jnsonnier31 Posted January 16, 2015 ID:929818 Share Posted January 16, 2015 I'm currently running windows 7 (home) with Norton 360 and Malwarebytes (full paid version).....Recently downloaded a program to use for gps/marine electronics to make gps maps that others were using and MB started blocking a few websites and Norton blocking an intrusion (Trojan.Zbot Activity 15).....the IP address that MB is blocking is from Russia and I think this zbot is working with those....of course I'm not a pc guru but both started happing at the same time.....ran both MB and Norton scans and nothing is picked up and it continues. Need get some help to get this resolved/removed....... See image below for recent log..... May not be able to respond right away to post due to work but will get to it as quickly as I can. Any help is appreciated. Also if in wrong place move as needed. Link to post Share on other sites More sharing options...
LiquidTension Posted January 16, 2015 ID:929828 Share Posted January 16, 2015 Hello jnsonnier31, welcome to Malwarebytes' Malware Removal forum! My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.If you would allow me to call you by your first name I would prefer that. General P2P/Piracy Notice: If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed. ====================================================== Please read through the points below to ensure this process moves as quickly and efficiently as possible.Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.If you are unable to copy/paste your logs directly into your post, please attach the file. Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.Ensure you are following this topic. Click at the top of the page. ======================================================STEP 1 Malwarebytes Anti-Malware (MBAM)Open Malwarebytes Anti-Malware and click Update Now.Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.Click the Scan tab, ensure Threat Scan is checked and click Scan Now.Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.Upon completion of the scan (or after the reboot), click the History tab.Click Application Logs and double-click the Scan Log.Click Copy to Clipboard and paste the log in your next reply. STEP 2 Farbar Recovery Scan Tool (FRST) ScanPlease download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.Right-Click FRST.exe / FRST64.exe and select Run as administrator to run the programme.Click Yes to the disclaimer.Ensure the Addition.txt box is checked.Click the Scan button and let the programme run.Upon completion, click OK, then OK on the Addition.txt pop up screen.Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. STEP 3 TDSSKiller ScanPlease download TDSSKiller and save the file to your Desktop.Right-Click TDSSKiller.exe and select Run as administrator to run the programme.Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.Click Start Scan. Do not use the computer during the scan.If objects are found, change the action to skip.Click Continue and close the window.A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply. ====================================================== STEP 4 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.MBAM scan logFRST.txtAddition.txtTDSSKiller log (attached!) Link to post Share on other sites More sharing options...
jnsonnier31 Posted January 17, 2015 Author ID:930104 Share Posted January 17, 2015 Hi Adam....thanks for the help.....my name is Jeremy......see the requested logs below. MBAM Log: Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 1/16/2015Scan Time: 5:39:02 PMLogfile: MB.txtAdministrator: YesVersion: 2.00.4.1028Malware Database: v2015.01.16.14Rootkit Database: v2015.01.14.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x64File System: NTFSUser: ownerScan Type: Threat ScanResult: CompletedObjects Scanned: 334586Time Elapsed: 18 min, 48 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) FRST Log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015Ran by owner (administrator) on SONNIER on 16-01-2015 18:07:00Running from C:\Users\owner\DesktopLoaded Profiles: owner (Available profiles: owner)Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: IE)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\wlanext.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe(Microsoft Corporation) C:\Windows\splwow64.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [] => [X]HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logonHKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Run: [best Buy pc app] => C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-msHKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\RunOnce: [Adobe Speed Launcher] => 1421451413HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Policies\system: [DisableLockWorkstation] 0HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnkShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2YSearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> DefaultScope {65A15752-58D4-48CB-BC16-F52EEA6F0C49} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {65A15752-58D4-48CB-BC16-F52EEA6F0C49} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOSearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNOBHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)Toolbar: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ruFF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgnFF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-16]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-23]Chrome:=======CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150115.040\ENG64.SYS [129752 2014-12-08] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150115.040\EX64.SYS [2137304 2014-12-08] (Symantec Corporation)R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-11-19] (CACE Technologies, Inc.)R2 SADP_NPF; C:\windows\SysWOW64\drivers\sadp_npf64.sys [35344 2012-07-02] (CACE Technologies, Inc.)R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-23] (Symantec Corporation)R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-16 18:07 - 2015-01-16 18:07 - 00021319 _____ () C:\Users\owner\Desktop\FRST.txt2015-01-16 18:06 - 2015-01-16 18:07 - 00000000 ____D () C:\FRST2015-01-16 18:05 - 2015-01-16 18:05 - 02125824 _____ (Farbar) C:\Users\owner\Desktop\frst64.exe2015-01-15 22:00 - 2015-01-15 22:00 - 00000000 ____D () C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667}2015-01-15 18:48 - 2015-01-15 18:49 - 00262144 _____ () C:\windows\Minidump\011515-30576-01.dmp2015-01-14 01:23 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll2015-01-14 01:23 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys2015-01-14 01:23 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe2015-01-14 01:23 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll2015-01-14 01:23 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe2015-01-14 01:23 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll2015-01-14 01:23 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe2015-01-14 01:23 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe2015-01-14 01:23 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll2015-01-14 01:23 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe2015-01-14 01:23 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll2015-01-14 01:23 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll2015-01-14 01:23 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll2015-01-11 18:30 - 2015-01-11 18:30 - 00000000 ____D () C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806}2015-01-03 00:10 - 2015-01-03 00:10 - 00262144 _____ () C:\windows\Minidump\010315-25443-01.dmp2015-01-01 22:32 - 2015-01-01 22:32 - 00000000 ____D () C:\ProgramData\SMR4302015-01-01 15:41 - 2015-01-01 15:41 - 00262144 _____ () C:\windows\Minidump\010115-19921-01.dmp2015-01-01 11:45 - 2015-01-01 11:45 - 00262144 _____ () C:\windows\Minidump\010115-30030-01.dmp2014-12-30 22:46 - 2014-12-30 22:47 - 00262144 _____ () C:\windows\Minidump\123014-22869-01.dmp2014-12-29 23:50 - 2014-12-29 23:50 - 00006787 _____ () C:\Users\owner\Desktop\Malwarebytes Anti-Malware.txt2014-12-29 23:28 - 2015-01-01 22:34 - 00000000 ____D () C:\NPE2014-12-29 23:26 - 2015-01-01 22:38 - 00000000 ____D () C:\Users\owner\AppData\Local\NPE2014-12-29 23:16 - 2015-01-01 22:25 - 00000262 _____ () C:\Users\owner\Desktop\FixNecurs64bit.log2014-12-29 23:15 - 2014-12-29 23:15 - 05822560 _____ (Symantec Corporation) C:\Users\owner\Desktop\FixNecurs64bit.exe2014-12-23 18:28 - 2014-12-23 18:28 - 00000000 ____D () C:\LocalStorage2014-12-23 18:27 - 2014-12-23 18:27 - 00002051 _____ () C:\Users\Public\Desktop\SwannView Plus Client.lnk2014-12-23 18:27 - 2014-12-23 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SwannView Plus2014-12-23 18:26 - 2014-12-23 18:26 - 00000000 ____D () C:\Program Files\SwannView Plus2014-12-23 18:26 - 2013-10-21 10:39 - 00034808 _____ () C:\windows\SysWOW64\Drivers\InstallSadpNpfApp.exe2014-12-23 18:26 - 2012-07-02 10:49 - 00035344 _____ (CACE Technologies, Inc.) C:\windows\SysWOW64\Drivers\sadp_npf64.sys2014-12-23 18:26 - 2012-07-02 10:49 - 00035088 _____ (CACE Technologies, Inc.) C:\windows\SysWOW64\Drivers\sadp_npf.sys2014-12-18 21:16 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe2014-12-18 21:16 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-01-16 18:00 - 2012-04-04 17:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job2015-01-16 17:59 - 2012-01-24 20:47 - 00000000 ____D () C:\Users\owner\Documents\Jeremy's Files2015-01-16 17:54 - 2012-02-27 20:19 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job2015-01-16 17:44 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02015-01-16 17:44 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02015-01-16 17:42 - 2009-07-13 23:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI2015-01-16 17:40 - 2011-10-14 02:54 - 01048574 _____ () C:\windows\WindowsUpdate.log2015-01-16 17:36 - 2014-06-13 20:26 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2015-01-16 17:36 - 2012-02-27 20:19 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job2015-01-16 17:36 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2015-01-16 17:36 - 2009-07-13 22:51 - 00070316 _____ () C:\windows\setupact.log2015-01-15 18:48 - 2014-11-20 06:50 - 1061807336 _____ () C:\windows\MEMORY.DMP2015-01-15 18:48 - 2014-11-20 06:50 - 00000000 ____D () C:\windows\Minidump2015-01-14 19:00 - 2013-08-09 18:55 - 00000000 ____D () C:\windows\system32\MRT2015-01-14 18:53 - 2012-01-02 14:55 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe2015-01-14 18:48 - 2012-04-04 17:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater2015-01-14 18:48 - 2010-11-20 21:47 - 00843976 _____ () C:\windows\PFRO.log2015-01-14 02:34 - 2012-04-04 17:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2015-01-14 02:34 - 2011-07-27 01:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2015-01-09 22:04 - 2014-11-19 19:17 - 00000000 ____D () C:\Users\owner\AppData\Local\NETGEARGenie2015-01-01 19:19 - 2012-02-10 19:24 - 00000000 ____D () C:\Users\owner\Documents\Alicia's Files2014-12-30 13:19 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache2014-12-30 01:02 - 2014-06-13 20:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-12-29 23:43 - 2014-01-14 19:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Insight Planner2014-12-29 23:26 - 2011-10-14 03:19 - 00000000 ____D () C:\ProgramData\Norton2014-12-23 18:26 - 2011-07-27 01:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation InformationFiles in the root of some directories:============================2010-08-20 23:33 - 2010-08-20 23:33 - 0530432 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\comctl32.dll2009-07-13 19:15 - 2009-07-13 19:15 - 0486912 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\comdlg32.dll2012-01-22 13:19 - 2012-01-22 13:19 - 0000017 ____H () C:\Users\owner\AppData\Local\19720201.dat2012-01-11 18:07 - 2012-01-11 18:07 - 0007598 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-01-14 20:17==================== End Of Log ============================ Addition log: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015Ran by owner at 2015-01-16 18:07:43Running from C:\Users\owner\DesktopBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)Best Buy pc app (Version: 3.2.0.0 - Best Buy) HiddenBest Buy pc app (x32 Version: 3.2.0.0 - Best Buy) HiddenD3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) HiddenFugVS2005 (HKLM-x32\...\{0C8364B1-AFD8-45B7-ACE8-B76113B6C418}) (Version: 1.0.0 - Northport Systems Inc.)GMetrix SMS 4 (HKLM-x32\...\{2391AE2A-52F7-4591-86A2-C53BFF5EF95C}) (Version: 4.0.7.0 - GMetrix LLC)Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) HiddenGPSBabel 1.4.3 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version: - GPSBabel)Insight Genesis Upload Tool (HKLM-x32\...\{0EE028C9-2EDE-4A51-BF10-426F6B606D84}) (Version: 1.7.0.0 - Contour Innovations, LLC)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) HiddenLabel@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)Lowrance GPS Data Manger V.6 (HKLM-x32\...\{1515871A-9CBD-4ED6-9E63-21BFFDC714C0}) (Version: - )Lowrance Sonar Viewer 2.1.2 (HKLM-x32\...\{BAB08345-F74B-49DF-8C56-FCB6AABCDDD6}) (Version: 2.1.2 - Lowrance Electronics)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Navionics HotMaps Explorer 4.5 (HKLM-x32\...\NavionicsHotMapsExplorer_is1) (Version: 4.5 - Navionics Inc. and Northport Systems Inc.)NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) HiddenSwannView Plus (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 1.02.16.50 - company)Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) HiddenWindows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?==================== Restore Points =========================14-12-2014 19:35:57 Windows Update18-12-2014 21:22:47 Windows Update23-12-2014 18:25:27 Installed SwannView Plus29-12-2014 23:43:31 Removed HDS_4.1.36.68.30-12-2014 14:56:29 Norton 360 Registry Clean14-01-2015 18:52:14 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {0DF2DD17-3381-485A-8C5F-4E5062189C88} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exeTask: {0EDB007C-2CCD-42E0-A916-CAA924BC53AC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)Task: {35C92061-21FF-4AB1-9906-F3A644065EBA} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {53580F17-A951-411A-9461-15BE3E8D3776} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {6D702676-EC5D-4409-B523-6F8D09962F20} - System32\Tasks\{D3F76F5F-4532-43B8-92D6-578ABF86DE84} => pcalua.exe -a "C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF0UWDBZ\jre-6u30-windows-i586-iftw.exe" -d C:\Users\owner\DesktopTask: {866B0310-EDE9-47A1-9E98-04D361E08411} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)Task: {960787D8-2966-41D1-A01F-D8DF8E1290B7} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)Task: {A8D2D77E-2089-4352-BF26-672195BA2941} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvcTask: {B7923ADB-99BF-4510-8AF7-E38B0BB8F5A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)Task: {F080E054-B8C4-4943-B27D-51A6392E6226} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)Task: {FBC33A05-08A5-46F1-8B83-804D603545F0} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exeTask: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) =============2011-05-31 18:32 - 2011-05-31 18:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll2011-06-27 10:16 - 2011-06-27 10:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll2011-05-31 18:32 - 2011-05-31 18:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll2011-02-22 20:22 - 2011-02-22 20:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe2014-11-06 09:28 - 2014-11-06 09:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe2011-06-09 22:09 - 2011-06-09 22:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll2014-11-17 03:46 - 2014-11-17 03:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll2014-11-10 03:55 - 2014-11-10 03:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll2014-11-05 01:36 - 2014-11-05 01:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll2014-11-05 01:37 - 2014-11-05 01:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll2014-11-14 04:53 - 2014-11-14 04:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll2014-06-29 19:55 - 2014-06-29 19:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll2014-06-29 20:05 - 2014-06-29 20:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll2014-11-07 03:13 - 2014-11-07 03:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll2012-10-15 14:27 - 2012-10-15 14:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll2012-10-15 14:28 - 2012-10-15 14:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll2014-11-17 01:00 - 2014-11-17 01:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll2014-09-11 02:39 - 2014-09-11 02:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll2014-11-05 01:51 - 2014-11-05 01:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll2014-11-17 00:21 - 2014-11-17 00:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll2014-11-17 00:18 - 2014-11-17 00:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll2014-11-06 03:39 - 2014-11-06 03:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll2014-11-05 01:58 - 2014-11-05 01:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll2014-11-05 02:00 - 2014-11-05 02:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll2014-06-29 19:55 - 2014-06-29 19:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll2014-11-03 02:23 - 2014-11-03 02:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll2014-06-18 20:22 - 2014-06-18 20:22 - 02177405 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll2014-09-04 00:00 - 2014-09-04 00:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll2014-09-04 00:00 - 2014-09-04 00:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll2014-09-04 00:00 - 2014-09-04 00:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll2012-10-15 14:28 - 2012-10-15 14:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll2012-10-15 14:28 - 2012-10-15 14:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll2012-10-15 14:28 - 2012-10-15 14:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll2012-10-15 14:28 - 2012-10-15 14:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll2014-11-05 01:59 - 2014-11-05 01:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll2014-11-05 02:01 - 2014-11-05 02:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll2014-06-29 20:33 - 2014-06-29 20:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll2014-09-04 00:00 - 2014-09-04 00:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)==================== EXE Association (whitelisted) =============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== MSCONFIG/TASK MANAGER disabled items =========(Currently there is no automatic fix for this section.)