () C:\Users\Tina\AppData\Local\{C3B5182F-D0D0-46C5-AD4D-A92D3CA3AB95}2014-07-13 10:41 - 2014-07-13 10:41 - 0000000 ____D () C:\Users\Tina\AppData\Local\{C70F9FFA-3623-4519-B2AF-E42567959F37}2014-06-29 19:07 - 2014-06-29 19:07 - 0000000 ____D () C:\Users\Tina\AppData\Local\{E639E21E-144B-4D4C-AEC7-89CC6D379D45}2014-07-11 21:08 - 2014-07-11 21:09 - 0000000 ____D () C:\Users\Tina\AppData\Local\{E79D6522-4BAB-4742-B894-2C1E429F82B6}2014-07-10 21:07 - 2014-07-10 21:08 - 0000000 ____D () C:\Users\Tina\AppData\Local\{EA2F5257-F639-4FC8-A8A5-A6E5C0A6275D}2012-11-08 08:31 - 2012-11-08 08:31 - 0000000 ____D () C:\Users\Tina\AppData\Local\{FCDADEAC-1B87-4D3C-9977-203EAFDA30CA}EmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 3
YARWD1t.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to:
    • Loaded Modules
    • Detect TDLFS file system
    • Verify file digital signatures
  • Note: If you receive the following message: Extended Monitoring Driver is required, click Reboot now, and continue from here following the reboot.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the log in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ComboFix.txt
  • TDSSKiller log (attached)
Link to post
Share on other sites

Fixlog.txt

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Tina at 2014-11-09 22:02:28 Run:2
Running from C:\Users\Tina\Downloads
Loaded Profile: Tina (Available profiles: Tina)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
2014-10-20 16:06 - 2014-11-09 11:37 - 0000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-03-30 15:51 - 2014-03-30 15:50 - 1172776 _____ (AnyProtect.com) C:\Users\Tina\AppData\Local\nss5F57.tmp
2014-10-06 23:27 - 2014-10-06 23:27 - 0000000 _____ () C:\Users\Tina\AppData\Local\{6F07CAAF-A9F6-4663-BC8A-E1A3D8337ABA}
2014-04-08 20:37 - 2014-04-08 19:18 - 1083403 _____ (AnyProtect.com) C:\Users\Tina\AppData\Local\AnyProtectScannerSetup.exe
2012-09-05 17:09 - 2012-09-05 17:10 - 0000000 ____D () C:\Users\Tina\AppData\Local\{15D041A8-C308-4091-BA37-1C1AF3FBF8BA}
2013-08-02 22:54 - 2013-08-02 22:55 - 0000000 ____D () C:\Users\Tina\AppData\Local\{1957958A-D22D-4E8D-A363-A414A2EE4D6C}
2014-02-09 13:24 - 2014-02-09 13:25 - 0000000 ____D () C:\Users\Tina\AppData\Local\{1BB8BDF6-455E-4F9B-9710-91AA75923C34}
2013-05-04 06:52 - 2013-05-04 06:52 - 0000000 ____D () C:\Users\Tina\AppData\Local\{1E304279-E109-4101-9023-19CE1C0A5B44}
2014-02-01 19:45 - 2014-02-01 19:45 - 0000000 ____D () C:\Users\Tina\AppData\Local\{2D375AF6-296F-443C-B8C2-20570AFAC5E8}
2013-02-05 19:46 - 2013-02-05 19:46 - 0000000 ____D () C:\Users\Tina\AppData\Local\{30C8F82B-2E7A-4423-8D43-A137DA8FD26E}
2013-05-20 13:09 - 2013-05-20 13:09 - 0000000 ____D () C:\Users\Tina\AppData\Local\{3D2E030A-54E4-4076-BCBD-9486F5AF3669}
2014-07-17 15:56 - 2014-07-17 15:57 - 0000000 ____D () C:\Users\Tina\AppData\Local\{3E2E96FE-E6C1-44E0-8F0E-F0CB2EE1B55A}
2012-08-20 13:46 - 2012-08-20 13:47 - 0000000 ____D () C:\Users\Tina\AppData\Local\{3FBF7CBC-BE23-4983-B564-D376706DC17B}
2014-09-12 15:24 - 2014-09-12 15:24 - 0000000 ____D () C:\Users\Tina\AppData\Local\{4276D419-CCAA-4A0B-BBC8-49A8122062BD}
2014-02-08 09:51 - 2014-02-08 09:51 - 0000000 ____D () C:\Users\Tina\AppData\Local\{453DFF97-BFA2-48C3-B697-0506B49FF479}
2014-07-05 08:06 - 2014-07-05 08:06 - 0000000 ____D () C:\Users\Tina\AppData\Local\{473AA512-A33A-447F-A51C-648922801E13}
2014-07-16 07:53 - 2014-07-16 07:53 - 0000000 ____D () C:\Users\Tina\AppData\Local\{536DD4CD-7DB2-4242-AABE-C989D9CE242C}
2014-07-10 04:19 - 2014-07-10 04:20 - 0000000 ____D () C:\Users\Tina\AppData\Local\{5563C61D-5732-4328-873E-E0E9AAB7F9D9}
2013-07-31 18:28 - 2013-07-31 18:28 - 0000000 ____D () C:\Users\Tina\AppData\Local\{5B2425A4-3885-4D35-A4B4-5EB5D0E3BDBB}
2014-07-27 05:15 - 2014-07-27 05:16 - 0000000 ____D () C:\Users\Tina\AppData\Local\{649A7F4F-0CFA-49E4-B96D-0D07EF33FD23}
2013-10-27 10:53 - 2013-10-27 10:54 - 0000000 ____D () C:\Users\Tina\AppData\Local\{660F873A-3174-41D8-8953-F12038AE1B3F}
2014-08-10 17:57 - 2014-08-10 17:57 - 0000000 ____D () C:\Users\Tina\AppData\Local\{663333F2-314B-469C-9734-B7713D2FD5E5}
2014-07-30 19:33 - 2014-07-30 19:33 - 0000000 ____D () C:\Users\Tina\AppData\Local\{66CBD8C8-32CD-42B1-88BB-106FF668FB4E}
2014-03-04 21:35 - 2014-03-04 21:35 - 0000000 ____D () C:\Users\Tina\AppData\Local\{6F89B57E-C809-4FC5-AE4B-7FF0C179DA94}
2014-07-08 04:49 - 2014-07-08 04:49 - 0000000 ____D () C:\Users\Tina\AppData\Local\{802F168D-B76B-4A28-8E25-1151ECE06E90}
2013-01-05 20:08 - 2013-01-05 20:08 - 0000000 ____D () C:\Users\Tina\AppData\Local\{829F6E1A-BA8F-4CFD-8354-B615F4FEA942}
2014-07-11 17:36 - 2014-07-11 17:36 - 0000000 ____D () C:\Users\Tina\AppData\Local\{950517C2-309D-4230-99F0-63943538C8A9}
2014-01-09 18:19 - 2014-01-09 18:19 - 0000000 ____D () C:\Users\Tina\AppData\Local\{9C47A669-D942-4B73-89B9-A89AEA9FED89}
2014-07-16 08:09 - 2014-07-16 08:09 - 0000000 ____D () C:\Users\Tina\AppData\Local\{9ED37B40-52BE-402D-BA09-5CDC180B5A1E}
2012-09-05 17:09 - 2012-09-05 17:11 - 0000000 ____D () C:\Users\Tina\AppData\Local\{A6088A5A-5733-40D0-B7A4-522856897B0B}
2014-07-16 08:10 - 2014-07-16 08:10 - 0000000 ____D () C:\Users\Tina\AppData\Local\{AEE08942-D739-43E9-9A1B-4BA2DFEEF059}
2014-06-01 19:49 - 2014-06-01 19:50 - 0000000 ____D () C:\Users\Tina\AppData\Local\{B4492754-F866-4952-BB1C-E8E7643E263C}
2014-01-10 04:22 - 2014-01-10 04:22 - 0000000 ____D () C:\Users\Tina\AppData\Local\{C1FC95DB-FFEB-4F20-AD11-7D7F186F74E0}
2012-08-20 13:46 - 2012-08-20 13:46 - 0000000 ____D () C:\Users\Tina\AppData\Local\{C3B5182F-D0D0-46C5-AD4D-A92D3CA3AB95}
2014-07-13 10:41 - 2014-07-13 10:41 - 0000000 ____D () C:\Users\Tina\AppData\Local\{C70F9FFA-3623-4519-B2AF-E42567959F37}
2014-06-29 19:07 - 2014-06-29 19:07 - 0000000 ____D () C:\Users\Tina\AppData\Local\{E639E21E-144B-4D4C-AEC7-89CC6D379D45}
2014-07-11 21:08 - 2014-07-11 21:09 - 0000000 ____D () C:\Users\Tina\AppData\Local\{E79D6522-4BAB-4742-B894-2C1E429F82B6}
2014-07-10 21:07 - 2014-07-10 21:08 - 0000000 ____D () C:\Users\Tina\AppData\Local\{EA2F5257-F639-4FC8-A8A5-A6E5C0A6275D}
2012-11-08 08:31 - 2012-11-08 08:31 - 0000000 ____D () C:\Users\Tina\AppData\Local\{FCDADEAC-1B87-4D3C-9977-203EAFDA30CA}
EmptyTemp:
end
*****************
 
