Jump to content

hijacker- no threat detected by MalwareBytes


Recommended Posts

Hey, I'm having issues with what seems to be a hijacker with both my Google Chrome and IE browsers. Upon opening Chrome I get a redirect to http://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M7D047A4E-A659-40BA-9AB0-6A0B5A2D3B4B&SearchSource=55&CUI=&UM=5&UP=SP8964403F-1589-4986-98F7-35DC08849679&SSPV=&did=11168&ppd=1434,147953,20IILv2rbofJEADb3awK9y1y5zD5000.,,,,mario,,,www.supermario4us.com&barid=1523567094493533240&terminator=1_sp_ch

 

running a Malwarebytes scan doesn't detect any threats. Where to turn next?

Link to post
Share on other sites

forgot to post these:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Scott (administrator) on LAPTOP-TOSHIBA on 29-12-2014 20:41:15
Running from C:\Users\Scott\Downloads
Loaded Profile: Scott (Available profiles: Scott)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft) C:\Program Files (x86)\USB 2.0 PC CAMERA\Camera Snap.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.9.9600.17404_none_42807352c0fa767a\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\WinSxS\x86_microsoft-windows-installer-executable_31bf3856ad364e35_6.3.9600.16384_none_de213953a1b377e3\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13519432 2013-04-10] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [snap] => C:\Program Files (x86)\USB 2.0 PC CAMERA\Camera Snap.exe [163840 2011-07-13] (Microsoft)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Run: [Google Update] => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-11-13] (Google Inc.)
HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Run: [GoogleChromeAutoLaunch_CA38CB74569DD168DE72A96E96B3E651] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [856904 2014-12-05] (Google Inc.)
HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\MountPoints2: {2b36538b-5c20-11e3-824f-806e6f6e6963} - "D:\install.EXE" id= ver=1.0.0.0
Startup: C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001 -> DefaultScope {5D090BEF-A115-44A9-B7C3-BC983B519F0A} URL = 
SearchScopes: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001 -> {5D090BEF-A115-44A9-B7C3-BC983B519F0A} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name -> {D40C654D-7C51-4EB3-95B2-1E23905C2A2D} ->  No File
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_IKEA_Win32.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3028108582-2284367944-2589376937-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3028108582-2284367944-2589376937-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3028108582-2284367944-2589376937-1001: google.com/WidevineMediaOptimizer -> C:\Users\Scott\AppData\Roaming\IDM\bin\npwidevinemediaoptimizer.dll (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M7D047A4E-A659-40BA-9AB0-6A0B5A2D3B4B&SearchSource=55&CUI=&UM=5&UP=SP8964403F-1589-4986-98F7-35DC08849679&SSPV=&did=11168&ppd=1434,147953,20IILv2rbofJEADb3awK9y1y5zD5000.,,,,mario,,,www.supermario4us.com&barid=1523567094493533240&terminator=1_sp_ch", "hxxp://search.conduit.com/?gd=&ctid=CT3324790&octid=EB_ORIGINAL_CTID&ISID=M7D047A4E-A659-40BA-9AB0-6A0B5A2D3B4B&SearchSource=55&CUI=&UM=5&UP=SP8964403F-1589-4986-98F7-35DC08849679&SSPV=&did=11168&ppd=1434,147953,20IILv2rbofJEADb3awK9y1y5zD5000.,,,,mario,,,www.supermario4us.com&barid=1523567094493533240&terminator=1_sp_ch"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-26]
CHR Extension: (Google Drive) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-26]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-20]
CHR Extension: (YouTube) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-26]
CHR Extension: (Google Search) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-26]
CHR Extension: (Google Wallet) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-26]
CHR Extension: (Gmail) - C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-26]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
S3 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4230016 2013-01-28] (Symantec Corporation)
S4 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [216976 2013-03-26] (TOSHIBA CORPORATION)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0403000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1936088 2013-07-31] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [110976 2013-03-25] (TOSHIBA Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 usbcamcl; C:\Windows\system32\DRIVERS\usbcamcl.sys [62184 2011-12-08] (usb camera)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 20:41 - 2014-12-29 20:41 - 00015945 _____ () C:\Users\Scott\Downloads\FRST.txt
2014-12-29 20:41 - 2014-12-29 20:41 - 00000000 ____D () C:\FRST
2014-12-29 20:39 - 2014-12-29 20:39 - 02123264 _____ (Farbar) C:\Users\Scott\Downloads\FRST64.exe
2014-12-29 09:17 - 2014-12-29 09:17 - 04909382 _____ () C:\Users\Scott\Downloads\mbam-chameleon-3.1.7.0.zip
2014-12-29 09:17 - 2014-12-29 09:17 - 00000000 ____D () C:\Users\Scott\Downloads\mbam-chameleon-3.1.7.0
2014-12-26 09:53 - 2014-12-26 09:53 - 00002139 _____ () C:\Users\Public\Desktop\TurboCAD Deluxe 21 - 64 bit.lnk
2014-12-26 09:32 - 2014-12-29 17:45 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-26 09:32 - 2014-12-26 09:32 - 00000000 ____D () C:\Users\Scott\AppData\Local\CrashRpt
2014-12-26 09:27 - 2014-12-29 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IMSIDesign TurboCAD Deluxe 21 - 64 bit
2014-12-26 09:26 - 2014-12-26 09:37 - 00000000 ____D () C:\ProgramData\IMSIDesign
2014-12-26 09:26 - 2014-12-26 09:32 - 00000000 ____D () C:\Users\Scott\Documents\TurboCAD Deluxe 21x64
2014-12-26 09:26 - 2014-12-26 09:26 - 00000000 ____D () C:\Users\Scott\AppData\Roaming\IMSIDesign
2014-12-26 09:26 - 2014-12-26 09:26 - 00000000 ____D () C:\Program Files\IMSIDesign
2014-12-19 16:13 - 2014-10-30 16:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-19 16:13 - 2014-10-30 16:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-11 12:02 - 2014-12-29 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-11 12:01 - 2014-12-11 12:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-11 12:01 - 2014-12-11 12:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-10 11:14 - 2014-12-10 11:14 - 00244032 _____ (Microsoft Corporation) C:\Users\Scott\Downloads\ResetDRM.exe