========================= Accounts: ==========================Administrator (S-1-5-21-2485085295-3017701738-1666250531-500 - Administrator - Disabled)Guest (S-1-5-21-2485085295-3017701738-1666250531-501 - Limited - Disabled)HomeGroupUser$ (S-1-5-21-2485085295-3017701738-1666250531-1002 - Limited - Enabled)owner (S-1-5-21-2485085295-3017701738-1666250531-1000 - Administrator - Enabled) => C:\Users\owner==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (01/16/2015 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/16/2015 05:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/15/2015 06:49:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/14/2015 07:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/14/2015 06:55:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.Process ID: 14dcStart Time: 01d0305d17c5ddf8Termination Time: 15Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEReport Id:Error: (01/14/2015 06:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/12/2015 10:39:05 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/11/2015 00:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/11/2015 00:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: N360.exe, version: 12.11.4.4, time stamp: 0x53f531a0Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0x7dcFaulting application start time: 0xN360.exe0Faulting application path: N360.exe1Faulting module path: N360.exe2Report Id: N360.exe3Error: (01/10/2015 00:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003System errors:=============Error: (01/16/2015 05:37:27 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (01/16/2015 05:06:55 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (01/15/2015 10:29:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)Description: 0xc000014d45\??\C:\System Volume Information\Syscache.hveError: (01/15/2015 06:50:20 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (01/15/2015 06:49:10 PM) (Source: BugCheck) (EventID: 1001) (User: )Description: 0x0000000a (0xfffffa801e937178, 0x0000000000000002, 0x0000000000000001, 0xfffff80002e88fe5)C:\windows\MEMORY.DMP011515-30576-01Error: (01/15/2015 06:48:38 PM) (Source: EventLog) (EventID: 6008) (User: )Description: The previous system shutdown at 3:15:30 AM on 1/15/2015 was unexpected.Error: (01/14/2015 07:47:48 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (01/14/2015 07:45:13 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}Error: (01/14/2015 06:49:35 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}Error: (01/14/2015 02:34:36 AM) (Source: DCOM) (EventID: 10010) (User: )Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}Microsoft Office Sessions:=========================Error: (01/16/2015 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/16/2015 05:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/15/2015 06:49:32 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/14/2015 07:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/14/2015 06:55:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: IEXPLORE.EXE11.0.9600.1749614dc01d0305d17c5ddf815C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEError: (01/14/2015 06:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/12/2015 10:39:05 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/11/2015 00:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003Error: (01/11/2015 00:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )Description: N360.exe12.11.4.453f531a0ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7537dc01d02d0462d5395eC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\windows\SysWOW64\ntdll.dll5824b17d-99c2-11e4-be33-b870f4d9503aError: (01/10/2015 00:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003==================== Memory info ===========================Processor: Intel® Core i3-2330M CPU @ 2.20GHzPercentage of memory in use: 38%Total physical RAM: 6050.69 MBAvailable physical RAM: 3748.63 MBTotal Pagefile: 12099.57 MBAvailable Pagefile: 9432.8 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.83 MB==================== Drives ================================Drive c: (TI106230W0C) (Fixed) (Total:579.61 GB) (Free:500.85 GB) NTFS ==>[system with boot components (obtained from reading drive)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4FE3BE95)Partition 1: (Active) - (Size=1.5 GB) - (Type=27)Partition 2: (Not Active) - (Size=579.6 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)==================== End Of Log ============================TDSSKiller.3.0.0.42_16.01.2015_18.13.34_log.txt Link to post Share on other sites More sharing options...
LiquidTension Posted January 17, 2015 ID:930178 Share Posted January 17, 2015 Hi Jeremy, Please do the following. STEP 1 Farbar Recovery Scan Tool (FRST) ScriptPress the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.Copy the entire contents of the codebox below and paste into the Notepad document.startCreateRestorePoint:CloseProcesses:HKLM\...\Run: [] => [X]HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path2015-01-15 22:00 - 2015-01-15 22:00 - 00000000 ____D () C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667}2015-01-11 18:30 - 2015-01-11 18:30 - 00000000 ____D () C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806}2012-01-22 13:19 - 2012-01-22 13:19 - 0000017 ____H () C:\Users\owner\AppData\Local\19720201.datCustomCLSID: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:endClick File, Save As and type fixlist.txt as the File Name. Important: The file must be saved in the same location as FRST64.exe. NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.Right-Click FRST64.exe and select Run as administrator to run the programme.Click Fix.A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply. STEP 2 ComboFixNote: Please read through these instructions before running ComboFix. Please download ComboFix and save the file to your Desktop. << Important!Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click ComboFix.exe and select Run as administrator to run the programme.Follow the prompts. Allow ComboFix to complete it's removal routine (please refer to Important Notes:).Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.Re-enable your anti-virus software. Important Notes:Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.Do NOT use your computer whilst ComboFix is running.Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal. If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.ComboFix will disconnect your machine from the Internet as soon as it starts.Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.If you are unable to access the Internet after running ComboFix, please reboot your computer. STEP 3 AdwCleanerPlease download AdwCleaner and save the file to your Desktop.Right-Click AdwCleaner.exe and select Run as administrator to run the programme.Follow the prompts. Click Scan. Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. Ensure anything you know to be legitimate does not have a checkmark, and click Clean. Follow the prompts and allow your computer to reboot. After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt. STEP 4 Junkware Removal Tool (JRT)Please download Junkware Removal Tool and save the file to your Desktop.Create a System Restore Point. For instructions, please refer to the following link (W7).Temporarily disable your anti-virus software. For instructions, please refer to the following link.Right-Click JRT.exe and select Run as administrator to run the programme.Follow the prompts and allow the scan to run uninterrupted. Upon completion, a log (JRT.txt) will open on your desktop.Re-enable your anti-virus software.Copy the contents of JRT.txt and paste in your next reply. ======================================================STEP 5 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.Fixlog.txtComboFix.txtAdwCleaner[s0].txtJRT.txt Link to post Share on other sites More sharing options...
jnsonnier31 Posted January 17, 2015 Author ID:930340 Share Posted January 17, 2015 Ok here are the next steps per your request: Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015Ran by owner at 2015-01-17 13:13:25 Run:1Running from C:\Users\owner\DesktopLoaded Profiles: owner (Available profiles: owner)Boot Mode: Normal==============================================Content of fixlist:*****************startCreateRestorePoint:CloseProcesses:HKLM\...\Run: [] => [X]HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path2015-01-15 22:00 - 2015-01-15 22:00 - 00000000 ____D () C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667}2015-01-11 18:30 - 2015-01-11 18:30 - 00000000 ____D () C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806}2012-01-22 13:19 - 2012-01-22 13:19 - 0000017 ____H () C:\Users\owner\AppData\Local\19720201.datCustomCLSID: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end*****************Restore point was successfully created.Processes closed successfully.HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully."HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully."HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully."HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found."HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully."HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667} => Moved successfully.C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806} => Moved successfully.C:\Users\owner\AppData\Local\19720201.dat => Moved successfully.HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.========= ipconfig /flushdns =========Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.========= End of CMD: ================== netsh winsock reset all =========Sucessfully reset the Winsock Catalog.You must restart the computer in order to complete the reset.========= End of CMD: ================== netsh int ipv4 reset =========Reseting Global, OK!Reseting Interface, OK!Reseting Unicast Address, OK!Restart the computer to complete this action.========= End of CMD: ================== netsh int ipv6 reset =========Reseting Interface, OK!Restart the computer to complete this action.========= End of CMD: =========EmptyTemp: => Removed 53.9 MB temporary data.The system needed a reboot.==== End of Fixlog 13:15:10 ==== ComboFix: ComboFix 15-01-08.01 - owner 01/17/2015 13:43:55.1.