"C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}" => File/Directory not found.
C:\Users\Tina\AppData\Local\nss5F57.tmp => Moved successfully.
C:\Users\Tina\AppData\Local\{6F07CAAF-A9F6-4663-BC8A-E1A3D8337ABA} => Moved successfully.
C:\Users\Tina\AppData\Local\AnyProtectScannerSetup.exe => Moved successfully.
C:\Users\Tina\AppData\Local\{15D041A8-C308-4091-BA37-1C1AF3FBF8BA} => Moved successfully.
C:\Users\Tina\AppData\Local\{1957958A-D22D-4E8D-A363-A414A2EE4D6C} => Moved successfully.
C:\Users\Tina\AppData\Local\{1BB8BDF6-455E-4F9B-9710-91AA75923C34} => Moved successfully.
C:\Users\Tina\AppData\Local\{1E304279-E109-4101-9023-19CE1C0A5B44} => Moved successfully.
C:\Users\Tina\AppData\Local\{2D375AF6-296F-443C-B8C2-20570AFAC5E8} => Moved successfully.
C:\Users\Tina\AppData\Local\{30C8F82B-2E7A-4423-8D43-A137DA8FD26E} => Moved successfully.
C:\Users\Tina\AppData\Local\{3D2E030A-54E4-4076-BCBD-9486F5AF3669} => Moved successfully.
C:\Users\Tina\AppData\Local\{3E2E96FE-E6C1-44E0-8F0E-F0CB2EE1B55A} => Moved successfully.
C:\Users\Tina\AppData\Local\{3FBF7CBC-BE23-4983-B564-D376706DC17B} => Moved successfully.
C:\Users\Tina\AppData\Local\{4276D419-CCAA-4A0B-BBC8-49A8122062BD} => Moved successfully.
C:\Users\Tina\AppData\Local\{453DFF97-BFA2-48C3-B697-0506B49FF479} => Moved successfully.
C:\Users\Tina\AppData\Local\{473AA512-A33A-447F-A51C-648922801E13} => Moved successfully.
C:\Users\Tina\AppData\Local\{536DD4CD-7DB2-4242-AABE-C989D9CE242C} => Moved successfully.
C:\Users\Tina\AppData\Local\{5563C61D-5732-4328-873E-E0E9AAB7F9D9} => Moved successfully.
C:\Users\Tina\AppData\Local\{5B2425A4-3885-4D35-A4B4-5EB5D0E3BDBB} => Moved successfully.
C:\Users\Tina\AppData\Local\{649A7F4F-0CFA-49E4-B96D-0D07EF33FD23} => Moved successfully.
C:\Users\Tina\AppData\Local\{660F873A-3174-41D8-8953-F12038AE1B3F} => Moved successfully.
C:\Users\Tina\AppData\Local\{663333F2-314B-469C-9734-B7713D2FD5E5} => Moved successfully.
C:\Users\Tina\AppData\Local\{66CBD8C8-32CD-42B1-88BB-106FF668FB4E} => Moved successfully.
C:\Users\Tina\AppData\Local\{6F89B57E-C809-4FC5-AE4B-7FF0C179DA94} => Moved successfully.
C:\Users\Tina\AppData\Local\{802F168D-B76B-4A28-8E25-1151ECE06E90} => Moved successfully.
C:\Users\Tina\AppData\Local\{829F6E1A-BA8F-4CFD-8354-B615F4FEA942} => Moved successfully.
C:\Users\Tina\AppData\Local\{950517C2-309D-4230-99F0-63943538C8A9} => Moved successfully.
C:\Users\Tina\AppData\Local\{9C47A669-D942-4B73-89B9-A89AEA9FED89} => Moved successfully.
C:\Users\Tina\AppData\Local\{9ED37B40-52BE-402D-BA09-5CDC180B5A1E} => Moved successfully.
C:\Users\Tina\AppData\Local\{A6088A5A-5733-40D0-B7A4-522856897B0B} => Moved successfully.
C:\Users\Tina\AppData\Local\{AEE08942-D739-43E9-9A1B-4BA2DFEEF059} => Moved successfully.
C:\Users\Tina\AppData\Local\{B4492754-F866-4952-BB1C-E8E7643E263C} => Moved successfully.
C:\Users\Tina\AppData\Local\{C1FC95DB-FFEB-4F20-AD11-7D7F186F74E0} => Moved successfully.
C:\Users\Tina\AppData\Local\{C3B5182F-D0D0-46C5-AD4D-A92D3CA3AB95} => Moved successfully.
C:\Users\Tina\AppData\Local\{C70F9FFA-3623-4519-B2AF-E42567959F37} => Moved successfully.
C:\Users\Tina\AppData\Local\{E639E21E-144B-4D4C-AEC7-89CC6D379D45} => Moved successfully.
C:\Users\Tina\AppData\Local\{E79D6522-4BAB-4742-B894-2C1E429F82B6} => Moved successfully.
C:\Users\Tina\AppData\Local\{EA2F5257-F639-4FC8-A8A5-A6E5C0A6275D} => Moved successfully.
C:\Users\Tina\AppData\Local\{FCDADEAC-1B87-4D3C-9977-203EAFDA30CA} => Moved successfully.
EmptyTemp: => Removed 540 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
 
 
Combofix.txt
 
ComboFix 14-11-09.02 - Tina 11/09/2014  22:39:12.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3989.2091 [GMT -6:00]
Running from: c:\users\Tina\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\program files (x86)\DealPly
c:\program files (x86)\DealPly\uninst.exe
c:\programdata\ntuser.pol
c:\programdata\Services
c:\windows\msdownld.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2014-10-10 to 2014-11-10  )))))))))))))))))))))))))))))))
.
.
2014-11-10 04:51 . 2014-11-10 04:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-09 16:26 . 2014-11-09 16:26 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-11-09 14:51 . 2014-11-10 04:17 -------- d-----w- C:\FRST
2014-11-09 13:27 . 2014-11-09 21:02 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-09 13:27 . 2014-10-01 17:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-09 13:27 . 2014-10-01 17:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-09 13:27 . 2014-10-01 17:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-09 13:27 . 2014-11-09 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-11-05 03:52 . 2014-11-05 03:52 -------- d-----w- c:\programdata\Unknown
2014-11-04 09:58 . 2014-11-09 22:42 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-10-26 00:27 . 2014-10-26 00:29 -------- d-----w- c:\users\Tina\AppData\Roaming\Apple Computer
2014-10-26 00:27 . 2014-10-26 00:27 -------- d-----w- c:\users\Tina\AppData\Local\Apple Computer
2014-10-26 00:27 . 2014-10-26 11:02 -------- dc----w- c:\windows\system32\DRVSTORE
2014-10-26 00:25 . 2014-10-26 11:03 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-26 00:25 . 2014-10-26 00:25 -------- d-----w- c:\programdata\Apple Computer
2014-10-26 00:23 . 2014-10-26 00:23 -------- d-----w- c:\users\Tina\AppData\Local\Apple
2014-10-26 00:22 . 2014-10-26 11:03 -------- d-----w- c:\program files (x86)\Common Files\Apple
2014-10-26 00:22 . 2014-10-26 10:49 -------- d-----w- c:\programdata\Apple
2014-10-24 14:03 . 2014-10-24 14:03 -------- d-----w- c:\programdata\Malwarebytes
2014-10-21 11:37 . 2014-10-21 11:37 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-21 11:37 . 2014-10-21 11:37 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-21 11:37 . 2014-10-21 11:37 -------- d-----w- c:\program files (x86)\Java
2014-10-21 01:49 . 2014-10-21 01:49 -------- d-----w- c:\users\Tina\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2014-10-17 11:36 . 2014-10-17 11:36 -------- d-----w- C:\07ff25f192f504bef610202f2c68322b
2014-10-16 10:51 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-16 10:50 . 2014-09-04 05:23 424448 ----a-w- c:\windows\system32\rastls.dll
2014-10-16 10:50 . 2014-09-04 05:04 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-10-16 10:50 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
2014-10-16 10:50 . 2014-09-18 01:32 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-10-16 10:50 . 2014-09-13 01:58 77312 ----a-w- c:\windows\system32\packager.dll
2014-10-16 10:50 . 2014-09-13 01:40 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-17 11:36 . 2014-01-10 23:28 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-09-25 22:08 . 2014-03-05 05:05 590536 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-25 02:08 . 2014-10-01 10:51 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 10:51 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-23 23:27 . 2012-04-26 04:20 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-23 23:27 . 2012-03-22 21:34 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 23:27 . 2014-09-23 23:27 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-13 08:41 . 2011-03-29 01:36 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-09-09 22:11 . 2014-09-24 05:29 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 05:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-08 22:35 . 2014-09-08 22:35 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2014-09-08 22:34 . 2014-09-08 22:34 2876528 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-09-08 22:33 . 2014-09-08 22:33 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-08-26 02:20 . 2014-10-03 20:21 876248 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtsp64.sys
2014-08-26 02:20 . 2014-10-03 20:21 37592 ----a-w- c:\windows\system32\drivers\N360x64\1506000.020\srtspx64.sys
2014-08-23 02:07 . 2014-08-28 01:29 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 01:29 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-20 08:52 . 2014-08-20 08:52 0 ----a-w- c:\windows\SysWow64\sho7B99.tmp
2014-08-13 02:42 . 2014-08-12 02:23 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2014-08-13 02:42 . 2014-08-12 02:23 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2014-08-13 02:42 . 2014-08-12 02:23 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2014-08-13 02:42 . 2014-08-12 02:23 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 08:18 1729232 ----a-w- c:\program files\Microsoft Office 15\root\office15\grooveex.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_173588A2444459FBF3969E0E864A205A"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-10-22 854344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-05 291608]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-26 271744]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys;c:\windows\SYSNATIVE\DRIVERS\HP8207_8307.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys;c:\windows\SYSNATIVE\drivers\SiUSBXp.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20141030.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 ccSet_NAT;Norton Anti-Theft Settings Manager;c:\windows\system32\drivers\NATx64\0107000.013\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NATx64\0107000.013\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20141107.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20141107.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe;c:\program files (x86)\Fitbit\fitbit.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 NAT;Norton Anti-Theft;c:\program files (x86)\Norton Anti-Theft\Engine\1.7.0.19\ccSvcHst.exe;c:\program files (x86)\Norton Anti-Theft\Engine\1.7.0.19\ccSvcHst.exe [x]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe;c:\program files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys;c:\windows\SYSNATIVE\DRIVERS\FwLnk.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 SmbDrv;SmbDrv;c:\windows\system32\DRIVERS\Smb_driver.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver.sys [x]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-29 04:59 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 23:27]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15 15:01]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15 15:01]
.
2014-11-10 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
- c:\program files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 20:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 10:10 2334416 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-10-21 23:52 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-11-26 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-10 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-10 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-10 440088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{17EAA9CA-6743-492E-B31D-FE2FF7DD20CA}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
TCP: Interfaces\{67658A6F-CEC4-456C-AE78-6E6EC7634B3D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\1thh09tt.default\
FF - user.js: extensions.mysearchdial.id - 00266C138AA4CD8F
FF - user.js: extensions.mysearchdial.instlDay - 16168
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.021:41
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - cmi_14_15_ch
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_b
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 1513342027
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtND0C0FtByE0F2Q
FF - user.js: extensions.mysearchdial.AL - 2
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-BFG-Cake Mania - Lights, Camera, Action - c:\program files (x86)\Cake Mania - Lights
AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4
AddRemove-Treasure Masters, Inc - c:\program files (x86)\Viva Media\Play 101\Treasure Masters
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NAT]
"ImagePath"="\"c:\program files (x86)\Norton Anti-Theft\Engine\1.7.0.19\ccSvcHst.exe\" /s \"NAT\" /m \"c:\program files (x86)\Norton Anti-Theft\Engine\1.7.0.19\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.17.38\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-09  23:07:21
ComboFix-quarantined-files.txt  2014-11-10 05:07
.
Pre-Run: 530,912,489,472 bytes free
Post-Run: 537,745,915,904 bytes free
.
- - End Of File - - 4421E32730363E6792F034881A3637C4
 