2014-12-09 18:07 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-09 18:07 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-09 18:07 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-09 18:07 - 2014-11-21 20:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-09 18:07 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-09 18:07 - 2014-11-21 20:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-09 18:07 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-09 18:07 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-09 18:07 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-09 18:07 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-09 18:07 - 2014-11-21 20:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-09 18:07 - 2014-11-21 20:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-09 18:07 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-09 18:07 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-09 18:07 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-09 18:07 - 2014-11-21 19:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-09 18:07 - 2014-11-21 19:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-09 18:07 - 2014-11-21 19:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-09 18:07 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-09 18:07 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-09 18:07 - 2014-11-21 19:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-09 18:07 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-09 18:07 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-09 18:07 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-09 18:07 - 2014-11-21 19:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-09 18:07 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-09 18:07 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-09 18:07 - 2014-11-21 19:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-09 18:07 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-09 18:07 - 2014-11-21 19:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-09 18:07 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-09 18:07 - 2014-11-21 19:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-09 18:07 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-09 18:07 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-09 18:07 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-09 18:07 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-09 18:07 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-09 18:07 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-09 18:07 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-09 18:06 - 2014-11-06 22:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-09 18:06 - 2014-11-06 21:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-09 18:06 - 2014-10-31 17:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-09 18:06 - 2014-10-31 17:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-09 18:06 - 2014-10-12 20:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-09 18:06 - 2014-10-12 20:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-09 18:06 - 2014-10-12 20:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-09 18:06 - 2014-10-12 20:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-29 20:28 - 2013-12-03 07:56 - 02023694 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-29 20:25 - 2013-11-26 22:38 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-29 20:20 - 2014-11-14 22:15 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001UA.job
2014-12-29 20:00 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-29 19:59 - 2013-11-26 21:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3028108582-2284367944-2589376937-1001
2014-12-29 18:41 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-29 18:34 - 2014-07-01 16:42 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-29 18:31 - 2013-12-03 08:15 - 00000000 ___DO () C:\Users\Scott\SkyDrive
2014-12-29 18:29 - 2014-08-09 15:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2014-12-29 18:29 - 2014-07-01 16:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-29 18:29 - 2013-12-03 07:45 - 00000000 ____D () C:\Users\Scott
2014-12-29 18:29 - 2013-11-27 23:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-29 18:29 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-29 18:29 - 2013-05-10 02:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2014-12-29 18:28 - 2013-09-06 22:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-29 18:28 - 2013-08-22 09:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-29 18:28 - 2013-05-10 01:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-29 18:28 - 2013-05-10 01:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-12-29 18:27 - 2014-09-17 20:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-12-29 18:27 - 2014-07-01 16:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-29 18:27 - 2014-04-07 22:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 17
2014-12-29 18:27 - 2014-03-02 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-29 18:27 - 2014-02-11 19:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 PC CAMERA
2014-12-29 18:27 - 2013-12-17 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc
2014-12-29 18:27 - 2013-11-26 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-29 18:27 - 2013-09-06 23:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2014-12-29 18:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\registration
2014-12-29 18:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppCompat
2014-12-29 11:12 - 2013-09-29 21:55 - 00115516 _____ () C:\WINDOWS\PFRO.log
2014-12-29 08:21 - 2013-08-22 09:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-12-29 08:20 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-28 16:14 - 2014-04-25 09:52 - 00000000 ____D () C:\Users\Scott\Desktop\CONNECT
2014-12-26 16:45 - 2014-09-25 11:50 - 00000000 ____D () C:\Users\Scott\Desktop\School at Home
2014-12-26 06:02 - 2013-12-03 08:52 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E3E3E26B-D38C-42EA-839E-A2A3DAFD6990}
2014-12-24 22:20 - 2014-11-14 22:15 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001Core.job
2014-12-23 16:07 - 2014-05-02 20:13 - 00155496 _____ () C:\Users\Scott\Desktop\Finances.xlsx
2014-12-20 20:19 - 2013-12-17 19:49 - 00243200 ___SH () C:\Users\Scott\Desktop\Thumbs.db
2014-12-18 17:00 - 2013-11-27 07:12 - 00003322 _____ () C:\WINDOWS\System32\Tasks\PinItAutoUpdate
2014-12-18 12:22 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-17 21:17 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-12 17:40 - 2013-09-29 22:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-12 17:39 - 2013-08-22 08:46 - 00302775 _____ () C:\WINDOWS\setupact.log
2014-12-10 08:32 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-10 06:27 - 2013-11-26 22:40 - 00002214 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-09 21:57 - 2013-11-27 23:38 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-09 21:55 - 2013-11-27 23:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-09 21:52 - 2013-11-27 23:56 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 16:55 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-08 04:04 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-12-04 16:11 - 2013-11-27 23:47 - 00001129 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-04 08:18 - 2013-12-06 08:03 - 00000000 ____D () C:\Users\Scott\Desktop\old laptop files
 