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6051.4011 [GMT -6:00]Running from: c:\users\owner\Desktop\ComboFix.exeAV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\programdata\Roamingc:\windows\msdownld.tmpc:\windows\SysWow64\Packet.dllc:\windows\SysWow64\wpcap.dll..((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))..-------\Legacy_NPF-------\Service_NPF..((((((((((((((((((((((((( Files Created from 2014-12-17 to 2015-01-17 )))))))))))))))))))))))))))))))..2015-01-17 19:55 . 2015-01-17 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp2015-01-17 00:06 . 2015-01-17 19:15 -------- d-----w- C:\FRST2015-01-02 04:32 . 2015-01-02 04:32 -------- d-----w- c:\programdata\SMR4302014-12-30 05:28 . 2015-01-02 04:34 -------- d-----w- C:\NPE2014-12-30 05:26 . 2015-01-02 04:38 -------- d-----w- c:\users\owner\AppData\Local\NPE2014-12-24 00:28 . 2014-12-24 00:28 -------- d-----w- C:\LocalStorage2014-12-24 00:26 . 2013-10-21 16:39 34808 ----a-w- c:\windows\SysWow64\drivers\InstallSadpNpfApp.exe2014-12-24 00:26 . 2012-07-02 16:49 35344 ----a-w- c:\windows\SysWow64\drivers\sadp_npf64.sys2014-12-24 00:26 . 2012-07-02 16:49 35088 ----a-w- c:\windows\SysWow64\drivers\sadp_npf.sys2014-12-24 00:26 . 2014-12-24 00:26 -------- d-----w- c:\program files\SwannView Plus2014-12-19 03:16 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe2014-12-19 03:16 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2015-01-17 19:58 . 2014-06-14 02:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys2015-01-15 00:53 . 2012-01-02 20:55 113365784 ----a-w- c:\windows\system32\MRT.exe2015-01-14 08:34 . 2012-04-04 23:36 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2015-01-14 08:34 . 2011-07-27 07:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2014-12-04 02:50 . 2014-12-10 01:32 413184 ----a-w- c:\windows\system32\generaltel.dll2014-12-04 02:50 . 2014-12-10 01:32 741376 ----a-w- c:\windows\system32\invagent.dll2014-12-04 02:50 . 2014-12-10 01:32 396800 ----a-w- c:\windows\system32\devinv.dll2014-12-04 02:50 . 2014-12-10 01:32 830976 ----a-w- c:\windows\system32\appraiser.dll2014-12-04 02:50 . 2014-12-10 01:32 227328 ----a-w- c:\windows\system32\aepdu.dll2014-12-04 02:50 . 2014-12-10 01:32 192000 ----a-w- c:\windows\system32\aepic.dll2014-12-04 02:44 . 2014-12-10 01:32 1083392 ----a-w- c:\windows\system32\aeinv.dll2014-12-01 23:28 . 2014-12-10 01:32 1232040 ----a-w- c:\windows\system32\aitstatic.exe2014-11-27 01:43 . 2014-12-10 01:31 389296 ----a-w- c:\windows\system32\iedkcs32.dll2014-11-22 03:13 . 2014-12-10 01:31 25059840 ----a-w- c:\windows\system32\mshtml.dll2014-11-22 03:06 . 2014-12-10 01:31 2724864 ----a-w- c:\windows\system32\mshtml.tlb2014-11-22 03:06 . 2014-12-10 01:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll2014-11-22 02:50 . 2014-12-10 01:31 66560 ----a-w- c:\windows\system32\iesetup.dll2014-11-22 02:50 . 2014-12-10 01:31 580096 ----a-w- c:\windows\system32\vbscript.dll2014-11-22 02:49 . 2014-12-10 01:31 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll2014-11-22 02:49 . 2014-12-10 01:31 2885120 ----a-w- c:\windows\system32\iertutil.dll2014-11-22 02:48 . 2014-12-10 01:31 88064 ----a-w- c:\windows\system32\MshtmlDac.dll2014-11-22 02:41 . 2014-12-10 01:31 54784 ----a-w- c:\windows\system32\jsproxy.dll2014-11-22 02:40 . 2014-12-10 01:31 34304 ----a-w- c:\windows\system32\iernonce.dll2014-11-22 02:37 . 2014-12-10 01:31 633856 ----a-w- c:\windows\system32\ieui.dll2014-11-22 02:35 . 2014-12-10 01:31 114688 ----a-w- c:\windows\system32\ieetwcollector.exe2014-11-22 02:34 . 2014-12-10 01:31 814080 ----a-w- c:\windows\system32\jscript9diag.dll2014-11-22 02:34 . 2014-12-10 01:31 6039552 ----a-w- c:\windows\system32\jscript9.dll2014-11-22 02:26 . 2014-12-10 01:31 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe2014-11-22 02:22 . 2014-12-10 01:31 490496 ----a-w- c:\windows\system32\dxtmsft.dll2014-11-22 02:20 . 2014-12-10 01:31 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb2014-11-22 02:14 . 2014-12-10 01:31 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll2014-11-22 02:09 . 2014-12-10 01:31 199680 ----a-w- c:\windows\system32\msrating.dll2014-11-22 02:08 . 2014-12-10 01:31 92160 ----a-w- c:\windows\system32\mshtmled.dll2014-11-22 02:07 . 2014-12-10 01:31 501248 ----a-w- c:\windows\SysWow64\vbscript.dll2014-11-22 02:07 . 2014-12-10 01:31 62464 ----a-w- c:\windows\SysWow64\iesetup.dll2014-11-22 02:06 . 2014-12-10 01:31 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll2014-11-22 02:05 . 2014-12-10 01:31 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll2014-11-22 02:05 . 2014-12-10 01:31 316928 ----a-w- c:\windows\system32\dxtrans.dll2014-11-22 01:54 . 2014-12-10 01:31 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll2014-11-22 01:49 . 2014-12-10 01:31 718848 ----a-w- c:\windows\system32\ie4uinit.exe2014-11-22 01:49 . 2014-12-10 01:31 800768 ----a-w- c:\windows\system32\msfeeds.dll2014-11-22 01:47 . 2014-12-10 01:31 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll2014-11-22 01:46 . 2014-12-10 01:31 2125312 ----a-w- c:\windows\system32\inetcpl.cpl2014-11-22 01:43 . 2014-12-10 01:31 14412800 ----a-w- c:\windows\system32\ieframe.dll2014-11-22 01:40 . 2014-12-10 01:31 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll2014-11-22 01:29 . 2014-12-10 01:31 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll2014-11-22 01:28 . 2014-12-10 01:31 2358272 ----a-w- c:\windows\system32\wininet.dll2014-11-22 01:22 . 2014-12-10 01:31 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl2014-11-22 01:21 . 2014-12-10 01:31 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll2014-11-22 01:15 . 2014-12-10 01:31 1548288 ----a-w- c:\windows\system32\urlmon.dll2014-11-22 01:03 . 2014-12-10 01:31 800768 ----a-w- c:\windows\system32\ieapfltr.dll2014-11-22 01:00 . 2014-12-10 01:31 1888256 ----a-w- c:\windows\SysWow64\wininet.dll2014-11-21 12:14 . 2014-06-14 02:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys2014-11-21 12:14 . 2014-06-14 02:25 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys2014-11-21 12:14 . 2012-09-17 03:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys2014-11-20 01:17 . 2014-11-20 01:17 369168 ----a-w- c:\windows\system32\wpcap.dll2014-11-20 01:17 . 2014-11-20 01:17 35344 ----a-w- c:\windows\system32\drivers\npf.sys2014-11-20 01:17 . 2014-11-20 01:17 106000 ----a-w- c:\windows\system32\packet.dll2014-11-11 03:09 . 2014-12-10 01:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll2014-11-11 03:08 . 2014-11-20 06:29 241152 ----a-w- c:\windows\system32\pku2u.dll2014-11-11 03:08 . 2014-11-20 06:29 728064 ----a-w- c:\windows\system32\kerberos.dll2014-11-11 02:44 . 2014-12-10 01:32 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll2014-11-11 02:44 . 2014-11-20 06:29 186880 ----a-w- c:\windows\SysWow64\pku2u.dll2014-11-11 02:44 . 2014-11-20 06:29 550912 ----a-w- c:\windows\SysWow64\kerberos.dll2014-11-11 01:46 . 2014-12-10 01:30 119296 ----a-w- c:\windows\system32\drivers\tdx.sys2014-11-08 03:16 . 2014-12-10 01:30 2048 ----a-w- c:\windows\system32\tzres.dll2014-11-08 02:45 . 2014-12-10 01:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll2014-10-30 02:03 . 2014-12-10 01:30 165888 ----a-w- c:\windows\system32\charmap.exe2014-10-30 01:45 . 2014-12-10 01:30 155136 ----a-w- c:\windows\SysWow64\charmap.exe2014-10-25 01:57 . 2014-11-12 01:45 77824 ----a-w- c:\windows\system32\packager.dll2014-10-25 01:32 . 2014-11-12 01:45 67584 ----a-w- c:\windows\SysWow64\packager.dll2010-08-21 05:33 . 2010-08-21 05:33 530432 ----a-w- c:\program files (x86)\Common Files\comctl32.dll2009-07-14 01:15 . 2009-07-14 01:15 486912 ----a-w- c:\program files (x86)\Common Files\comdlg32.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2014-11-06 602880].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128].c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [x]S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]S2 SADP_NPF;Sadp Driver (SADP_NPF);c:\windows\SysWOW64\drivers\sadp_npf64.sys;c:\windows\SysWOW64\drivers\sadp_npf64.sys [x]S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - MBAMSWISSARMY*NewlyCreated* - WS2IFSL.Contents of the 'Scheduled Tasks' folder.2015-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:34].2015-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 22:41].2015-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 22:41]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ThpSrv"="c:\windows\system32\thpsrv" [X]"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmuStart Page = hxxp://google.com/mLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = <local>TCP: DhcpNameServer = 192.168.1.1.- - - - ORPHANS REMOVED - - - -.Toolbar-Locked - (no file)Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exeHKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - startToolbar-Locked - (no file)HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXEHKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exeHKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exeHKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exeHKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exeHKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exeHKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exeHKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe...[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1""ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS""TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32".--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.16".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]@Denied: (A 2) (Everyone)@="IFlashBroker6".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).