 

Link to post
Share on other sites

Good job, Tina. 
Please do the following. 
 
STEP 1
b8zkrsY.png Browser Reset
 
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.

Proceed with the reset once done.

STEP 2
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 3
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Note: If you unchecked any items in AdwCleaner, please backup the associated folders/files before running JRT.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

STEP 4
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Did your browsers reset OK?
  • AdwCleaner[s0].txt
  • JRT.txt
  • FRST.txt
  • Addition.txt
Link to post
Share on other sites

Well, damn. having an issue. at the very beginning when I have to reset the browser. For chrome-I went to settings, advanced settings and reset setting, as stated. after about 30 seconds, I got a page crashed message. now, I get nothing, when I click on google chrome, I get a blank page, (fine) but that is it. it will not let me load anything. It does not show a spinning icon, nothing. I am currently on my other browser IE, just to get back to you..

Link to post
Share on other sites

Hi Tina, 
 
Sorry to hear that
It's very unusual - I've never heard that happen before. 
 
Lets uninstall and reinstall Chrome. 
 
EtQetiM.png Uninstall/Reinstall Chrome

  • Follow these instructions on how to backup your Chrome bookmarks: Backup Chrome Bookmarks
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall.
    • Google Chrome
  • Follow the prompts.
  • Reboot if necessary.
  • Download and install U5NwUGc.png.pagespeed.ce.fQOA5bLO8d.png Google Chrome.
Link to post
Share on other sites

uninstalled.  However, when trying to install, I get "your current Security settings do not allow this file to be downloaded". I disabled the Norton "Anti virus auto protect" and still got the same message, so I then disabled the "Smart Firewall" but again got the same message.... so no luck there..

Link to post
Share on other sites

Hi Tina,

Do the following, then download and install Chrome. Proceed with the rest of my instructions once done.

  • Press the Windows Key xpdKOQKY.png.pagespeed.ic.tmAgS1-k6q.png + r on your keyboard at the same time. Type inetcpl.cpl and click OK.
  • Click Security
  • Click Custom level....
  • Scroll down to Downloads.
  • Under File download, place a checkmark next to Enable.
  • Click OK.
Link to post
Share on other sites

ok, question about the Adwcleaner. it ran the scan and there is nothing listed... on the "services" tab. but there is a ton of stuff on the other tabs. "Folders", "files", "shortcuts", "registry", etc... am i supposed to Uncheck these items? I don't even know what  most of this is... 

Link to post
Share on other sites

AdwCleaner

 

# AdwCleaner v4.101 - Report created 11/11/2014 at 20:03:02
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.9 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Tina - TINA-PC
# Running from : C:\Users\Tina\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\SearchProtect
Folder Deleted : C:\ProgramData\Ask
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\GameTap Web Player
Folder Deleted : C:\ProgramData\Registry Helper
Folder Deleted : C:\ProgramData\Alawar
[#] Folder Deleted : C:\ProgramData\Alawar Stargaze
Folder Deleted : C:\ProgramData\AlawarSouthpoint
Folder Deleted : C:\ProgramData\AlawarWrapper
Folder Deleted : C:\Program Files (x86)\GameTap Web Player
Folder Deleted : C:\Program Files (x86)\Uninstaller
Folder Deleted : C:\Users\Public\Documents\AlawarWrapper
Folder Deleted : C:\Users\Tina\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Tina\AppData\LocalLow\Smartbar
Folder Deleted : C:\Users\Tina\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Tina\AppData\Roaming\Conduit
Folder Deleted : C:\Users\Tina\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Tina\AppData\Roaming\PC Health Kit
Folder Deleted : C:\Users\Tina\AppData\Roaming\pccustubinstaller
Folder Deleted : C:\Users\Tina\AppData\Roaming\Alawar
Folder Deleted : C:\Users\Tina\AppData\Roaming\AlawarSouthpoint
Folder Deleted : C:\Users\Tina\Documents\Alawar
Folder Deleted : C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Folder Deleted : C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
File Deleted : C:\windows\SysWOW64\RegistryHelperLM.ocx
File Deleted : C:\Users\Tina\AppData\Roaming\aps.uninstall.scan.results
File Deleted : C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\1thh09tt.default\user.js
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2FCFC6FD-409C-43AD-88C4-1F7610125B87}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{32B59440-5A17-4522-AA27-8F84B9A64AEB}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4C1C2024-BE02-4011-92CA-B6E1E333C010}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EE17D239-0B9D-425C-AA3A-E402C42C015A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F9EB11AB-9384-4736-9B33-993940F88895}
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Alawar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\ParetoLogic
Key Deleted : HKLM\SOFTWARE\Alawar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17344
 
 
-\\ Mozilla Firefox v22.0 (en-US)
 
 
-\\ Google Chrome v38.0.2125.111
 
 
-\\ Chromium v
 
 
*************************
 
AdwCleaner[R0].txt - [8902 octets] - [11/11/2014 06:20:53]
AdwCleaner[R1].txt - [8962 octets] - [11/11/2014 06:30:12]
AdwCleaner[s0].txt - [8736 octets] - [11/11/2014 20:03:02]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8796 octets] ##########
 
 
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by Tina on Tue 11/11/2014 at 20:17:15.04
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1885051997-1458977773-2881551217-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\sparktrust"
Successfully deleted: [Folder] "C:\Users\Tina\AppData\Roaming\mywordtool"
Successfully deleted: [Folder] "C:\Users\Tina\AppData\Roaming\sparktrust"
Successfully deleted: [Folder] "C:\Users\Tina\appdata\local\cre"
Successfully deleted: [Folder] "C:\Program Files (x86)\sparktrust"
 