Some content of TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\ClearSpot_2.dll
C:\Users\Scott\AppData\Local\Temp\ClearSpot_3.dll
C:\Users\Scott\AppData\Local\Temp\Quarantine.exe
C:\Users\Scott\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Scott\AppData\Local\Temp\ReimageRepair.exe
C:\Users\Scott\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-21 08:12
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Scott at 2014-12-29 20:41:59
Running from C:\Users\Scott\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.1 - Corel Corporation)
Dazzle Video Capture DVC100 X64 Driver 1.06 (HKLM-x32\...\{BFF23267-1D19-444E-93E2-E5059BE805EA}) (Version: 1.06.0000 - Pinnacle)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.1 - Corel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.7.0.24 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.3.0.14 - Symantec Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
Pin It (HKLM-x32\...\Pin It_is1) (Version: 0.0.4 - Pinterest)
Pinnacle Studio 17 - Install Manager (HKLM-x32\...\{F04D92CC-5C3A-46FA-9C98-6EACBDD262FF}) (Version: 17.0.130 - Corel Corporation)
Pinnacle Studio 17 - Standard Content Pack (HKLM-x32\...\{BA98BFA8-5EDF-450B-A92E-C096DC135D0E}) (Version: 17.0 - Corel Corporation)
Pinnacle Studio 17 (HKLM-x32\...\{3DA8F808-72E2-4361-82EC-433081D23005}) (Version: 17.3.0.280 - Corel Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.1 - Corel Corporation)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6886 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
RrSavings (x32 Version: 1.0.0.0 - RrSavings) Hidden
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.1 - Corel Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
The Sims™ 4 Create A Sim Demo (HKLM-x32\...\{6908ED99-F02B-4E99-A202-3FAC99C510ED}) (Version: 1.0.237.100 - Electronic Arts Inc.)
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.1 - Corel Corporation)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.6 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6407 - Toshiba Corporation)
TOSHIBA HDD Accelerator (HKLM\...\{DB4D9937-0B14-4EF1-BF9A-BB7E3B9DCB04}) (Version: 2.0.0001 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.10 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
TurboCAD Deluxe 21 64-bit (HKLM\...\{6CD8A657-F7E3-4789-8FB1-E30264619ED9}) (Version: 21.2.591 - IMSIDesign)
USB2.0 PC CAMERA (HKLM-x32\...\{58D4FB3A-98E9-4B9B-B01E-7F005AEFE019}) (Version: 1.00.0000 - USB 2.0 PC CAMERA)
Widevine Media Optimizer IE 6.0.0 (HKU\S-1-5-21-3028108582-2284367944-2589376937-1001\...\optimizer_ie) (Version: 6.0.0.12757 - Widevine Technologies)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Regens\TCImage.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\ImsigxPS21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\IMSIGX21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\imsigxext\gxext21.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\PalTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{DF9B76D3-539B-42DC-B0A3-80B0664B2C01}\InprocServer32 -> C:\Program Files\IMSIDesign\TCW21\Program\TcTools\TcCfpLaunchTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3028108582-2284367944-2589376937-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Scott\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll (Google Inc.)
 