------------------------ Other Running Processes ------------------------.c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exec:\program files (x86)\Malwarebytes Anti-Malware\mbam.exec:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe.**************************************************************************.Completion time: 2015-01-17 14:12:02 - machine was rebootedComboFix-quarantined-files.txt 2015-01-17 20:11.Pre-Run: 537,693,593,600 bytes freePost-Run: 536,949,751,808 bytes free.- - End Of File - - 6A92660912407B4B9460A5D912648241 AdwCleaner: # AdwCleaner v4.108 - Report created 17/01/2015 at 14:32:16# Updated 17/01/2015 by Xplode# Database : 2015-01-13.2 [Live]# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : owner - SONNIER# Running from : C:\Users\owner\Desktop\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] ********** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] ********** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17496*************************AdwCleaner[R0].txt - [706 octets] - [17/01/2015 14:22:11]AdwCleaner[s0].txt - [628 octets] - [17/01/2015 14:32:16]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [687 octets] ########## JRT: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.1 (12.28.2014:1)OS: Windows 7 Home Premium x64Ran by owner on Sat 01/17/2015 at 15:06:15.12~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ FoldersSuccessfully deleted: [Folder] "C:\ProgramData\best buy pc app"Successfully deleted: [Folder] "C:\Users\owner\appdata\local\best buy pc app"Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0036F699-01AC-4712-83E1-936724953325}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0040E385-B6B9-4BD8-A4C0-9F224604D5DF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{01637B23-09C6-4EF6-8B03-DE39FFD24522}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{01CAE49C-23AF-434B-86D1-DFFFC4381130}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{033392BD-EB88-4513-A0AC-42298A435DB5}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{03677033-827C-464F-85F3-B4B5937A436F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{04583546-749B-44C0-B23A-27F41085C6F4}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{04678191-F3CA-45B6-973F-9C39BC111429}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{04C5C790-38A2-4DF6-807B-04CD6E36D264}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{051DB0B8-B73C-4932-A1CF-68EB0B7D29FF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{08783646-F8AB-4904-B71D-D15960EED99B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0999F428-0BE5-444F-9D98-E674B979F44A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0A527807-1982-4CB7-98BD-45BEE967C59C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0B370FFD-99D5-4997-9E2C-75FACB9BF44A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0C0D00B3-EE1D-4CB0-A769-8D70A2B1EF17}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0C57C668-57EE-4F19-948E-F558004F11B2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0C9BFF96-0CC3-49B3-8B57-39D39A91CADD}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0E555C02-2F88-495C-801B-098C4AC17B80}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0F2F7C02-A614-403B-B30E-27C4D4A13096}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0F79365B-FA7A-4F0D-A634-B9C05E913D5F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0FFE073C-C2DB-4A79-B5BF-71D6CD18A279}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{10BC5CB9-A0F3-4EC3-A0F0-DD3B4ACF87A4}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{11613027-D121-44C5-AF72-60861446049D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{12193DF3-1314-40E4-B124-142D8E5846B8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1261EC15-48F9-4EDB-9D82-7BAF45C24408}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1266F087-65DE-4A15-83D3-45267D7BB251}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{12A65C61-24D7-4E23-946F-B2C96CE0D966}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{131CD5EE-9868-480E-8CE2-003DB5D17E4D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{141E4AB9-65DF-4158-B1EB-786A5C5D4731}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{143072C6-35A8-4D69-BD9A-5C4409632291}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{166631DC-5E00-4B72-A7E2-9D2D998281F4}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{16780E34-DEA5-4831-9AD8-F5B662D0E257}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1758321E-4F76-4A8D-BB77-88E4D31C9D73}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{175CEC0A-CE43-4C8F-AB07-E801BEE617BB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{18455982-A46B-4087-9F58-5C1A4526699A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{18CA61F2-92B7-4C81-AD13-B05EB2C6F0B8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{18F9A01C-120E-4997-8BBF-00FA5C0D02A7}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1AA6DA30-E699-436A-A82C-4556E43D9E07}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1C25F027-071F-4B87-9814-0DCA0B9EF05C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1E3EA296-F8F6-416F-8E77-49A212185DF4}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1EB9C0C3-3CD9-466F-95EF-DA1DB1706388}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{212C13D5-54B3-47E4-9819-16D33D274E99}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{21543B25-47DD-4107-B3C5-6AB9FBCEB3EF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2177F158-B5FA-40B2-838D-6C3E0C509E0E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{218568A0-9ED3-4C7C-A79B-022040932746}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{237D50D8-5761-43CA-9BAB-C3A99AA39AFB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{23BEEB3B-64B6-43B6-81B2-128641BB9C2C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{27C3AFA3-37EF-40EF-8C50-E92840E1F5E9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28204948-AA0E-447F-9AFB-ACF335740C1A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28529FD3-2813-46AE-A1ED-FF8A23D08F7A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{287D0AA6-856C-4B5C-9818-23D2DC7DB3F6}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28A2AFB0-089D-472E-8B6A-5EFC5537CA24}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28E86F72-43F3-414A-8665-970F3E4F39DC}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{295EE394-7E9F-4D44-AA0F-78A62B2FF3C0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{29E63EE6-2495-48B8-9D77-C9A95EDBF2B8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2A360E00-B25A-4986-BC6E-814DA4B1AC64}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2A5D56BE-2435-4DE5-9DF7-BBA69B5A02DA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2A6CCC62-0394-4114-A3BC-742C07C15269}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2B2C2605-59D7-4206-B85A-F22E8ECE2F51}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2BDF0EB6-955C-4027-A6C5-F45A2C6DDD3F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2BE700CD-4A4B-41C2-80C1-BA8B69A287D2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2C57A2A4-3616-4C07-ACC4-671856064128}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2D64FC22-8757-433F-ACD8-19545B232C37}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2E533B90-85BC-4311-823B-04E35DB2283A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{302EB446-DD58-4799-9042-08D699010061}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{34300467-0B64-43C2-B6D4-FB367E470678}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{34B3B5BB-9058-4E07-B9DC-1468BBA6FE47}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{351017EB-DD48-4F03-BB52-CCFF450C9368}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{36633CED-9602-4D40-8822-43F76F50E3F0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{36F3B961-A502-45FC-9AB0-FD3A5A3BC217}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{37B31CE9-AE66-458E-96BA-0108D4FF57F4}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3885E606-A7B6-4CF2-B879-9302444C738F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{38A90F99-8EE5-48FF-B3AD-1281E5F92920}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{38BEC6C8-C6C2-41C4-B0E7-30D42782F801}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{39F8D5BA-2BC9-481E-88BF-6AA2B53BD56A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3A87CD51-11A8-4961-A4DC-5B4BDF4C5054}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3A8AA0BB-E073-44BD-AE1A-FC6E63BC5EFD}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3AAE4D68-532C-456A-99C2-D308B41664D9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3AF590F5-9296-48BB-B46A-F68863DC89AC}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3B45F0CE-FED7-4566-9F52-33CD8E6EAE3C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3B6D5F7A-D204-492B-AF26-28E54AEA7C20}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3CD6C051-7A45-444A-9AFB-7589720095B3}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3D9B842C-8A8F-463B-A13F-5CCE6E2E244F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3DD415E3-CAC0-4CB6-905B-B8FCA7B116BD}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3F614A39-780D-420E-88AD-F75C1F6F3BDA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3F737CF3-6CCF-4CD2-B836-DD8A9C24D8E8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{40080FBD-4CCF-496E-9754-49A026B3AB49}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{400DD77E-0492-43E8-B6DF-AED4DC864E56}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{404AB243-60B6-4DB0-A7E7-5C53BCC23D91}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4170E80E-E459-4CD5-BED0-9FB8E4E97F63}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{432F1F58-B590-4B42-BDAB-B61312862330}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{442040D1-CD3C-4535-8EF0-B779E53C67C0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