 
 
~~~ FireFox
 
Successfully deleted: [Folder] C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\1thh09tt.default\extensions\staged
Successfully deleted the following from C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\1thh09tt.default\prefs.js
 
user_pref("extensions.toolbar@news.net.AdConfig", "{\"type\":\"page\",\"value\":100000}\n");
user_pref("extensions.toolbar@news.net.AdConfigLastUpdate", -64547107);
user_pref("extensions.toolbar@news.net.id", "49f57c2f-a850-42e5-a319-009f5a85f351");
user_pref("extensions.toolbar@news.net.referid", "115");
0domain%3D%22sportsauthority.com%22%20/%3E%0D%0A%20%20%20%20%3Cmerchant%20domain%3D%22fandango.com%22%20/%3E%0D%0A%20%20%20%20%3Cmerchant%20domain%3D%22walgreens.com%22%20/%3E
user_pref("id_couponscom.variablemerchants", "%5B%22victoriassecret.com%22%2C%22budget.com%22%2C%22hm.com%22%2C%22bedbathbeyond.com%22%2C%22hertz.com%22%2C%22jcpenney.com%22%2
user_pref("id_couponscom.variables.Var1", "hxxp%3A//cdn.coupons.com/couponbar.coupons.com");
user_pref("id_couponscom.variables.Var2", "hxxp%3A//couponbar.coupons.com");
user_pref("id_couponscom.variables.Var3", "hxxp%3A//www.coupons.com/coupon-codes/");
Emptied folder: C:\Users\Tina\AppData\Roaming\mozilla\firefox\profiles\1thh09tt.default\minidumps [1 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/11/2014 at 20:22:46.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Tina (administrator) on TINA-PC on 11-11-2014 20:25:04
Running from C:\Users\Tina\Downloads
Loaded Profile: Tina (Available profiles: Tina)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit\fitbit.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.7.0.19\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\Run: [GoogleChromeAutoLaunch_173588A2444459FBF3969E0E864A205A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344 2014-10-21] (Google Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} 
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{17EAA9CA-6743-492E-B31D-FE2FF7DD20CA}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{67658A6F-CEC4-456C-AE78-6E6EC7634B3D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
 
FireFox:
========
FF ProfilePath: C:\Users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\1thh09tt.default
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1885051997-1458977773-2881551217-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tina\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1885051997-1458977773-2881551217-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Tina\AppData\Roaming\Zoom\bin\npzoomplugin.dll (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\IPSFF [2014-05-07]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.2.0.38\coFFPlgn [2014-11-11]
FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar\firefox\{1C43BAF1-00C2-40A8-A09E-F84CFD79546D}\Coupons.com.xpi [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.aol.com/
CHR StartupUrls: Default -> "hxxp://www.aol.com/"
CHR Profile: C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-11]
CHR Extension: (Bejeweled) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm [2014-11-11]
CHR Extension: (Angry Birds) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2014-11-11]
CHR Extension: (Google Docs) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-11]
CHR Extension: (Google Drive) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-11]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-11]
CHR Extension: (YouTube) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-11]
CHR Extension: (Google Search) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-11]
CHR Extension: (Google Sheets) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-11]
CHR Extension: (Swagbucks Extension) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngocbkfmikdgphklgmmehbjjlfgdemm [2014-11-11]
CHR Extension: (Norton Identity Safe) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-11-11]
CHR Extension: (Google Wallet) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-11]
CHR Extension: (Gmail) - C:\Users\Tina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 Fitbit; C:\Program Files (x86)\Fitbit\fitbit.exe [773152 2012-06-22] (Fitbit, Inc.) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.7.0.19\ccSvcHst.exe [144520 2012-12-23] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [132504 2014-05-09] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\BASHDefs\20141107.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2014-02-24] (Symantec Corporation)
R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\0107000.013\ccSetx64.sys [168096 2012-11-15] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 HP8207_8307; C:\Windows\System32\DRIVERS\HP8207_8307.sys [15360 2010-02-04] (Windows ® Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\IPSDefs\20141111.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-09] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.002\ENG64.SYS [129752 2014-11-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.2.0.38\Definitions\VirusDefs\20141111.002\EX64.SYS [2137304 2014-11-10] (Symantec Corporation)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-22] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-05-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 20:25 - 2014-11-11 20:25 - 00024248 _____ () C:\Users\Tina\Downloads\FRST.txt
2014-11-11 20:23 - 2014-11-11 20:23 - 01706808 _____ (Thisisu) C:\Users\Tina\Downloads\JRT (1).exe
2014-11-11 20:22 - 2014-11-11 20:22 - 00003005 _____ () C:\Users\Tina\Desktop\JRT.txt
2014-11-11 20:17 - 2014-11-11 20:17 - 00000000 ____D () C:\windows\ERUNT
2014-11-11 20:16 - 2014-11-11 20:16 - 01706808 _____ (Thisisu) C:\Users\Tina\Downloads\JRT.exe
2014-11-11 20:14 - 2014-11-11 20:14 - 00008992 _____ () C:\Users\Tina\Desktop\AdwCleaner[s0].txt
2014-11-11 06:20 - 2014-11-11 06:20 - 00001172 _____ () C:\Users\Tina\Desktop\AdwCleaner - Shortcut.lnk
2014-11-11 06:19 - 2014-11-11 20:03 - 00000000 ____D () C:\AdwCleaner
2014-11-11 06:19 - 2014-11-11 06:19 - 02140160 _____ () C:\Users\Tina\Downloads\AdwCleaner.exe
2014-11-11 06:12 - 2014-11-11 06:12 - 00002270 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-11 06:12 - 2014-11-11 06:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-11 02:42 - 2014-11-11 02:42 - 01107968 _____ (Farbar) C:\Users\Tina\Downloads\unconfirmed 374739.crdownload
2014-11-10 20:43 - 2014-11-10 20:43 - 00059553 _____ () C:\Users\Tina\Desktop\bookmarks_11_10_14.html
2014-11-09 23:25 - 2014-11-09 23:25 - 00001172 _____ () C:\Users\Tina\Desktop\tdsskiller - Shortcut.lnk
2014-11-09 23:20 - 2014-11-09 23:20 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Tina\Downloads\tdsskiller.exe
2014-11-09 23:07 - 2014-11-09 23:07 - 00031042 _____ () C:\ComboFix.txt
2014-11-09 22:37 - 2011-06-26 00:45 - 00256000 _____ () C:\windows\PEV.exe
2014-11-09 22:37 - 2010-11-07 11:20 - 00208896 _____ () C:\windows\MBR.exe
2014-11-09 22:37 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-11-09 22:37 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-11-09 22:37 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-11-09 22:37 - 2000-08-30 18:00 - 00098816 _____ () C:\windows\sed.exe
2014-11-09 22:37 - 2000-08-30 18:00 - 00080412 _____ () C:\windows\grep.exe
2014-11-09 22:37 - 2000-08-30 18:00 - 00068096 _____ () C:\windows\zip.exe
2014-11-09 22:36 - 2014-11-09 23:08 - 00000000 ____D () C:\Qoobox
2014-11-09 22:36 - 2014-11-09 23:02 - 00000000 ____D () C:\windows\erdnt
2014-11-09 22:18 - 2014-11-09 22:19 - 00000017 _____ () C:\windows\SysWOW64\shortcut_ex.dat
2014-11-09 22:01 - 2014-11-09 22:01 - 00000000 ____D () C:\Users\Tina\Downloads\FRST-OlderVersion
2014-11-09 10:26 - 2014-11-09 10:26 - 00001279 _____ () C:\Users\Tina\Desktop\Revo Uninstaller.lnk
2014-11-09 10:26 - 2014-11-09 10:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-09 10:25 - 2014-11-09 10:25 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tina\Downloads\revosetup.exe
2014-11-09 08:52 - 2014-11-09 08:52 - 00001134 _____ () C:\Users\Tina\Desktop\frst64 - Shortcut.lnk
2014-11-09 08:51 - 2014-11-11 20:25 - 00000000 ____D () C:\FRST
2014-11-09 08:48 - 2014-11-09 22:01 - 02116096 _____ (Farbar) C:\Users\Tina\Downloads\FRST64.exe
2014-11-09 07:27 - 2014-11-09 15:02 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-09 07:27 - 2014-11-09 07:27 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-09 07:27 - 2014-11-09 07:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-09 07:27 - 2014-11-09 07:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-09 07:27 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-11-09 07:27 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-11-09 07:27 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-11-09 07:24 - 2014-11-09 07:25 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Tina\Downloads\mbam-setup-2.0.3.1025 (1).exe
2014-11-07 14:03 - 2014-11-07 14:03 - 00631030 _____ () C:\Users\Tina\Downloads\4-9-14 PRINTABLE Younique product training guide (2).xlsx
2014-11-07 14:00 - 2014-11-07 14:00 - 00002030 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-11-05 22:13 - 2014-11-05 22:14 - 00000000 ____D () C:\Users\Tina\Documents\tupperware
2014-11-05 06:00 - 2014-11-05 06:00 - 00000761 _____ () C:\windows\system32\Drivers\etc\hosts.txt
2014-11-04 21:52 - 2014-11-04 21:52 - 00000000 ____D () C:\ProgramData\Unknown
2014-10-25 18:52 - 2014-10-25 18:58 - 146463890 _____ () C:\Users\Tina\Downloads\Gorillaz - Plastic Beach.zip
2014-10-25 18:52 - 2014-10-25 18:57 - 133849038 _____ () C:\Users\Tina\Downloads\Gorillaz - Demon Days.zip
2014-10-25 18:51 - 2014-10-25 18:57 - 134712909 _____ () C:\Users\Tina\Downloads\Gorillaz - The Singles Collection 2001-2011.zip
2014-10-25 18:51 - 2014-10-25 18:57 - 116979033 _____ () C:\Users\Tina\Downloads\Panic! At The Disco - Pretty Odd.zip
2014-10-25 18:27 - 2014-10-25 18:29 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Apple Computer
2014-10-25 18:27 - 2014-10-25 18:27 - 00000000 ____D () C:\Users\Tina\AppData\Local\Apple Computer
2014-10-25 18:25 - 2014-10-26 05:03 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-25 18:25 - 2014-10-25 18:25 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-10-25 18:23 - 2014-10-25 18:23 - 00000000 ____D () C:\Users\Tina\AppData\Local\Apple
2014-10-25 18:22 - 2014-10-26 04:49 - 00000000 ____D () C:\ProgramData\Apple
2014-10-25 18:15 - 2014-10-25 18:20 - 122418480 _____ (Apple Inc.) C:\Users\Tina\Downloads\iTunes64Setup.exe
2014-10-24 08:03 - 2014-10-24 08:03 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Tina\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-24 08:03 - 2014-10-24 08:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-21 05:37 - 2014-10-21 05:37 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-10-21 05:37 - 2014-10-21 05:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-10-21 05:37 - 2014-10-21 05:37 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-10-21 05:37 - 2014-10-21 05:37 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-21 05:37 - 2014-10-21 05:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-21 05:37 - 2014-10-21 05:37 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-20 19:51 - 2014-10-20 19:51 - 00000000 ____D () C:\Users\Tina\Documents\YNAB
2014-10-20 19:49 - 2014-10-20 19:49 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
2014-10-19 18:47 - 2014-10-19 18:47 - 00000984 _____ () C:\Users\Tina\Downloads\ScholarshipAppDisplayTennPromise.fdf
2014-10-17 05:36 - 2014-10-17 05:36 - 00000000 ____D () C:\07ff25f192f504bef610202f2c68322b
2014-10-16 04:52 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-10-16 04:52 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-10-16 04:52 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-10-16 04:52 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-10-16 04:52 - 2014-07-08 20:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-10-16 04:52 - 2014-07-08 20:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-10-16 04:52 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-10-16 04:52 - 2014-07-08 19:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-10-16 04:52 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-10-16 04:52 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-10-16 04:52 - 2014-07-08 19:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-10-16 04:52 - 2014-07-08 16:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-10-16 04:52 - 2014-07-08 16:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-10-16 04:52 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-10-16 04:52 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-10-16 04:52 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-10-16 04:52 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-10-16 04:52 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-10-16 04:52 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-10-16 04:51 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-10-16 04:51 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-10-16 04:51 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-10-16 04:51 - 2014-10-06 20:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-10-16 04:51 - 2014-10-06 20:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-10-16 04:51 - 2014-09-25 16:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-10-16 04:51 - 2014-09-25 16:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-10-16 04:51 - 2014-09-25 16:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-10-16 04:51 - 2014-09-25 16:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-10-16 04:51 - 2014-09-25 16:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-10-16 04:51 - 2014-09-25 16:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-10-16 04:51 - 2014-09-25 16:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-10-16 04:51 - 2014-09-18 20:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-10-16 04:51 - 2014-09-18 19:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-10-16 04:51 - 2014-09-18 19:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-10-16 04:51 - 2014-09-18 19:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-10-16 04:51 - 2014-09-18 19:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-10-16 04:51 - 2014-09-18 19:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-10-16 04:51 - 2014-09-18 19:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-10-16 04:51 - 2014-09-18 19:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-10-16 04:51 - 2014-09-18 19:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-10-16 04:51 - 2014-09-18 19:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-10-16 04:51 - 2014-09-18 19:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-10-16 04:51 - 2014-09-18 19:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-10-16 04:51 - 2014-09-18 19:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-10-16 04:51 - 2014-09-18 19:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-10-16 04:51 - 2014-09-18 19:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-10-16 04:51 - 2014-09-18 19:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-10-16 04:51 - 2014-09-18 19:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-10-16 04:51 - 2014-09-18 19:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-10-16 04:51 - 2014-09-18 19:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-10-16 04:51 - 2014-09-18 19:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-10-16 04:51 - 2014-09-18 19:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 04:51 - 2014-09-18 19:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-10-16 04:51 - 2014-09-18 19:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-10-16 04:51 - 2014-09-18 19:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-10-16 04:51 - 2014-09-18 19:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-10-16 04:51 - 2014-09-18 19:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-10-16 04:51 - 2014-09-18 18:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-10-16 04:51 - 2014-09-18 18:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-10-16 04:51 - 2014-09-18 18:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-10-16 04:51 - 2014-09-18 18:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-10-16 04:51 - 2014-09-18 18:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-10-16 04:51 - 2014-09-18 18:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-10-16 04:51 - 2014-09-18 18:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-10-16 04:51 - 2014-09-18 18:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-10-16 04:51 - 2014-09-18 18:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-10-16 04:51 - 2014-09-18 18:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-10-16 04:51 - 2014-09-18 18:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-10-16 04:51 - 2014-09-18 18:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 04:51 - 2014-09-18 18:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-10-16 04:51 - 2014-09-18 18:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-10-16 04:51 - 2014-09-18 18:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-10-16 04:51 - 2014-09-18 18:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-10-16 04:51 - 2014-09-18 18:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-10-16 04:51 - 2014-09-18 17:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-10-16 04:51 - 2014-09-18 17:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-10-16 04:51 - 2014-09-18 17:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-10-16 04:51 - 2014-09-18 17:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-10-16 04:51 - 2014-07-16 20:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-10-16 04:51 - 2014-07-16 20:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-10-16 04:51 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-10-16 04:51 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-10-16 04:51 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-10-16 04:51 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-10-16 04:51 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-10-16 04:51 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-10-16 04:51 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-10-16 04:51 - 2014-07-16 19:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-10-16 04:51 - 2014-07-16 19:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-10-16 04:51 - 2014-07-16 19:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-10-16 04:51 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-10-16 04:51 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-10-16 04:51 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-10-16 04:51 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-10-16 04:50 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-10-16 04:50 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-10-16 04:50 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-10-16 04:50 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-10-16 04:50 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-10-16 04:50 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-11 20:16 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-11 20:16 - 2009-07-13 22:45 - 00024608 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-11 20:15 - 2012-04-25 20:59 - 01073128 _____ () C:\windows\WindowsUpdate.log
2014-11-11 20:08 - 2013-06-15 09:01 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-11 20:08 - 2012-04-25 21:04 - 00000828 _____ () C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-11-11 20:08 - 2010-11-20 21:47 - 01607182 _____ () C:\windows\PFRO.log
2014-11-11 20:08 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-11-11 20:08 - 2009-07-13 22:51 - 00066171 _____ () C:\windows\setupact.log
2014-11-11 20:01 - 2012-04-25 22:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-11-11 19:58 - 2013-06-15 09:01 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-11 06:12 - 2012-07-20 11:14 - 00000000 ____D () C:\Users\Tina\AppData\Local\Google
2014-11-11 06:11 - 2012-04-25 21:47 - 00000000 ____D () C:\Program Files (x86)\Google
2014-11-10 20:52 - 2014-05-17 07:44 - 00000000 ___RD () C:\Users\Tina\Google Drive
2014-11-09 23:07 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-11-09 22:51 - 2009-07-13 20:34 - 00000215 _____ () C:\windows\system.ini
2014-11-09 14:58 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\SchCache
2014-11-09 11:36 - 2009-07-13 21:20 - 00000000 ___HD () C:\windows\system32\GroupPolicy
2014-11-09 11:17 - 2012-08-28 20:48 - 00000000 ____D () C:\Users\Tina\AppData\Local\CrashDumps
2014-11-09 06:05 - 2012-07-22 18:48 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\SoftGrid Client
2014-11-08 23:01 - 2012-10-04 06:15 - 00035347 _____ () C:\Users\Tina\Desktop\bills.xlsx
2014-11-07 14:00 - 2012-03-22 15:34 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-11-05 05:21 - 2014-05-17 07:43 - 00002053 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-05 05:21 - 2014-05-17 07:43 - 00002041 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-05 05:21 - 2014-05-17 07:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-04 23:20 - 2009-07-13 23:13 - 00783360 _____ () C:\windows\system32\PerfStringBackup.INI
2014-11-04 04:19 - 2012-09-25 19:07 - 00003958 _____ () C:\windows\System32\Tasks\PC Checkup 3 Weekly Scan
2014-10-31 12:40 - 2014-01-25 21:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-10-29 05:16 - 2014-08-18 05:14 - 00000000 ____D () C:\Users\Tina\Documents\Outlook Files
2014-10-24 08:39 - 2009-07-13 23:32 - 00000000 ____D () C:\windows\Performance
2014-10-24 07:50 - 2014-01-10 04:57 - 00000194 _____ () C:\Users\Tina\AppData\Roaming\WB.CFG
2014-10-24 06:50 - 2014-09-21 15:46 - 00000000 ____D () C:\Users\Tina\Desktop\crochet
2014-10-22 06:47 - 2012-11-13 20:53 - 00000000 ____D () C:\Users\Tina\AppData\Roaming\Skype
2014-10-22 05:27 - 2012-07-22 18:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-10-21 05:45 - 2014-05-26 16:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-21 05:23 - 2012-07-20 08:04 - 00000000 ____D () C:\Users\Tina
2014-10-20 14:53 - 2013-06-15 09:01 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 14:53 - 2013-06-15 09:01 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 08:10 - 2009-07-13 22:45 - 00454248 _____ () C:\windows\system32\FNTCACHE.DAT
2014-10-17 08:05 - 2014-05-09 02:00 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-10-17 05:45 - 2014-03-04 22:59 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-17 05:36 - 2014-01-10 17:28 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-10-17 05:36 - 2014-01-10 17:28 - 00000000 ____D () C:\windows\system32\MRT
2014-10-13 05:27 - 2014-06-30 03:32 - 00000000 ____D () C:\Users\Tina\Desktop\Younique 53766
 
Some content of TEMP:
====================
C:\Users\Tina\AppData\Local\Temp\Quarantine.exe
C:\Users\Tina\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 22:01
 
==================== End Of Log ============================
Link to post
Share on other sites

addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Tina at 2014-11-11 20:26:49
Running from C:\Users\Tina\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
1001 Nights: The Adventures Of Sindbad (HKLM-x32\...\1001 Nights: The Adventures Of Sindbad) (Version:  - Alawar Entertainment Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Action Ball 2 (HKLM-x32\...\Action Ball 2) (Version: 1.0 - Alawar Entertainment Inc.)
Action Ball Deluxe (HKLM-x32\...\Action Ball Deluxe) (Version: 1.0 - Alawar Entertainment Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Alabama Smith in Escape from Pompeii (HKLM-x32\...\Alabama Smith in Escape from Pompeii) (Version:  - Alawar Entertainment Inc.)
Alabama Smith in the Quest of Fate (HKLM-x32\...\Alabama Smith in the Quest of Fate) (Version:  - Alawar Entertainment Inc.)
Alex Gordon (HKLM-x32\...\Alex Gordon) (Version:  - Alawar Entertainment Inc.)
Alexandra Fortune - Mystery of the Lunar Archipelago (HKLM-x32\...\Alexandra Fortune - Mystery of the Lunar Archipelago) (Version:  - Alawar Entertainment Inc.)
Alice's Tea Cup Madness (HKLM-x32\...\BFG-Alice's Tea Cup Madness) (Version:  - )
Alien Outbreak 2: Invasion (HKLM-x32\...\Alien Outbreak 2: Invasion) (Version: 1.0 - Alawar Entertainment Inc.)
Amazon Kindle (HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Amelie's Cafe (HKLM-x32\...\Amelie's Cafe) (Version:  - Alawar Entertainment Inc.)
Amelie's Cafe: Holiday Spirit (HKLM-x32\...\Amelie's Cafe: Holiday Spirit) (Version: 1.0 - Alawar Entertainment Inc.)
Amelie's Cafe: Summer Time (HKLM-x32\...\Amelie's Cafe: Summer Time) (Version:  - Alawar Entertainment Inc.)
ArcSoft Panorama Maker 6 (HKLM-x32\...\{DABFD34E-BE68-4BC6-9254-5D7A7FF76B99}) (Version: 6.0.8.85 - ArcSoft)
Arctic Quest (HKLM-x32\...\Arctic Quest) (Version: 1.0 - Alawar Entertainment Inc.)
Arctic Quest 2 (HKLM-x32\...\Arctic Quest 2) (Version: 1.0 - Alawar Entertainment Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
Aztec Tribe (HKLM-x32\...\Aztec Tribe) (Version: 1.0 - Alawar Entertainment Inc.)
Aztec Tribe: New Land (HKLM-x32\...\Aztec Tribe: New Land) (Version: 1.0 - Alawar Entertainment Inc.)
Beach Party Craze (HKLM-x32\...\Beach Party Craze) (Version:  - Alawar Entertainment Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled® 3 (HKLM-x32\...\{E99C27B2-EB2E-4244-9F5C-A96F55100F0C}) (Version: 1.1.13.4753 - Electronic Arts, Inc.)
Big Fish Games: Game Manager (HKLM-x32\...\BFGC) (Version: 3.0.1.60 - )
Bilbo - The Four Corners of the World (HKLM-x32\...\Bilbo - The Four Corners of the World) (Version:  - Alawar Entertainment Inc.)
Build-a-lot (HKLM-x32\...\Build-a-lot) (Version: 1.1.0.0 - MumboJumbo)
Build-a-lot: Fairy Tales (HKLM-x32\...\BFG-Build-a-lot - Fairy Tales) (Version:  - )
Build-a-Lot: The Elizabethan Era (HKLM-x32\...\BFG-Build-a-Lot - The Elizabethan Era) (Version:  - )
Cake Mania: Lights, Camera, Action! (HKLM-x32\...\BFG-Cake Mania - Lights, Camera, Action) (Version:  - )
Carl the Caveman (HKLM-x32\...\Carl the Caveman) (Version: 1.0 - Alawar Entertainment Inc.)
City Magnate (HKLM-x32\...\City Magnate) (Version: 1.0 - Alawar Entertainment Inc.)
Crop Busters (HKLM-x32\...\Crop Busters) (Version: 1.0 - Alawar Entertainment Inc.)
Crusaders Of Space 2 (HKLM-x32\...\Crusaders Of Space 2) (Version: 1.0 - Alawar Entertainment Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dancing Craze (HKLM-x32\...\Dancing Craze) (Version:  - Alawar Entertainment Inc.)
Digger Adventures (HKLM-x32\...\Digger Adventures) (Version: 1.0 - Alawar Entertainment Inc.)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.100 - DivX, LLC)
DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
Dragon Puzzle (HKLM-x32\...\Dragon Puzzle) (Version: 1.0 - Alawar Entertainment Inc.)
Enchanted Cavern (HKLM-x32\...\Enchanted Cavern) (Version: 1.0 - Alawar Entertainment Inc.)
Farm Frenzy 2 (HKLM-x32\...\Farm Frenzy 2) (Version:  - Alawar Entertainment Inc.)
Farm Frenzy 3 (HKLM-x32\...\Farm Frenzy 3) (Version:  - Alawar Entertainment Inc.)
Fashion Craze (HKLM-x32\...\Fashion Craze) (Version:  - Alawar Entertainment Inc.)
Fashion Season (HKLM-x32\...\Fashion Season) (Version: 1.0 - Alawar Entertainment Inc.)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Finding Doggy (HKLM-x32\...\Finding Doggy) (Version: 1.0 - Alawar Entertainment Inc.)
Fitbit Base Station (Driver Removal) (HKLM-x32\...\FITBIT&10C4&84C4) (Version:  - Fitbit)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Fitbit v2.1.0.9 (HKLM-x32\...\Fitbit Data Uploader_is1) (Version: 2.1.0.9 - Fitbit, Inc.)
Flower Quest (HKLM-x32\...\Flower Quest) (Version: 1.0 - Alawar Entertainment Inc.)
Froggy's Adventures (HKLM-x32\...\Froggy's Adventures) (Version: 1.0 - Alawar Entertainment Inc.)
Fruit Lockers 2 - The Enchanting Islands (HKLM-x32\...\Fruit Lockers 2 - The Enchanting Islands) (Version:  - Alawar Entertainment Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Gourmania (HKLM-x32\...\Gourmania) (Version:  - Alawar Entertainment Inc.)
Gourmania 2: Great Expectations (HKLM-x32\...\Gourmania 2: Great Expectations) (Version:  - Alawar Entertainment Inc.)
Gourmania 3: Zoo Zoom (HKLM-x32\...\Gourmania 3: Zoo Zoom) (Version: 1.0 - Alawar Entertainment Inc.)
Grand Master Chess Online (HKLM-x32\...\Grand Master Chess Online) (Version: 1.0 - Alawar Entertainment Inc.)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - FreeCodecPack)