==================== Restore Points  =========================
 
09-12-2014 21:48:54 Windows Update
17-12-2014 10:24:50 Scheduled Checkpoint
26-12-2014 10:19:18 Windows Update
29-12-2014 18:12:35 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 07:25 - 2013-08-22 07:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0566D93C-8AF8-4A38-854B-830159B80B4D} - System32\Tasks\PinItAutoUpdate => C:\Program Files (x86)\Pinterest\Pin It\AutoUpdater.exe [2013-10-17] ()
Task: {12680D06-645E-4128-93C4-A55D0DB1F1E5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {1BF9CF17-605A-4C9F-9EF1-CF74B8C5D3D1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {20B6DF58-7040-4E14-A299-CF01EF3BE647} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {3015F49B-6035-448B-9724-0B12111A7E6E} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {47F4FC87-2513-4448-9D40-F12FDB70B08C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-26] (Google Inc.)
Task: {51F9CC33-8955-4AA4-85D7-75C3E595653E} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {6A5DC53B-B2E1-4497-918A-C4E3C1EFE3CF} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AB05543B-D705-4670-915D-B1606E5C5DD1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001Core => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: {F9766125-AACE-490B-A11E-9D596D14AA93} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.6.0.17\SymErr.exe
Task: {FB3EA074-2397-4F74-9671-09D54616D413} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001UA => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe [2014-11-13] (Google Inc.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001Core.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3028108582-2284367944-2589376937-1001UA.job => C:\Users\Scott\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-09-10 12:54 - 2013-09-10 12:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-09-21 03:22 - 2013-09-21 03:22 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-12-29 19:51 - 2014-12-29 19:51 - 01459712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\4bd80968bf666252841ca7792faaff11\Windows.UI.ni.dll
2014-12-29 19:52 - 2014-12-29 19:52 - 00521216 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\fae2b750f87849ca11806d20b2504bf2\Windows.Data.ni.dll
2014-12-29 19:51 - 2014-12-29 19:51 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 00:52 - 2014-02-06 00:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-10 06:27 - 2014-12-05 19:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-10 06:27 - 2014-12-05 19:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-10 06:27 - 2014-12-05 19:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-10 06:27 - 2014-12-05 19:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2013-09-06 22:37 - 2013-01-14 11:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:9567EA29
AlternateDataStreams: C:\Users\Scott\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-3028108582-2284367944-2589376937-500 - Administrator - Disabled)
Guest (S-1-5-21-3028108582-2284367944-2589376937-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3028108582-2284367944-2589376937-1005 - Limited - Enabled)
Scott (S-1-5-21-3028108582-2284367944-2589376937-1001 - Administrator - Enabled) => C:\Users\Scott
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/29/2014 07:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1132) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU029E9.log.
 