{46CFF9F0-7EBF-49CB-9C6B-9DD4A8C03CB0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{47B5205C-5355-4198-B931-6426F09B76A9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4948F7B9-6726-46FA-92DF-C1A61205DC43}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4A5E4544-0B9A-46EA-B10D-D4A63A871649}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4DDC5D13-4296-4E83-9A60-4AC736E56A09}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4E2DB701-FC22-4BAD-82C9-D8DD6B04D9AF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{50D467CE-F7A6-48BD-BFB7-F57F1C12C25E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{51BA2605-F7FC-449F-B2E9-B83BB52D2314}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{520D7206-0C4B-4F21-A0F6-125EEC999750}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{539F067F-4F71-45BC-BF2A-F16333AE41A3}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{53CDDC86-F9E3-4B91-B781-873388396472}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{542AF7D1-C855-40D8-A055-54001A4CD60E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{548CAC0C-E59F-4CE2-952D-42C97D277BF8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{54E6728E-02D9-4485-BB56-4433FAEF71DB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{55DD9FE5-F65D-4BC3-8503-4DC955A37AC2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{56D53A1D-87FD-4AC1-9F74-052CD8BF9E28}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{57DD1A76-E17B-4FB7-9CCE-E4E004081FBA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{582D5238-66AA-4482-9927-D28C72351BAF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{59F500FA-9899-4374-B45C-2AE1CEE85D04}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{59FBC708-7BBE-41C9-8597-94A3F4439ABC}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5A9BFCF5-0AC6-4404-9BD8-C1E4FB2176A0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5AEB9CCC-4458-4EBA-AFF7-B26DF6B09305}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5B1D8AEC-15C2-47A6-8C66-BEBA630AEAAF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5BD3D8C5-6781-4587-9D9A-5C108BDC189E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5CE2EE93-5472-43C2-9492-BA7149D649EA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5E4C0704-862A-488F-98CF-4003F1D0E7C9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5F231FAB-D47B-478E-BB85-60978DEBCD75}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5FC7066F-7A55-4E0E-8C37-61C6F5190223}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{61E7BE34-46AD-4355-86FC-FE7B8220A2A6}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{61EE2E4D-4FC5-4874-A311-B2D3C3BBF22C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{622FC696-B480-4FC9-B16B-CA7EC3D02429}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{63BC9088-9B88-478D-BD0D-1389696332CB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{65D95C8E-CEDB-4366-A57E-8542CA93F498}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{665E2E09-C22C-4CFF-9010-9EF9C475C942}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{681F2DEE-1BC6-408B-9113-7E10573D3D7E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6855E796-26B3-4962-9169-164CB4BB774F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6900255D-41D9-4AE1-BDDD-7711FF1BB6A6}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6919845E-25F4-4173-B4FC-A422479E2EA4}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{69265F43-9454-48CB-8A6E-C1F93C598C51}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{69A4A029-FC19-4680-9B89-90C661A5F1F6}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6A215270-9009-43D6-9268-D5841A231A7D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6B180E14-F99B-41F9-832D-ABAE07ACB85D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6B3E25F9-3E6A-4EED-953B-2E7C819CB945}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6BA0014A-0C3D-459C-B2CF-B00A38CD68A8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6BBEA172-C3CE-4BFB-B440-B08146AA89A5}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6C31E3C1-A075-4C53-B04C-3AE44F7CE399}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6C45F7C5-F302-4BB9-88DC-5042C1D84DBD}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6CB9CE1D-A132-42FD-BF6B-7804E9230544}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6D1DF47F-4356-4EBD-8AC1-AF88B49DB4C0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6D53BBEC-6B8D-46EE-BE44-6E6601096E61}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6E23F2B7-4869-40B8-8FA7-8975B6F91C2E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6FC5D534-F3DA-43E9-9FBC-890A217858E5}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{704B1FF9-CAD6-4CCF-8F3B-1C320FD171FC}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{70B2F660-1D6C-4068-B761-0206F334C53D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{70BBD47F-CF25-40B2-859A-22C4FF711C10}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{73261FF4-E134-4241-888C-D5F0CE1E7DE7}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{73532D3A-F8E9-4FF5-B979-6973FE9CE6A9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{73C88AC4-0215-4275-B670-F4FA555DBFEA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7587E8EE-060B-4504-ACB1-DB99A4C36E8C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{763B8FA5-04B1-4E82-927C-C7571AEFD2A9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{763CCEA2-CB2E-4166-ADC6-1F42740108CF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{77BBCCFF-29EA-40E8-B201-09A5BF397406}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7995FE65-D368-4921-B055-2E203BB33F46}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7A02FF9F-CE74-40DD-9AB4-C3F4A2C8F8F9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7A0D4A88-80B9-42F3-85EA-24DE49CAAC43}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7AAAED59-2BCA-45CF-A428-8694D4E8485F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7B813099-E5EC-4CD0-9F73-592A51DF752C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7C4BBF4B-01E9-41C0-8644-9F0DB193C96B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7C78525D-245E-4C19-9FE8-B234A0070B8C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7CC90395-FA33-48A6-93E2-88CB00B9994C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7E868932-2376-475B-B37B-77D295DD8CFA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7FD7D303-797B-434D-AAE8-535C8AA9EAA9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{809175F7-9E5A-4F7E-9343-680BB9D4BE56}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{814BD2B4-7B85-4E33-827D-C2CAF7DEFEA4}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{82295A12-396A-44AA-8729-A19609CEA094}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{82CD70F8-5010-457D-B777-D790F1AEB4F0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{82D1EE6C-BCD5-4969-9987-EED2F5A2FB1E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8305F39C-33F6-461A-9FE2-07EFB7930A4A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{832EC801-98BF-4D84-8D4B-5FDF12D87C90}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{832F6DC6-8E84-4388-84F5-E8CC47729B78}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{833EF53F-76B5-4FA6-AEA5-0C648B8DF178}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{85716B05-DE14-4C5E-A3BE-9B75D5CCED68}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8629D3C2-05EC-4A41-BDFC-E11D72E8E1AB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{87940ED9-72B3-4549-9F0F-5BA8FB3DA790}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{88360286-83BC-4748-AC81-B42F316F667C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{88EFC75A-370F-4379-90E6-F58EDA51A8A1}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8A107ADD-3A23-4F21-82F2-718BA4FD1EB7}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8A3309A6-096D-4CC9-A3C4-9F7E577693F5}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8B643A89-0174-43D8-A973-203A2332AFB2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8BD22B80-9549-46F6-8676-0273EC1EEA52}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8C317A75-C21A-4714-BE62-FB401CCF8E48}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8C94DD59-BC75-47B3-B4AB-A0593A278B0D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8F7252C8-AFAD-41D9-9488-BC9A7AD081E9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8F9C6993-481C-4305-A31D-868260D2B618}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{91BD3E1D-7645-4CEF-9497-2218A7DAC20A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9306D461-9582-442C-8F22-DE02E721236A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{933F2A92-6C5F-4F3A-884D-FB943287993E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{93BF7B9F-2F89-4ABA-94F0-37A7F3E10FFB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{950D9A57-59AF-436F-8A5C-E1EF9C106027}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{956B1718-3201-4895-B707-1D710816BA17}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{97C6C1B0-76CC-461E-A1D8-385510FB1E74}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9933C639-7A04-4F00-B59D-D1DE66A83C71}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9948474E-A09F-4896-8609-6B0C6B3E24B3}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{999E9C9E-D576-4FDB-B510-3FD601A6C405}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{99BDED72-555E-4A6C-856F-FC33D9A5818D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9AF745E6-FC25-4C55-AA8E-B959B0802F4B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9D48F677-BE34-4BC9-8AD0-FADBA3CA277F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9D55EC3F-EEC5-483B-B458-99A2FBEA9387}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A03A1E77-B01A-413A-9BE6-E1927EC0384B