Hamlet (HKLM-x32\...\Hamlet) (Version:  - Alawar Entertainment Inc.)
Haunted Domains (HKLM-x32\...\Haunted Domains) (Version: 1.0 - Alawar Entertainment Inc.)
Heroes Of Hellas (HKLM-x32\...\Heroes Of Hellas) (Version:  - Alawar Entertainment Inc.)
Heroes of Hellas 2: Olympia (HKLM-x32\...\Heroes of Hellas 2: Olympia) (Version:  - Alawar Entertainment Inc.)
Hidden Expedition ®: Amazon (HKLM-x32\...\BFG-Hidden Expedition - Amazon) (Version:  - )
Hidden World (HKLM-x32\...\Hidden World) (Version: 1.0 - Alawar Entertainment Inc.)
Holly 2 - Magic Land (HKLM-x32\...\Holly 2 - Magic Land) (Version:  - Alawar Entertainment Inc.)
Holly. A Christmas Tale Deluxe (HKLM-x32\...\Holly. A Christmas Tale Deluxe) (Version: 1.0 - Alawar Entertainment Inc.)
Hotel Mogul (HKLM-x32\...\Hotel Mogul) (Version:  - Alawar Entertainment Inc.)
HP Deskjet F2400 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{819CA3BC-2FF8-4811-B42F-421F7BFD3559}) (Version: 14.0 - HP)
Hyperballoid 2 (HKLM-x32\...\Hyperballoid 2) (Version: 1.0 - Alawar Entertainment Inc.)
Hyperspace Invader (HKLM-x32\...\Hyperspace Invader) (Version: 1.0 - Alawar Entertainment Inc.)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Island Realms (HKLM-x32\...\Island Realms) (Version:  - Alawar Entertainment Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Jenny's Fish Shop (HKLM-x32\...\Jenny's Fish Shop) (Version: 1.0 - Alawar Entertainment Inc.)
Joan Jade and the Gates of Xibalba (HKLM-x32\...\Joan Jade and the Gates of Xibalba) (Version:  - Alawar Entertainment Inc.)
Journey of Hope (HKLM-x32\...\Journey of Hope) (Version:  - Alawar Entertainment Inc.)
Juliette's Fashion Empire (HKLM-x32\...\Juliette's Fashion Empire) (Version: 1.0 - Alawar Entertainment Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Land of Runes 1.0 (HKLM-x32\...\Land of Runes) (Version: 1.0 - Viva Media, LLC)
Legends of Dreams (HKLM-x32\...\Legends_0) (Version:  - On Hand Software)
Legends Of The Lost 1.0 (HKLM-x32\...\Legends Of The Lost) (Version: 1.0 - On Hand Software, Inc.)
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version:  - LEGO A/S)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
LG VZW United Drivers (HKLM-x32\...\{AAAB3333-0F97-4A5D-B725-FFD7E7450FD9}) (Version: 2.14.1 - LG Electronics)
Life Quest® 2: Metropoville (HKLM-x32\...\BFG-Life Quest 2 - Metropoville) (Version:  - )
Magic Encyclopedia - Moon Light (HKLM-x32\...\Magic Encyclopedia - Moon Light) (Version:  - Alawar Entertainment Inc.)
Magic Encyclopedia. First Story (HKLM-x32\...\Magic Encyclopedia. First Story) (Version:  - Alawar Entertainment Inc.)
Magic Shop (HKLM-x32\...\Magic Shop) (Version: 1.0 - Alawar Entertainment Inc.)
magicJack (HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\magicJack) (Version: 2.0.6073.4413 - magicJack L.P.)
Mahjongg Artifacts (HKLM-x32\...\Mahjongg Artifacts) (Version: 1.0 - Alawar Entertainment Inc.)
Mahjongg Artifacts 2 (HKLM-x32\...\Mahjongg Artifacts 2) (Version:  - Alawar Entertainment Inc.)
Majesty Gold (HKLM-x32\...\Majesty Gold_is1) (Version:  - GamersGate)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Monster House 1.0 (HKLM-x32\...\Monster House) (Version: 1.0 - Viva Media, LLC)
Mozilla Firefox 22.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 22.0 (x86 en-US)) (Version: 22.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
Mr Jones' Graveyard Shift (HKLM-x32\...\BFG-Mr Jones Graveyard Shift) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Farm Life (HKLM-x32\...\My Farm Life) (Version: 1.0 - Alawar Entertainment Inc.)
My Farm Life 2 (HKLM-x32\...\BFG-My Farm Life 2) (Version:  - )
My Kingdom for the Princess (HKLM-x32\...\BFG-My Kingdom for the Princess) (Version:  - )
Mysteries of Horus (HKLM-x32\...\Mysteries of Horus) (Version: 1.0 - Viva Media LLC)
Mystery Case Files ®: Dire Grove ™ (HKLM-x32\...\BFG-Mystery Case Files - Dire Grove) (Version:  - )
Mystery Case Files®: Shadow Lake Collector's Edition (HKLM-x32\...\BFG-Mystery Case Files - Shadow Lake Collector's Edition) (Version:  - )
Mystery Cookbook (HKLM-x32\...\Mystery Cookbook) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - Secrets of Treasure House (HKLM-x32\...\Natalie Brooks - Secrets of Treasure House) (Version:  - Alawar Entertainment Inc.)
Natalie Brooks - The Treasures of the Lost Kingdom (HKLM-x32\...\Natalie Brooks - The Treasures of the Lost Kingdom ) (Version: 1.0 - Alawar Entertainment Inc.)
Nightmare Adventures: The Witch's Prison (HKLM-x32\...\BFG-Nightmare Adventures - The Witch's Prison) (Version:  - )
Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon)
Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.8.0 - Nikon)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.6.0.17 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Oriental Dreams (HKLM-x32\...\Oriental Dreams) (Version:  - Alawar Entertainment Inc.)
Origin (HKLM-x32\...\Origin) (Version: 9.1.10.2728 - Electronic Arts, Inc.)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pet Show Craze (HKLM-x32\...\Pet Show Craze) (Version:  - Alawar Entertainment Inc.)
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.13 - Nikon)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies (HKLM-x32\...\BFG-Plants vs Zombies) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{D81F39D4-FDA9-4356-92B1-16081D8BF71A}) (Version: 1.0.0 - The Pokémon Company International)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Rescue Frenzy (HKLM-x32\...\Rescue Frenzy) (Version: 1.0 - Alawar Entertainment Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Sea Bounty - Dead Man's Chest (HKLM-x32\...\Sea Bounty - Dead Man's Chest) (Version:  - Alawar Entertainment Inc.)
SeaWorld Adventure Park Tycoon (HKLM-x32\...\{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}) (Version:  - )
Sheep's Quest (HKLM-x32\...\Sheep's Quest) (Version:  - Alawar Entertainment Inc.)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Ski Resort Mogul (HKLM-x32\...\Ski Resort Mogul) (Version: 1.0 - Alawar Entertainment Inc.)
Sky Kingdoms (HKLM-x32\...\Sky Kingdoms) (Version:  - Alawar Entertainment Inc.)
Sky Taxi 4 (HKLM-x32\...\Sky Taxi 4) (Version: 1.0 - Alawar Entertainment Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Snark Busters: All Revved Up! (HKLM-x32\...\Snark Busters: All Revved Up!) (Version: 1.0 - Alawar Entertainment Inc.)
Snark Busters: Welcome to the Club (HKLM-x32\...\Snark Busters: Welcome to the Club) (Version: 1.0 - Alawar Entertainment Inc.)
Snowflake Screen Saver (HKLM-x32\...\ST6UNST #1) (Version:  - )
Snowy Puzzle Islands 1.0 (HKLM-x32\...\Snowy Puzzle Islands) (Version: 1.0 - Viva Media, LLC)
Snowy: Fish Frenzy (HKLM-x32\...\Snowy: Fish Frenzy) (Version: 1.0 - Alawar Entertainment Inc.)
Snowy: Lunch Rush (HKLM-x32\...\Snowy: Lunch Rush) (Version: 1.0 - Alawar Entertainment Inc.)
Snowy: Space Trip (HKLM-x32\...\Snowy: Space Trip) (Version: 1.0 - Alawar Entertainment Inc.)
Snowy: The Bear's Adventures (HKLM-x32\...\Snowy: The Bear's Adventures) (Version: 1.0 - Alawar Entertainment Inc.)
Snowy: Treasure Hunter (HKLM-x32\...\Snowy: Treasure Hunter) (Version: 1.0 - Alawar Entertainment Inc.)
Snowy: Treasure Hunter 2 (HKLM-x32\...\Snowy: Treasure Hunter 2) (Version: 1.0 - Alawar Entertainment Inc.)
Sprill - The Mystery of The Bermuda Triangle (HKLM-x32\...\Sprill - The Mystery of The Bermuda Triangle) (Version:  - Alawar Entertainment Inc.)
Sprill and Ritchie - Adventures In Time (HKLM-x32\...\Sprill and Ritchie - Adventures In Time) (Version:  - Alawar Entertainment Inc.)
Stand O'Food (HKLM-x32\...\Stand O'Food) (Version:  - Alawar Entertainment Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Strike Ball 3 (HKLM-x32\...\Strike Ball 3) (Version:  - Alawar Entertainment Inc.)
Summer Resort Mogul 1.0 (HKLM-x32\...\Summer Resort Mogul) (Version: 1.0 - Viva Media, LLC)
Sunshine Acres (HKLM-x32\...\Sunshine Acres) (Version: 1.0 - Alawar Entertainment Inc.)
Supermarket Mania (HKLM-x32\...\Supermarket Mania) (Version:  - Alawar Entertainment Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated)
The Curse Of Montezuma (HKLM-x32\...\The Curse Of Montezuma) (Version:  - Alawar Entertainment Inc.)
The Enchanting Islands (HKLM-x32\...\The Enchanting Islands) (Version:  - Alawar Entertainment Inc.)
The Joy of Farming (HKLM-x32\...\The Joy of Farming) (Version: 1.0 - Alawar Entertainment Inc.)
The Timebuilders: Caveman's Prophecy (HKLM-x32\...\BFG-The Timebuilders - Caveman's Prophecy) (Version:  - )
The Treasures Of Montezuma (HKLM-x32\...\The Treasures Of Montezuma) (Version:  - Alawar Entertainment Inc.)
The Treasures Of Montezuma 2 (HKLM-x32\...\The Treasures Of Montezuma 2) (Version:  - Alawar Entertainment Inc.)
Time Breaker (HKLM-x32\...\Time Breaker) (Version: 1.0 - Alawar Entertainment Inc.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
Tory's Shop'n'Rush 1.0 (HKLM-x32\...\Tory's Shop'n'Rush) (Version: 1.0 - Viva Media, LLC)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
TOSHIBA Audio Enhancement (HKLM\...\{F2DE0088-CF05-4DAB-AC4D-9D2C4D657456}) (Version: 1.0.2.8 - TOSHIBA Corporation)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Towers of Oz (HKLM-x32\...\BFG-Towers of Oz) (Version:  - )
Treasure Masters, Inc. (HKLM-x32\...\Treasure Masters, Inc.) (Version:  - Alawar Entertainment Inc.)
Tropical Farm (HKLM-x32\...\Tropical Farm ) (Version: 1.0 - Alawar Entertainment Inc.)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
Turtix - Rescue Adventure (HKLM-x32\...\Turtix - Rescue Adventure) (Version: 1.0 - Alawar Entertainment Inc.)
Turtix (HKLM-x32\...\Turtix) (Version:  - Alawar Entertainment Inc.)
Unity Web Player (HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Mogul (HKLM-x32\...\Vacation Mogul) (Version:  - Alawar Entertainment Inc.)
Vampires vs Zombies (HKLM-x32\...\Vampires vs Zombies) (Version: 1.0 - Viva Media, LLC)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.8.0 - Nikon)
Virtual Farm (HKLM-x32\...\Virtual Farm ) (Version: 1.0 - Alawar Entertainment Inc.)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.5.36 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Zak & Jack in Showdown at Monstertown (HKLM-x32\...\Zak & Jack in Showdown at Monstertown) (Version: 1.0 - Alawar Entertainment Inc.)
Zoom (HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\...\ZoomUMX) (Version: 3.0 - Zoom Video Communications, Inc.)
Zuma Deluxe 1.0 (HKLM-x32\...\Zuma Deluxe 1.0) (Version:  - )
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2014-11-05 06:00 - 00001512 _RASH C:\windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
158.58.173.194 www.google-analytics.com.
158.58.173.194 google-analytics.com.
158.58.173.194 connect.facebook.net.
198.100.156.140 www.google-analytics.com.
198.100.156.140 google-analytics.com.
198.100.156.140 connect.facebook.net.
85.25.79.123 www.google-analytics.com.
85.25.79.123 google-analytics.com.
85.25.79.123 connect.facebook.net.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {54C50B34-E541-4777-ADA3-E30C6CD927CC} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {595A6BB8-78BD-4481-B8D4-F3723CAE0DEB} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2014-05-09] (Symantec Corporation)
Task: {62673873-318C-41D3-B0DA-D16D3FC4955D} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {658632B2-AEC5-4AA8-BFF0-AF07780FEA28} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {6CBB715B-A02A-4775-A49B-1EAA98F137CD} - System32\Tasks\{E31DBD79-8D49-46A2-93F0-CA2A6D4366DA} => C:\Users\Public\Desktop\games\Origin\Origin.exe [2014-03-01] (Electronic Arts)
Task: {76704DA8-5737-4FAD-8203-C27DB8D57A69} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {87BB4E09-464A-44D6-9933-E69F28A598F5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {8CDBB507-3DC2-4677-94FC-2CE124B396ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {9A5E078B-AF2E-4520-94BA-069952ECD405} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {A09F2523-E507-4383-B6C3-FADD78199917} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-15] (Google Inc.)
Task: {A629A937-7A78-4B4B-B753-16E2FF09C45B} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe [2012-08-17] (Symantec Corporation)
Task: {AD3B2168-760F-4930-B90A-8A132FF3D56F} - System32\Tasks\{219C9148-0AA5-4E6B-8B16-89FACC63CE7F} => C:\Users\Public\Desktop\games\Origin\Origin.exe [2014-03-01] (Electronic Arts)
Task: {B1BCC975-6206-461E-AB9C-B5E124A7C1D3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {BA17E0FE-18C1-47B5-95D8-000202211991} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {C1CF80A0-9CC3-4974-9AF5-03B25966A6E9} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-03-04 22:59 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2012-04-25 21:04 - 2012-01-20 12:45 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2011-08-22 16:19 - 2011-08-22 16:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2012-02-01 12:34 - 2012-02-01 12:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-11-25 19:51 - 2011-11-25 19:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-10-17 05:41 - 2014-09-09 08:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-04-25 21:04 - 2012-01-20 12:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2014-10-17 05:41 - 2014-09-09 07:12 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-11-11 06:11 - 2014-10-21 22:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-11-11 06:11 - 2014-10-21 22:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-11-11 06:11 - 2014-10-21 22:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-11-11 06:11 - 2014-10-21 22:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19638904.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19638904.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: (default) => 
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
MSCONFIG\startupreg: NortonOnlineBackupReminder => "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SynTPEnh => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: ToshibaAppPlace => "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
MSCONFIG\startupreg: TosNC => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-1885051997-1458977773-2881551217-500 - Administrator - Disabled)
Guest (S-1-5-21-1885051997-1458977773-2881551217-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1885051997-1458977773-2881551217-1002 - Limited - Enabled)
Tina (S-1-5-21-1885051997-1458977773-2881551217-1000 - Administrator - Enabled) => C:\Users\Tina
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-11-09 22:47:08.531
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-11-09 22:47:08.453
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B970 @ 2.30GHz
Percentage of memory in use: 44%
Total physical RAM: 3988.8 MB
Available physical RAM: 2202.23 MB
Total Pagefile: 7975.79 MB
Available Pagefile: 6086.19 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
 
==================== Drives ================================
 
Drive c: (TI106401W0D) (Fixed) (Total:581.42 GB) (Free:500.64 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4537E8B6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.3 GB) - (Type=17)
 
==================== End Of Log ============================
Link to post
Share on other sites

Hi Tina, 

 

Those logs are looking much better. 

We have a little more to do, and then we'll be done. 

 

Please provide an update on your computer after completing the steps below.

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startHKU\S-1-5-21-1885051997-1458977773-2881551217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONHKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19638904.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19638904.sys => ""="Driver"reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /fFF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBarHosts: EmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Hide advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ESET Online Scan log
  • Update on computer
Link to post
Share on other sites

my computer is working wonderfully! No lag, no freezing... I am still getting a high CPU usage off & on. right now its fine. only about 18% usage, but who knows? Before I ran the ESET scan, it was high.... I dont know what to think about that...

but this Com Surrogate thing seems to be fixed.. along with a ton of other things.. I am guessing ( Since I dont know crap of any of the tings we have been doing and scanning etc... :)  

 

Fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Tina at 2014-11-12 05:38:29 Run:3
Running from C:\Users\Tina\Downloads
Loaded Profile: Tina (Available profiles: Tina)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\19638904.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\19638904.sys => ""="Driver"
reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f
FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar
Hosts: 
EmptyTemp:
end
*****************
 
"HKU\S-1-5-21-1885051997-1458977773-2881551217-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\19638904.sys" => Key deleted successfully.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\19638904.sys" => Key deleted successfully.
 
========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon" /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
FF Extension: No Name - C:\Program Files (x86)\Coupons.com CouponBar not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 395.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
 
 
MyEsetScan
 
C:\FRST\Quarantine\C\windows\system32\d3diWNet.exe.xBAD a variant of Win32/Kryptik.CPLM trojan
C:\FRST\Quarantine\C\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\aaacma.tmp.xBAD a variant of Win64/Kryptik.GT trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\C\Users\Tina\AppData\Local\AnyProtectScannerSetup.exe.xBAD Win32/AnyProtect.D potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Tina\AppData\Local\nss5F57.tmp.xBAD Win32/AnyProtect.D potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Tina\AppData\Local\Temp\UpdateFlashPlayer_802ce148.exe.xBAD a variant of Win32/Injector.BOTX trojan cleaned by deleting - quarantined
C:\Users\Tina\AppData\LocalLow\skigy.dll a variant of MSIL/Kryptik.AKY trojan cleaned by deleting - quarantined
C:\Users\Tina\Downloads\ErrorEND_Installer.exe multiple threats cleaned by deleting - quarantined
 
Link to post
Share on other sites

Hi Tina, 
 
Please do the following. 
 
MgeHyNE.png Batch File

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    @echo offdir C:\Users\Tina\AppData /s > "%userprofile%\desktop\dirlook.txt"del %0
  • Click Format. Ensure Wordwrap is unchecked
  • Click FileSave As and name the file batchfile.bat
  • Select All Files as the Save as type.
  • Save the file to your Desktop
  • Locate batchfile.bat lmRDSkT.png (W8/7/Vista) on your DesktopRight-click the icon and click AVOiBNU.jpg Run as administrator.
  • Once the black Command Prompt disappears, attach dirlook.txt (found on your Desktop) in your next post.
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.