Error: (12/29/2014 06:31:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/29/2014 05:48:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503
Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7
Exception code: 0xc000041d
Fault offset: 0x00000000000025d2
Faulting process id: 0xdc8
Faulting application start time: 0xtcw21.exe0
Faulting application path: tcw21.exe1
Faulting module path: tcw21.exe2
Report Id: tcw21.exe3
Faulting package full name: tcw21.exe4
Faulting package-relative application ID: tcw21.exe5
 
Error: (12/29/2014 05:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503
Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7
Exception code: 0xc0000005
Fault offset: 0x00000000000025d2
Faulting process id: 0x93c
Faulting application start time: 0xtcw21.exe0
Faulting application path: tcw21.exe1
Faulting module path: tcw21.exe2
Report Id: tcw21.exe3
Faulting package full name: tcw21.exe4
Faulting package-relative application ID: tcw21.exe5
 
Error: (12/29/2014 05:43:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503
Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7
Exception code: 0xc000041d
Fault offset: 0x00000000000025d2
Faulting process id: 0x1128
Faulting application start time: 0xtcw21.exe0
Faulting application path: tcw21.exe1
Faulting module path: tcw21.exe2
Report Id: tcw21.exe3
Faulting package full name: tcw21.exe4
Faulting package-relative application ID: tcw21.exe5
 
Error: (12/29/2014 05:38:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503
Faulting module name: tcHeap.dll, version: 0.0.0.0, time stamp: 0x545aaeb7
Exception code: 0xc000041d
Fault offset: 0x00000000000025d2
Faulting process id: 0x15c
Faulting application start time: 0xtcw21.exe0
Faulting application path: tcw21.exe1
Faulting module path: tcw21.exe2
Report Id: tcw21.exe3
Faulting package full name: tcw21.exe4
Faulting package-relative application ID: tcw21.exe5
 
Error: (12/29/2014 05:03:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tcw21.exe, version: 21.2.59.1, time stamp: 0x545ab503
Faulting module name: tccurv21.dll, version: 0.0.0.0, time stamp: 0x545ab5be
Exception code: 0xc0000005
Fault offset: 0x0000000000063b00
Faulting process id: 0xbd8
Faulting application start time: 0xtcw21.exe0
Faulting application path: tcw21.exe1
Faulting module path: tcw21.exe2
Report Id: tcw21.exe3
Faulting package full name: tcw21.exe4
Faulting package-relative application ID: tcw21.exe5
 
Error: (12/29/2014 11:14:05 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/29/2014 08:22:48 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/29/2014 07:48:06 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
 
System errors:
=============
Error: (12/29/2014 08:01:58 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Search Protect Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 20000 milliseconds: Restart the service.
 
Error: (12/29/2014 07:46:33 AM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
Error: (12/29/2014 07:46:50 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 7:38:43 AM on ‎12/‎29/‎2014 was unexpected.
 
Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue127.0.0.1:49159
 
Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue127.0.0.1:49158
 
Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue127.0.0.1:49157
 
Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue127.0.0.1:49156
 
Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue127.0.0.1:49155
 
Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue127.0.0.1:49154
 
Error: (12/29/2014 06:41:26 AM) (Source: HTTP) (EventID: 15005) (User: )
Description: \Device\Http\ReqQueue127.0.0.1:49153
 
 
Microsoft Office Sessions:
=========================
Error: (12/29/2014 07:00:00 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1132SRUJet: C:\WINDOWS\system32\SRU\SRU029E9.log-1811 (0xfffff8ed)
 
Error: (12/29/2014 06:31:25 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/29/2014 05:48:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000041d00000000000025d2dc801d023c18619de08C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dll2c1bf887-8fb5-11e4-bec4-008cfa7036ed
 
Error: (12/29/2014 05:45:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000000500000000000025d293c01d023c148c3d1ffC:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dllb797dbab-8fb4-11e4-bec4-008cfa7036ed
 
Error: (12/29/2014 05:43:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000041d00000000000025d2112801d023c083dfa217C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dll80cd4111-8fb4-11e4-bec4-008cfa7036ed
 
Error: (12/29/2014 05:38:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tcw21.exe21.2.59.1545ab503tcHeap.dll0.0.0.0545aaeb7c000041d00000000000025d215c01d023bf5e668188C:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\tcHeap.dllbbbb9582-8fb3-11e4-bec4-008cfa7036ed
 
Error: (12/29/2014 05:03:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: tcw21.exe21.2.59.1545ab503tccurv21.dll0.0.0.0545ab5bec00000050000000000063b00bd801d023a14a7114baC:\Program Files\IMSIDesign\TCW21\Program\tcw21.exeC:\Program Files\IMSIDesign\TCW21\Program\Regens\tccurv21.dlld8ddc659-8fae-11e4-bec4-008cfa7036ed
 
Error: (12/29/2014 11:14:05 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/29/2014 08:22:48 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (12/29/2014 07:48:06 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU 2020M @ 2.40GHz
Percentage of memory in use: 34%
Total physical RAM: 6023.27 MB
Available physical RAM: 3958.99 MB
Total Pagefile: 6983.27 MB
Available Pagefile: 4471.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: (TI10664600J) (Fixed) (Total:453.48 GB) (Free:364.07 GB) NTFS
Drive d: (ALIAS_SEASON_1) (CDROM) (Total:7.02 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
Link to post
Share on other sites

Hello,
    
 
They call me TwinHeadedEagle around here, and I'll be working with you.
 
     
    
Before we start please read and note the following:

  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Stay with me to the end, the absence of symptoms doesn't mean that your machine is fully operational.
  • Note that we may live in totally different time zones, what may cause some delays between answers.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.

:excl: I can't foresee everything, so if anything unexpected happens, please stop and inform me!
:excl: There are no silly questions. Never be afraid to ask if in doubt!
 
 
 
  warning.gif Rules and policies
 
We won't support any piracy.
That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!
The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!
 
Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.
 
 
 
 

51a612a8b27e2-Zoek.png Scan with ZOEK
 
Please download ZOEK by Smeenk and save it to your desktop (preferred version is the *.exe one)
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

createsrpoint;autoclean;emptyalltemp;ipconfig /flushdns;b
  • Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the main console will appear, it may take a minute or two.
  • In the main box please paste in the following script:
  • Make sure that Scan All Users option is checked.
  • Push Run Script and wait patiently. The scan may take a couple of minutes.
  • When the scan completes, a zoek-results logfile should open in notepad.
  • If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

Post its content into your next reply.

Link to post
Share on other sites

trying to run Zoek, but seems to be getting stuck: 

 

===== Runcheck  9:53:16.84 =====
 
--- Create Environment Variables  9:53:17.71 
--- Create System Restore Point  9:53:23.21 
--- Checking Input  9:53:23.97 
--- AU AppData Check  9:53:27.11 
--- Remove From Windows Installer  9:53:29.00 
--- Registry HKLM Software Check  9:53:59.31 
--- Quick Launch Shortcut Check  9:54:07.63 
--- IE Startpage Check  9:54:08.97 
--- Program Files DB Check  9:54:20.92 
--- C:\Users\Default\AppData\Roaming DB Check  9:54:58.73 
--- C:\Users\Default User\AppData\Roaming DB Check  9:54:58.73 
--- C:\Users\Scott\AppData\Roaming DB Check  9:54:58.73 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Roaming DB Check  9:54:58.73 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Roaming DB Check  9:54:58.73 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Roaming DB Check  9:54:58.73 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Roaming DB Check  9:54:58.73 
--- C:\Users\Scott DB Check  9:56:46.01 
--- C:\PROGRA~3 DB Check  9:57:00.93 
--- C:\Users\Default\AppData\Local DB Check  9:57:04.72 
--- C:\Users\Default User\AppData\Local DB Check  9:57:04.72 
--- C:\Users\Scott\AppData\Local DB Check  9:57:04.72 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local DB Check  9:57:04.72 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local DB Check  9:57:04.72 
--- C:\WINDOWS\serviceprofiles\networkservice\AppData\Local DB Check  9:57:04.72 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\Local DB Check  9:57:04.72 
--- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check  9:58:16.88 
--- C:\Users\Scott\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check  9:58:24.11 
--- Tasks DB Check  9:58:28.97 
--- Downloads DB Check  9:58:32.10 
--- C:\Users\Scott\AppData\LocalLow DB Check  9:58:35.79 
--- C:\WINDOWS\SysNative\config\systemprofile\AppData\LocalLow DB Check  9:58:35.79 
--- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\LocalLow DB Check  9:58:35.79 
--- C:\WINDOWS\serviceprofiles\Localservice\AppData\LocalLow DB Check  9:58:35.79 
--- Tasks2 DB Check  9:59:10.37 
--- Documents DB Check  9:59:32.41 
--- C:\Users\Public\Desktop DB Check  9:59:37.66 
--- C:\Users\Scott\Desktop DB Check  9:59:40.82 
--- Services DB Check  9:59:46.33 
--- FF prefs.js DB Check  9:59:55.60 
--- Del by CLSID  9:59:56.42 
--- Delete Services 10:00:17.42 
--- Batch Commands 10:00:19.10 
--- Delete files\folders 10:00:19.27 
--- Create Backups 10:00:19.33 
--- Firefox Extensions 10:00:20.59 
--- Chrome Look 10:00:22.28 
 
Link to post
Share on other sites

No, it won't work.
 
 
 
adwcleaner_new.png Fix with AdwCleaner
 
Please download AdwCleaner by Xplode and save the file to your Desktop.

  • Right-click on adwcleaner_new.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait until the database is updated.
  • Accept the Terms of use and click Scan.
  • When finished, please click Clean.
  • Upon completion, click Report. A log (AdwCleaner[s*].txt) will open.

Please include the contents of that file in your reply.
 
Note: Reports will be saved in your system partition, usually at C:\Adwcleaner
 
 
 
 

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

FRST.gif Fix with Farbar Recovery Scan Tool
 


icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif

 
Download attached fixlist.txt file and save it to the Desktop:
 
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please attach it to your reply.

fixlist.txt

Link to post
Share on other sites

Yup, did a full reset and re-configure for my network. No changes... Everything is exactly as it was when we first started. Should we go back to the beginning and try a different path?

 

I think what I have figured out with Zoek is that it will only run for "x" amount of time. Once that limit is reached, it is getting stuck. It still claims that it is working at this point, but it won't move forward. I also cannot make it stop, I can't close the program, nothing. If I start a scan, the only way I can resume using the computer is to shut the thing down and restart.

 

So... what do we try now?

Link to post
Share on other sites

FRST.gif Scan with Farbar Recovery Scan Tool
 
Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.

Please upload them into your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.