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A1F5AEA9-245C-41D0-98F6-067D9E6F5CAF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A220171C-B9AA-455C-AF9C-8B5E2EFF9819}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A2995728-D910-4617-9423-5EB0A29C0BF1}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A2B5B3C5-2FFB-47AD-97C7-64EAB5A5AB8B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A2EB2E12-E544-41C6-84D8-5E433856AB5B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A3AA1482-1C27-4392-B28E-6213E300AE8B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A415433C-5477-4A3B-9A44-C978E1369AC7}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A430C18F-256E-47A6-8FC8-6D6DC8381EE6}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A4B52E9F-00CF-4C7B-A211-0A40AD365017}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A4D05C37-3D85-4873-9C61-AC40063ADF4A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A4E17A13-8FB9-40E9-B78D-282AB8ECC6B1}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A64BB64F-D25B-477F-BF00-22261EAD46AF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A72DAAFC-95A4-40DD-AB38-C69615E4E2E8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A7B0C29F-B407-48E5-8A1B-53B9229B5CF2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A8D2148E-E193-4825-AEC9-20FC47886BB2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A9F56199-FD13-4D3E-8EDD-951225E8ACE6}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AAC53A54-BFD7-4875-BB31-3BB8B9EE3DFB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AAF13611-16DB-4FB4-901F-D83848B94B90}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AB99D950-778E-4F8A-B80C-9809B34493C9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AC83167D-33FD-4867-99E3-42963B2FDB50}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AC886539-0877-4060-AAC1-C57F1FFBA58C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AC8CD5E6-BE27-4AE6-AB17-AE2C304EB812}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{ACAF7CDE-BA1D-490E-8E99-AD8702B42C36}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AD326B19-E982-428E-BDA3-8C87A211E36D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B08FF9C5-7F28-4BC3-9785-DAC56B6B44BD}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B1C48FF5-BF86-406F-9C1B-7D520C8F48DA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B236A92B-25E1-49AB-B271-38377F73D2E2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B363F0E6-63BD-450C-B001-C9E03747F667}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B427F47F-D34A-4D5D-8C42-657303A17EEE}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B544F982-3CE8-4A8A-B3E5-6DBE2DA254B5}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B5508769-CF78-4784-8CDC-5439E115C00D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B6601802-F7CE-44B4-9F18-95BCC71134E9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B660FD29-E4C1-40A6-86DF-FFDDDB55461D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B7CCCCD4-A085-4E57-9B11-E8B29D15A212}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BAA325D4-3E17-4410-835A-155CBD4598B2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BC42BB5D-2A0D-4FDC-BC9E-D1BDFF976C04}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BC5BAE89-AE6E-4DEF-9B34-D62211464EDC}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BCF6D3D9-D98E-42F3-84DA-FB3D9DA6C319}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BD7E4565-BE12-4954-A44A-83EA3B852DB5}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BE10ADAE-20E1-424D-A13D-BB2FA59209EB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BE1E6736-5A42-4FDB-9BAC-DCFEBCC7E23B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BE7CE8D6-3088-410D-B145-2424D5A4A0DD}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BECB2F9F-58A6-4B99-B3F2-0CAC78987CA2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BF572A02-FD5B-4D47-A4A3-14E82E4D6C35}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BF5C0383-48D4-4A42-92FE-69A47BDD53BA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BFA7F402-D3A8-47B3-A0B7-C89D17E5D47E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BFAE6AC6-48B9-4E74-8B45-72CB19331900}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C11573AE-C62E-4118-95ED-C06E11B20C6B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C1193DA4-707E-4EC7-BBA4-A5261FBDC275}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C1EB0423-FAFA-4589-BC3D-455C7076B940}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C21D89EC-70F9-4278-A661-8984C265F14A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C388C11D-D7F0-4056-845B-A913985D2391}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C4E02959-6C1F-4C5B-86E0-0538C559644A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C5771727-E9F5-4DE0-8374-176328E13815}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C5B41C18-1261-46DE-B503-5721711516FD}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C5B651C6-BFD6-44FD-AB87-EAD708EC2716}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C6047521-69CC-4378-9D54-5D781F179917}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C66A2A12-B076-4953-AC8F-943CC72BA3A9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C7995446-0688-4520-BF07-7D0CB76354CB}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C80332C5-D001-44DB-88DC-B42A9830CD10}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C8A91CFB-DBC3-41BE-B262-F26395E1D960}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{CAF26FDF-2A4D-4709-86EF-5283902316DE}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{CF09E833-B67C-48E4-B46E-00C30E1CEC74}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D0179D55-6891-4A35-99F3-062ADD4CBA25}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D179CBEF-B853-4C2C-BEB9-8FC5B801D855}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D1B04BD0-30D2-4867-ADD7-5D1096320A98}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D23CB6D3-54A0-4D5A-BF1D-22EE32389E0C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D2E47C59-5C39-42EE-93FC-72AEA37BD8A3}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D3E03CF8-7177-4C46-8D38-8FD38840F2F3}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D7412AD5-598D-4D9E-A5A6-BE764D064A39}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D8E3AF4C-0960-4DCB-9956-0499F4215886}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D924923C-49D8-4903-AAFE-380CE3B09C33}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DE66D9CC-A750-4DB1-854E-C68FDB370EC0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DF092280-E254-4447-B6F4-D0166848D254}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DF348699-4F59-4DDE-9B94-D13160CCA208}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DFB0F169-AFA4-4313-A2FD-2012FB2E9F08}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E18FFEDE-76B0-4068-8E45-FA9297EB3558}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E1FED2DE-5572-4C17-BC79-03D03693E082}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E5A14973-AF21-4CF4-9EC4-4817BAAE1145}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E6D88542-AD84-4DBD-8CBD-A90D2F7FF582}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E7D5EFBB-422D-4093-A3E1-571387E0F2BF}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E8226253-8585-4601-90BA-1C010539E1FA}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E85E5589-E70E-44DD-8287-0C1AAB1ACFA8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E9F5ECA0-2742-4912-A265-36781391C373}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E9F5EF8C-7C75-41E9-8190-698A1451745F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EA2B1853-3F2B-474B-BC52-17D8D99238F7}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EA7DDC6A-D4CB-4008-9479-955D0C334231}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EB237E09-45D8-4390-85F6-E00B8D4E62B9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EB2C8807-A0E7-47E5-BC32-B32167F4A52D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EC328F42-2270-4CF1-9079-CEF5968EB34A}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EC8E726D-9552-4C11-8560-393627801B41}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EDD6A4A9-277D-4E41-A32F-87AF0BE3C85F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EDFFE151-DDF9-4A34-9D0D-A8C094382129}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EE222FD6-7210-450C-A1F5-9368E75ED93B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EE388A7A-AC67-479C-B622-976D7C20C52D}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EEF50D63-7227-48F2-AC1D-D91F632FA9C0}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EFEE0BC1-14C5-4F7F-AD08-77A7F393CB79}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F036E26C-9E29-476E-8A95-511D7989E40E}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F092B6DA-164F-4AE5-8A97-BDC59D827A1C}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F339D18A-217B-4512-B16D-36E7742CAA80}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F37D779A-C4B4-4A38-AC21-D197FE937A01}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F528CF6B-BDCF-46BA-81C4-070B1491B7CE}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F56D368F-54D7-4A9B-82F5-4FA5E255D8B8}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F58A7F29-B505-4C40-BE92-C5D1C2627B33}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F5CEDF28-40F4-452D-B9F3-1B4932E7AE10}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F6C116BB-C283-4C8B-9992-4F51C73DDA5B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F7A14FB9-4D24-4B17-A162-701671757997}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F84DDFEA-941D-4999-A4A0-90C492AD2BF2}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F8910B2A-2E1A-4DD3-9331-CE88A5DB9A9F}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F93C6CAD-F158-4B34-BA9C-4BED79ECAB66}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FB2AC191-389D-4294-8237-5B3F10F62A9B}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FCE24BA5-7EC5-4CAC-99E5-1274F858C7A1}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FDEE6B1E-8240-490A-8766-C04E457139F9}Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FF79BBA8-DF23-4CAD-B49F-91F78E771083} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Sat 01/17/2015 at 15:10:08.20End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
LiquidTension Posted January 18, 2015 ID:930534 Share Posted January 18, 2015 Hi Jeremy, Please let me know how your PC is performing after completing the steps below. Are there any outstanding issues? STEP 1 RogueKillerPlease download RogueKiller (x64) and save the file to your Desktop.Close any running programmes.Right-Click RogueKiller.exe and select Run as administrator to run the programme.Allow the Prescan to complete. Upon completion, a window will open. Click Accept.A browser window may open. Close the browser window.Click . Upon completion, click .Close the programme. Do not fix anything!A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply. STEP 2 ESET Online ScanNote: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.Please download ESET Online Scan and save the file to your Desktop.Temporarily disable your anti-virus software. For instructions, please refer to the following link.Double-click esetsmartinstaller_enu.exe to run the programme. Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.Agree to the Terms of Use once more and click Start. Allow components to download.Place a checkmark next to Enable detection of potentially unwanted applications.Click Advanced settings. Place a checkmark next to:Scan archivesScan for potentially unsafe applicationsEnable Anti-Stealth technologyEnsure Remove found threats is unchecked.Click Start.Wait for the scan to finish. Please be patient as this can take some time.Upon completion, click . If no threats were found, skip the next two bullet points. Click and save the file to your Desktop, naming it something such as "MyEsetScan".Push the Back button.Place a checkmark next to and click .Re-enable your anti-virus software.Copy the contents of the log and paste in your next reply. ====================================================== STEP 3 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.RKreport.txtESET Online Scan logAre there any outstanding issues? Link to post Share on other sites More sharing options...
jnsonnier31 Posted January 19, 2015 Author ID:930685 Share Posted January 19, 2015 I have not seen MB and Norton pop back up blocking the zbot or the website that was getting "contacted"..... Ok, ran the last 2 programs and the last one Eset did not give me a report. On the finish screen it did say "0 infected files"....here is the log for Rougekiller. RougeKiller: RogueKiller V10.1.2.0 (x64) [Jan 7 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : owner [Administrator]Mode : Scan -- Date : 01/18/2015 19:38:53¤¤¤ Processes : 0 ¤¤¤¤¤¤ Registry : 22 ¤¤¤[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Found[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Found[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2 -> Found[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found¤¤¤ Tasks : 0 ¤¤¤¤¤¤ Files : 1 ¤¤¤[suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> Found¤¤¤ Hosts File : 1 ¤¤¤[C:\windows\System32\drivers\etc\hosts] 127.0.0.1 localhost¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++--- User ---[MBR] 6f9d3e58a395f50e6ff2695e646c1792[bSP] b0c3f2bbbc0fd86d58e9605adc11f0ba : HP MBR CodePartition table:0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 593519 MB2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1218600960 | Size: 15460 MBUser = LL1 ... OKUser = LL2 ... OK Link to post Share on other sites More sharing options...
LiquidTension Posted January 19, 2015 ID:930768 Share Posted January 19, 2015 Hello Jeremy, I have not seen MB and Norton pop back up blocking the zbot or the website that was getting "contacted".....Ok, ran the last 2 programs and the last one Eset did not give me a report. On the finish screen it did say "0 infected files"Excellent. Lets update your vulnerable software to reduce the risk of reinfection. STEP 1 Update Outdated SoftwareOutdated software contain security risks that must be patched. Please download and install the latest version of the programmes below. Adobe Air Java (watch out for "Optional Offers" or bundled software) Follow these instructions to check for and download the latest Windows Updates. STEP 2 Remove Outdated SoftwarePress the Windows Key + r on your keyboard at the same time. Type appwiz.cpl and click OK.Search for the following programmes, right-click and click Uninstall one at a time.Note: The programmes below may not be present. If this is the case, please skip to the next step.Java 7 Update 65JavaFX 2.1.1Follow the prompts, and reboot if necessary. STEP 3 Disable Java in Your BrowserDue to frequent exploits we recommend you disable Java in your browser.For information on Java vulnerabilities, please read the following article (point #7).Click the Windows Start Button and type Java Control Panel (or javacpl) in the search bar. Click on the Java Control Panel. Once opened, click the Security tab.Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. Click Apply. When the Windows User Account Control (UAC) appears, allow permissions to make the changes. Click OK in the Java Plug-in confirmation window.Restart your browser(s) for changes to take effect.More information can be found here and here. STEP 4 Security CheckPlease download SecurityCheck and save the file to your Desktop.Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.A log (checkup.txt) will automatically open on your Desktop.Copy the contents of the log and paste in your next reply. ====================================================== STEP 5 LogsIn your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.checkup.txtHow is your computer performing? Are there any outstanding issues? Link to post Share on other sites More sharing options...
jnsonnier31 Posted January 20, 2015 Author ID:930988 Share Posted January 20, 2015 I don't think there are any outstanding issues....haven't seen the blocked website warnings since the 17th (this past Saturday)..... Ok, here is the latest text file from Security Check Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton 360 Premier Edition WMI entry may not exist for antivirus; attempting automatic update.`````````Anti-malware/Other Utilities Check:````````` Java 8 Update 25 Java version 32-bit out of Date! Adobe Flash Player 16.0.0.257 Adobe Reader XI ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5%````````````````````End of Log`````````````````````` Link to post Share on other sites More sharing options...
LiquidTension Posted January 20, 2015 ID:931102 Share Posted January 20, 2015 Hi Jeremy, I don't think there are any outstanding issuesExcellent! Now for the good news. All Clean!Congratulations, your computer appears clean! I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful. My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. STEP 1 ComboFix UninstallPress the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:ComboFix /UninstallClick OK.Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process. STEP 2 DelFixPlease download DelFix and save the file to your Desktop.Double-click DelFix.exe to run the programme.Place a checkmark next to the following items:Activate UACRemove disinfection toolsCreate registry backupPurge system restoreReset system settingsClick the Run button.-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete). ====================================================== I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.Answers to common security questions - Best Practices by quietman7, MVPHow Malware Spreads - How did I get infected? by quietman7, MVPSimple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVPHow to Prevent Malware by miekiemoes, MVPHow to backup and restore your data using Cobian Backup by YourHighnessSlow Computer/browser? It May Not Be Malware by quietman7, MVP The following programmes come highly recommended in the security community. AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software. Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution. NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology. Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you. Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you. SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies. Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above. ====================================================== Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. Thank you for using Malwarebytes. Safe Surfing. Adam Link to post Share on other sites More sharing options...
jnsonnier31 Posted January 21, 2015 Author ID:931264 Share Posted January 21, 2015 So far so good and ill keep a look out as I use it to make sure nothing comes up.......Looks like all the programs have been removed....I appreciate your effort and work with this matter and glad that I have MB as a program on my PC's..... Link to post Share on other sites More sharing options...
LiquidTension Posted January 21, 2015 ID:931393 Share Posted January 21, 2015 I'm pleased to hear! I will mark your topic as solved. All the best, Adam Link to post Share on other sites More sharing options...
Naathim Posted January 21, 2015 ID:931416 Share Posted January 21, 2015 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts