Jump to content

Malware?


Recommended Posts

I'm currently running windows 7 (home) with Norton 360 and Malwarebytes (full paid version).....Recently downloaded a program to use for gps/marine electronics to make gps maps that others were using and MB started blocking a few websites and Norton blocking an intrusion (Trojan.Zbot Activity 15).....the IP address that MB is blocking is from Russia and I think this zbot is working with those....of course I'm not a pc guru but both started happing at the same time.....ran both MB and Norton scans and nothing is picked up and it continues.

 

Need get some help to get this resolved/removed....... See image below for recent log.....

 

May not be able to respond right away to post due to work but will get to it as quickly as I can.

 

Any help is appreciated.

 

Also if in wrong place move as needed.

 

 

post-181793-0-37380700-1421382295_thumb.

Link to post
Share on other sites

Hello jnsonnier31, welcome to Malwarebytes' Malware Removal forum!
 
My username is LiquidTension, but you can call me Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that. :)
 
General P2P/Piracy Notice: 
 

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum. 
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

 
======================================================
 
Please read through the points below to ensure this process moves as quickly and efficiently as possible.

  • Please ensure you read through my instructions thoroughly, and carry out each step in the order specified.
  • If you are unable to copy/paste your logs directly into your post, please attach the file. 
  • Please do not run any tools or take any steps other than those I provide for you. Independent efforts may make matters worse, and will affect my ability in ascertaining the current situation and providing the best set of instructions for you.
  • Please backup important files before proceeding with my instructions. Malware removal can be unpredictable.
  • If you come across any issues whilst following my instructions, please stop and inform me of the issue in as much detail as possible. Please do not hesitate to ask before proceeding.
  • Topics are locked if no response is made after 4 days. Please inform me if you will require additional time to complete my instructions.
  • Ensure you are following this topic. Click xetYzdbu.png.pagespeed.ic.U7AjmRUewW.png at the top of the page. 
     

======================================================

STEP 1
GfiJrQ9.png Malwarebytes Anti-Malware (MBAM)

  • Open Malwarebytes Anti-Malware and click Update Now.
  • Once updated, click the Settings tab, followed by Detection and Protection and tick Scan for rootkits.
  • Click the Scan tab, ensure Threat Scan is checked and click Scan Now.
  • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards. 
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • Click Copy to Clipboard and paste the log in your next reply. 
     

STEP 2
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Scan

  • Please download Farbar Recovery Scan Tool (x32) or Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
  • Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
  • Right-Click FRST.exe / FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Yes to the disclaimer.
  • Ensure the Addition.txt box is checked.
  • Click the Scan button and let the programme run.
  • Upon completion, click OK, then OK on the Addition.txt pop up screen.
  • Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply. 
     

STEP 3
YARWD1t.png.pagespeed.ce.nvhmVeYDe3.png TDSSKiller Scan

  • Please download TDSSKiller and save the file to your Desktop.
  • Right-Click TDSSKiller.exe and select xAVOiBNU.jpg.pagespeed.ic.H5HC6LkiJX.jpg Run as administrator to run the programme.
  • Click Change parameters. Place a checkmark next to Detect TDLFS file system and Verify file digital signatures.
  • ​Click Start Scan. Do not use the computer during the scan.
  • If objects are found, change the action to skip.
  • Click Continue and close the window.
  • A log will be created and saved to the root directory (usually C:\). Attach the file in your next reply.
     

======================================================
 
STEP 4
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • MBAM scan log
  • FRST.txt
  • Addition.txt
  • TDSSKiller log (attached!)
Link to post
Share on other sites

Hi Adam....thanks for the help.....my name is Jeremy......see the requested logs below.

 

MBAM Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/16/2015
Scan Time: 5:39:02 PM
Logfile: MB.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.16.14
Rootkit Database: v2015.01.14.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334586
Time Elapsed: 18 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

 

 

 

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-01-2015
Ran by owner (administrator) on SONNIER on 16-01-2015 18:07:00
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available profiles: owner)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\n360.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(NETGEAR Inc.) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [intelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM-x32\...\Run: [sVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2011-03-10] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Run: [best Buy pc app] => C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Run: [NETGEARGenie] => C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe [602880 2014-11-06] (NETGEAR Inc.)
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\RunOnce: [Adobe Speed Launcher] => 1421451413
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk
ShortcutTarget: Best Buy pc app.lnk -> C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> DefaultScope {65A15752-58D4-48CB-BC16-F52EEA6F0C49} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {65A15752-58D4-48CB-BC16-F52EEA6F0C49} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=20&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (TOSHIBA Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @bestbuy.com/npBestBuyPcAppDetector,version=1.0 -> C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [linkfilter@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2011\FFExt\linkfilter@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-01-16]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-23]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2014-11-06] (NETGEAR)
R2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-11] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [668888 2015-01-14] (Symantec Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150115.040\ENG64.SYS [129752 2014-12-08] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20150115.040\EX64.SYS [2137304 2014-12-08] (Symantec Corporation)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [35344 2014-11-19] (CACE Technologies, Inc.)
R2 SADP_NPF; C:\windows\SysWOW64\drivers\sadp_npf64.sys [35344 2012-07-02] (CACE Technologies, Inc.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-23] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:07 - 2015-01-16 18:07 - 00021319 _____ () C:\Users\owner\Desktop\FRST.txt
2015-01-16 18:06 - 2015-01-16 18:07 - 00000000 ____D () C:\FRST
2015-01-16 18:05 - 2015-01-16 18:05 - 02125824 _____ (Farbar) C:\Users\owner\Desktop\frst64.exe
2015-01-15 22:00 - 2015-01-15 22:00 - 00000000 ____D () C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667}
2015-01-15 18:48 - 2015-01-15 18:49 - 00262144 _____ () C:\windows\Minidump\011515-30576-01.dmp
2015-01-14 01:23 - 2014-12-18 21:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 01:23 - 2014-12-18 19:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-14 01:23 - 2014-12-11 23:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 01:23 - 2014-12-11 23:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 01:23 - 2014-12-11 23:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 01:23 - 2014-12-11 23:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 01:23 - 2014-12-11 23:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 01:23 - 2014-12-11 23:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 01:23 - 2014-12-11 23:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-14 01:23 - 2014-12-11 11:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 01:23 - 2014-12-05 22:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 01:23 - 2014-12-05 21:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 01:23 - 2014-12-05 21:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-11 18:30 - 2015-01-11 18:30 - 00000000 ____D () C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806}
2015-01-03 00:10 - 2015-01-03 00:10 - 00262144 _____ () C:\windows\Minidump\010315-25443-01.dmp
2015-01-01 22:32 - 2015-01-01 22:32 - 00000000 ____D () C:\ProgramData\SMR430
2015-01-01 15:41 - 2015-01-01 15:41 - 00262144 _____ () C:\windows\Minidump\010115-19921-01.dmp
2015-01-01 11:45 - 2015-01-01 11:45 - 00262144 _____ () C:\windows\Minidump\010115-30030-01.dmp
2014-12-30 22:46 - 2014-12-30 22:47 - 00262144 _____ () C:\windows\Minidump\123014-22869-01.dmp
2014-12-29 23:50 - 2014-12-29 23:50 - 00006787 _____ () C:\Users\owner\Desktop\Malwarebytes Anti-Malware.txt
2014-12-29 23:28 - 2015-01-01 22:34 - 00000000 ____D () C:\NPE
2014-12-29 23:26 - 2015-01-01 22:38 - 00000000 ____D () C:\Users\owner\AppData\Local\NPE
2014-12-29 23:16 - 2015-01-01 22:25 - 00000262 _____ () C:\Users\owner\Desktop\FixNecurs64bit.log
2014-12-29 23:15 - 2014-12-29 23:15 - 05822560 _____ (Symantec Corporation) C:\Users\owner\Desktop\FixNecurs64bit.exe
2014-12-23 18:28 - 2014-12-23 18:28 - 00000000 ____D () C:\LocalStorage
2014-12-23 18:27 - 2014-12-23 18:27 - 00002051 _____ () C:\Users\Public\Desktop\SwannView Plus Client.lnk
2014-12-23 18:27 - 2014-12-23 18:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SwannView Plus
2014-12-23 18:26 - 2014-12-23 18:26 - 00000000 ____D () C:\Program Files\SwannView Plus
2014-12-23 18:26 - 2013-10-21 10:39 - 00034808 _____ () C:\windows\SysWOW64\Drivers\InstallSadpNpfApp.exe
2014-12-23 18:26 - 2012-07-02 10:49 - 00035344 _____ (CACE Technologies, Inc.) C:\windows\SysWOW64\Drivers\sadp_npf64.sys
2014-12-23 18:26 - 2012-07-02 10:49 - 00035088 _____ (CACE Technologies, Inc.) C:\windows\SysWOW64\Drivers\sadp_npf.sys
2014-12-18 21:16 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-18 21:16 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 18:00 - 2012-04-04 17:36 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 17:59 - 2012-01-24 20:47 - 00000000 ____D () C:\Users\owner\Documents\Jeremy's Files
2015-01-16 17:54 - 2012-02-27 20:19 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 17:44 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:44 - 2009-07-13 22:45 - 00025120 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 17:42 - 2009-07-13 23:13 - 00783464 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-16 17:40 - 2011-10-14 02:54 - 01048574 _____ () C:\windows\WindowsUpdate.log
2015-01-16 17:36 - 2014-06-13 20:26 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 17:36 - 2012-02-27 20:19 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 17:36 - 2009-07-13 23:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 17:36 - 2009-07-13 22:51 - 00070316 _____ () C:\windows\setupact.log
2015-01-15 18:48 - 2014-11-20 06:50 - 1061807336 _____ () C:\windows\MEMORY.DMP
2015-01-15 18:48 - 2014-11-20 06:50 - 00000000 ____D () C:\windows\Minidump
2015-01-14 19:00 - 2013-08-09 18:55 - 00000000 ____D () C:\windows\system32\MRT
2015-01-14 18:53 - 2012-01-02 14:55 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-14 18:48 - 2012-04-04 17:36 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 18:48 - 2010-11-20 21:47 - 00843976 _____ () C:\windows\PFRO.log
2015-01-14 02:34 - 2012-04-04 17:36 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 02:34 - 2011-07-27 01:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-09 22:04 - 2014-11-19 19:17 - 00000000 ____D () C:\Users\owner\AppData\Local\NETGEARGenie
2015-01-01 19:19 - 2012-02-10 19:24 - 00000000 ____D () C:\Users\owner\Documents\Alicia's Files
2014-12-30 13:19 - 2009-07-13 21:20 - 00000000 ____D () C:\windows\rescache
2014-12-30 01:02 - 2014-06-13 20:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-29 23:43 - 2014-01-14 19:14 - 00000000 ____D () C:\Users\owner\AppData\Roaming\Insight Planner
2014-12-29 23:26 - 2011-10-14 03:19 - 00000000 ____D () C:\ProgramData\Norton
2014-12-23 18:26 - 2011-07-27 01:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

Files in the root of some directories:
============================
2010-08-20 23:33 - 2010-08-20 23:33 - 0530432 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\comctl32.dll
2009-07-13 19:15 - 2009-07-13 19:15 - 0486912 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\comdlg32.dll
2012-01-22 13:19 - 2012-01-22 13:19 - 0000017 ____H () C:\Users\owner\AppData\Local\19720201.dat
2012-01-11 18:07 - 2012-01-11 18:07 - 0007598 _____ () C:\Users\owner\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 20:17

==================== End Of Log ============================

 

 

 

 

 

Addition log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-01-2015
Ran by owner at 2015-01-16 18:07:43
Running from C:\Users\owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier Edition (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton 360 Premier Edition (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 Premier Edition (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Best Buy pc app (Version: 3.2.0.0 - Best Buy) Hidden
Best Buy pc app (x32 Version: 3.2.0.0 - Best Buy) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FugVS2005 (HKLM-x32\...\{0C8364B1-AFD8-45B7-ACE8-B76113B6C418}) (Version: 1.0.0 - Northport Systems Inc.)
GMetrix SMS 4 (HKLM-x32\...\{2391AE2A-52F7-4591-86A2-C53BFF5EF95C}) (Version: 4.0.7.0 - GMetrix LLC)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPSBabel 1.4.3 (HKLM-x32\...\{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1) (Version:  - GPSBabel)
Insight Genesis Upload Tool (HKLM-x32\...\{0EE028C9-2EDE-4A51-BF10-426F6B606D84}) (Version: 1.7.0.0 - Contour Innovations, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® WiDi (HKLM-x32\...\{781A93CD-1608-427D-B7F0-D05C07795B25}) (Version: 2.1.41.0 - Intel Corporation)
Intel® Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version:  - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.650 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Lowrance GPS Data Manger V.6 (HKLM-x32\...\{1515871A-9CBD-4ED6-9E63-21BFFDC714C0}) (Version:  - )
Lowrance Sonar Viewer 2.1.2 (HKLM-x32\...\{BAB08345-F74B-49DF-8C56-FCB6AABCDDD6}) (Version: 2.1.2 - Lowrance Electronics)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Navionics HotMaps Explorer 4.5 (HKLM-x32\...\NavionicsHotMapsExplorer_is1) (Version: 4.5 - Navionics Inc. and Northport Systems Inc.)
NETGEAR Genie (HKLM-x32\...\NETGEAR Genie) (Version: 2.3.1.46 - NETGEAR Inc.)
Norton 360 (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
SwannView Plus (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 1.02.16.50 - company)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.37C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.12 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.6 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points  =========================

14-12-2014 19:35:57 Windows Update
18-12-2014 21:22:47 Windows Update
23-12-2014 18:25:27 Installed SwannView Plus
29-12-2014 23:43:31 Removed HDS_4.1.36.68.
30-12-2014 14:56:29 Norton 360 Registry Clean
14-01-2015 18:52:14 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0DF2DD17-3381-485A-8C5F-4E5062189C88} - System32\Tasks\Norton Zone\Norton Error Analyzer => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exe
Task: {0EDB007C-2CCD-42E0-A916-CAA924BC53AC} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-14] (Adobe Systems Incorporated)
Task: {35C92061-21FF-4AB1-9906-F3A644065EBA} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {53580F17-A951-411A-9461-15BE3E8D3776} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {6D702676-EC5D-4409-B523-6F8D09962F20} - System32\Tasks\{D3F76F5F-4532-43B8-92D6-578ABF86DE84} => pcalua.exe -a "C:\Users\owner\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZF0UWDBZ\jre-6u30-windows-i586-iftw.exe" -d C:\Users\owner\Desktop
Task: {866B0310-EDE9-47A1-9E98-04D361E08411} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {960787D8-2966-41D1-A01F-D8DF8E1290B7} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {A8D2D77E-2089-4352-BF26-672195BA2941} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B7923ADB-99BF-4510-8AF7-E38B0BB8F5A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {F080E054-B8C4-4943-B27D-51A6392E6226} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {FBC33A05-08A5-46F1-8B83-804D603545F0} - System32\Tasks\Norton Zone\Norton Error Processor => C:\Program Files (x86)\Norton Zone\Engine\2.0.97.14\SymErr.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-05-31 18:32 - 2011-05-31 18:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-06-27 10:16 - 2011-06-27 10:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-05-31 18:32 - 2011-05-31 18:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2011-02-22 20:22 - 2011-02-22 20:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2014-11-06 09:28 - 2014-11-06 09:28 - 00105216 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\genie2_tray.exe
2011-06-09 22:09 - 2011-06-09 22:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 03369922 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuin51.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00544817 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00989805 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libstdc++-6.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01978690 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icuuc51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 22378434 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\icudt51.dll
2013-09-28 19:14 - 2013-09-28 19:14 - 01233408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\platforms\qwindows.dll
2014-11-17 03:46 - 2014-11-17 03:46 - 00639488 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
2014-11-10 03:55 - 2014-11-10 03:55 - 01686016 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SvtNetworkTool.dll
2014-11-05 01:36 - 2014-11-05 01:36 - 00192512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
2014-11-05 01:37 - 2014-11-05 01:37 - 00632832 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
2014-11-14 04:53 - 2014-11-14 04:53 - 06499840 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
2014-06-29 19:55 - 2014-06-29 19:55 - 00068608 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\QRCode.dll
2014-06-29 20:05 - 2014-06-29 20:05 - 01183232 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\qwt.dll
2014-11-07 03:13 - 2014-11-07 03:13 - 02475520 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_MyMedia.dll
2012-10-15 14:27 - 2012-10-15 14:27 - 00111616 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlc.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 02286592 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\libvlccore.dll
2014-11-17 01:00 - 2014-11-17 01:00 - 01056768 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
2014-09-11 02:39 - 2014-09-11 02:39 - 00144896 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
2014-11-05 01:51 - 2014-11-05 01:51 - 01191424 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
2014-11-17 00:21 - 2014-11-17 00:21 - 10374656 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
2014-11-17 00:18 - 2014-11-17 00:18 - 02496512 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
2014-11-06 03:39 - 2014-11-06 03:39 - 00200192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
2014-11-05 01:58 - 2014-11-05 01:58 - 00889344 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Ui.dll
2014-11-05 02:00 - 2014-11-05 02:00 - 00435712 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00052224 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00261120 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qsvg.dll
2014-06-29 19:55 - 2014-06-29 19:55 - 00081408 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
2014-11-03 02:23 - 2014-11-03 02:23 - 00143360 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
2014-06-18 20:22 - 2014-06-18 20:22 - 02177405 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\drivers\libntgr_api.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00072192 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00074240 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00136704 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00219648 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\access\libdshow_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00049664 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libaout_directx_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00051200 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\audio_output\libwaveout_plugin.dll
2012-10-15 14:28 - 2012-10-15 14:28 - 00070144 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\plugins\video_output\libdirectx_plugin.dll
2013-09-28 19:13 - 2013-09-28 19:13 - 00040960 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\printsupport\windowsprintersupport.dll
2014-11-05 01:59 - 2014-11-05 01:59 - 00642048 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_Update.dll
2014-11-05 02:01 - 2014-11-05 02:01 - 00458752 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
2014-06-29 20:33 - 2014-06-29 20:33 - 00046080 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
2014-09-04 00:00 - 2014-09-04 00:00 - 00066560 _____ () C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-2485085295-3017701738-1666250531-500 - Administrator - Disabled)
Guest (S-1-5-21-2485085295-3017701738-1666250531-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2485085295-3017701738-1666250531-1002 - Limited - Enabled)
owner (S-1-5-21-2485085295-3017701738-1666250531-1000 - Administrator - Enabled) => C:\Users\owner

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/16/2015 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 05:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 06:49:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 07:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 06:55:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 14dc

Start Time: 01d0305d17c5ddf8

Termination Time: 15

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/14/2015 06:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 10:39:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: N360.exe, version: 12.11.4.4, time stamp: 0x53f531a0
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7
Exception code: 0xc0000374
Fault offset: 0x000ce753
Faulting process id: 0x7dc
Faulting application start time: 0xN360.exe0
Faulting application path: N360.exe1
Faulting module path: N360.exe2
Report Id: N360.exe3

Error: (01/10/2015 00:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/16/2015 05:37:27 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/16/2015 05:06:55 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/15/2015 10:29:04 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d45\??\C:\System Volume Information\Syscache.hve

Error: (01/15/2015 06:50:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/15/2015 06:49:10 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000000a (0xfffffa801e937178, 0x0000000000000002, 0x0000000000000001, 0xfffff80002e88fe5)C:\windows\MEMORY.DMP011515-30576-01

Error: (01/15/2015 06:48:38 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:15:30 AM on ‎1/‎15/‎2015 was unexpected.

Error: (01/14/2015 07:47:48 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/14/2015 07:45:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/14/2015 06:49:35 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/14/2015 02:34:36 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {FE9617F6-E606-42AA-BECC-0E9CDA246D63}

Microsoft Office Sessions:
=========================
Error: (01/16/2015 05:36:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/16/2015 05:05:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 06:49:32 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 07:46:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 06:55:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.1749614dc01d0305d17c5ddf815C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (01/14/2015 06:48:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 10:39:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:50:08 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:47:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: N360.exe12.11.4.453f531a0ntdll.dll6.1.7601.18247521ea8e7c0000374000ce7537dc01d02d0462d5395eC:\Program Files (x86)\Norton 360\Engine\21.6.0.32\N360.exeC:\windows\SysWOW64\ntdll.dll5824b17d-99c2-11e4-be33-b870f4d9503a

Error: (01/10/2015 00:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: Intel® Core i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 38%
Total physical RAM: 6050.69 MB
Available physical RAM: 3748.63 MB
Total Pagefile: 12099.57 MB
Available Pagefile: 9432.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (TI106230W0C) (Fixed) (Total:579.61 GB) (Free:500.85 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4FE3BE95)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End Of Log ============================

TDSSKiller.3.0.0.42_16.01.2015_18.13.34_log.txt

Link to post
Share on other sites

Hi Jeremy, 

 

Please do the following.

 

STEP 1
xlK5Hdb.png Farbar Recovery Scan Tool (FRST) Script

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire contents of the codebox below and paste into the Notepad document.
    startCreateRestorePoint:CloseProcesses:HKLM\...\Run: [] => [X]HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No PathCHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path2015-01-15 22:00 - 2015-01-15 22:00 - 00000000 ____D () C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667}2015-01-11 18:30 - 2015-01-11 18:30 - 00000000 ____D () C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806}2012-01-22 13:19 - 2012-01-22 13:19 - 0000017 ____H () C:\Users\owner\AppData\Local\19720201.datCustomCLSID: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?CMD: ipconfig /flushdnsCMD: netsh winsock reset allCMD: netsh int ipv4 resetCMD: netsh int ipv6 resetEmptyTemp:end
  • Click FileSave As and type fixlist.txt as the File Name
  • Important: The file must be saved in the same location as FRST64.exe. 

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

  • Right-Click FRST64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Fix.
  • A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
9SN2ePL.png ComboFix

  • Note: Please read through these instructions before running ComboFix. 
  • Please download ComboFix and save the file to your Desktop. << Important!
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click ComboFix.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
     
  • Allow ComboFix to complete it's removal routine (please refer to Important Notes:).
  • Upon completion, a log (ComboFix.txt) will be created in the root directory (C:\). Copy the contents of the log and paste in your next reply.
  • Re-enable your anti-virus software.
     

Important Notes:

  • Do NOT mouse click ComboFix's window whilst it is running. This may cause the programme to stall.
  • Do NOT use your computer whilst ComboFix is running.
  • Your Desktop/taskbar may disappear whilst ComboFix is running; this is normal.
     
  • If you get the message Illegal operation attempted on registry key that has been marked for deletion please reboot your computer.
  • ComboFix will disconnect your machine from the Internet as soon as it starts.
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If you are unable to access the Internet after running ComboFix, please reboot your computer. 
     

STEP 3
BY4dvz9.png AdwCleaner

  • Please download AdwCleaner and save the file to your Desktop.
  • Right-Click AdwCleaner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts. 
  • Click Scan
  • Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate. 
  • Ensure anything you know to be legitimate does not have a checkmark, and click Clean
  • Follow the prompts and allow your computer to reboot
  • After rebooting, a log (AdwCleaner[s0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
 

STEP 4
E3feWj5.png Junkware Removal Tool (JRT)

  • Please download Junkware Removal Tool and save the file to your Desktop.
  • Create a System Restore Point. For instructions, please refer to the following link (W7).
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Right-Click JRT.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Follow the prompts and allow the scan to run uninterrupted. 
  • Upon completion, a log (JRT.txt) will open on your desktop.
  • Re-enable your anti-virus software.
  • Copy the contents of JRT.txt and paste in your next reply.
     

======================================================

STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • Fixlog.txt
  • ComboFix.txt
  • AdwCleaner[s0].txt
  • JRT.txt
Link to post
Share on other sites

Ok here are the next steps per your request:

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015
Ran by owner at 2015-01-17 13:13:25 Run:1
Running from C:\Users\owner\Desktop
Loaded Profiles: owner (Available profiles: owner)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
SearchScopes: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.se...t=kwd&qsrc=2869
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
2015-01-15 22:00 - 2015-01-15 22:00 - 00000000 ____D () C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667}
2015-01-11 18:30 - 2015-01-11 18:30 - 00000000 ____D () C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806}
2012-01-22 13:19 - 2012-01-22 13:19 - 0000017 ____H () C:\Users\owner\AppData\Local\19720201.dat
CustomCLSID: HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKU\S-1-5-21-2485085295-3017701738-1666250531-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => Key deleted successfully.
HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => Key not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
C:\Users\owner\AppData\Local\{B8678203-1CBE-4079-9987-3513B8F06667} => Moved successfully.
C:\Users\owner\AppData\Local\{1E08B0CC-F288-4211-ABC4-A79446520806} => Moved successfully.
C:\Users\owner\AppData\Local\19720201.dat => Moved successfully.
HKU\S-1-5-21-2485085295-3017701738-1666250531-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} => Key not found.

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset all =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Reseting Global, OK!
Reseting Interface, OK!
Reseting Unicast Address, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

EmptyTemp: => Removed 53.9 MB temporary data.

The system needed a reboot.

==== End of Fixlog 13:15:10 ====

 

 

ComboFix:

 

 

ComboFix 15-01-08.01 - owner 01/17/2015  13:43:55.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.6051.4011 [GMT -6:00]
Running from: c:\users\owner\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton 360 Premier Edition *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton 360 Premier Edition *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\windows\msdownld.tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-12-17 to 2015-01-17  )))))))))))))))))))))))))))))))
.
.
2015-01-17 19:55 . 2015-01-17 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-01-17 00:06 . 2015-01-17 19:15 -------- d-----w- C:\FRST
2015-01-02 04:32 . 2015-01-02 04:32 -------- d-----w- c:\programdata\SMR430
2014-12-30 05:28 . 2015-01-02 04:34 -------- d-----w- C:\NPE
2014-12-30 05:26 . 2015-01-02 04:38 -------- d-----w- c:\users\owner\AppData\Local\NPE
2014-12-24 00:28 . 2014-12-24 00:28 -------- d-----w- C:\LocalStorage
2014-12-24 00:26 . 2013-10-21 16:39 34808 ----a-w- c:\windows\SysWow64\drivers\InstallSadpNpfApp.exe
2014-12-24 00:26 . 2012-07-02 16:49 35344 ----a-w- c:\windows\SysWow64\drivers\sadp_npf64.sys
2014-12-24 00:26 . 2012-07-02 16:49 35088 ----a-w- c:\windows\SysWow64\drivers\sadp_npf.sys
2014-12-24 00:26 . 2014-12-24 00:26 -------- d-----w- c:\program files\SwannView Plus
2014-12-19 03:16 . 2014-12-13 05:09 144384 ----a-w- c:\windows\system32\ieUnatt.exe
2014-12-19 03:16 . 2014-12-13 03:33 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-01-17 19:58 . 2014-06-14 02:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-01-15 00:53 . 2012-01-02 20:55 113365784 ----a-w- c:\windows\system32\MRT.exe
2015-01-14 08:34 . 2012-04-04 23:36 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 08:34 . 2011-07-27 07:11 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-04 02:50 . 2014-12-10 01:32 413184 ----a-w- c:\windows\system32\generaltel.dll
2014-12-04 02:50 . 2014-12-10 01:32 741376 ----a-w- c:\windows\system32\invagent.dll
2014-12-04 02:50 . 2014-12-10 01:32 396800 ----a-w- c:\windows\system32\devinv.dll
2014-12-04 02:50 . 2014-12-10 01:32 830976 ----a-w- c:\windows\system32\appraiser.dll
2014-12-04 02:50 . 2014-12-10 01:32 227328 ----a-w- c:\windows\system32\aepdu.dll
2014-12-04 02:50 . 2014-12-10 01:32 192000 ----a-w- c:\windows\system32\aepic.dll
2014-12-04 02:44 . 2014-12-10 01:32 1083392 ----a-w- c:\windows\system32\aeinv.dll
2014-12-01 23:28 . 2014-12-10 01:32 1232040 ----a-w- c:\windows\system32\aitstatic.exe
2014-11-27 01:43 . 2014-12-10 01:31 389296 ----a-w- c:\windows\system32\iedkcs32.dll
2014-11-22 03:13 . 2014-12-10 01:31 25059840 ----a-w- c:\windows\system32\mshtml.dll
2014-11-22 03:06 . 2014-12-10 01:31 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-11-22 03:06 . 2014-12-10 01:31 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-11-22 02:50 . 2014-12-10 01:31 66560 ----a-w- c:\windows\system32\iesetup.dll
2014-11-22 02:50 . 2014-12-10 01:31 580096 ----a-w- c:\windows\system32\vbscript.dll
2014-11-22 02:49 . 2014-12-10 01:31 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-11-22 02:49 . 2014-12-10 01:31 2885120 ----a-w- c:\windows\system32\iertutil.dll
2014-11-22 02:48 . 2014-12-10 01:31 88064 ----a-w- c:\windows\system32\MshtmlDac.dll
2014-11-22 02:41 . 2014-12-10 01:31 54784 ----a-w- c:\windows\system32\jsproxy.dll
2014-11-22 02:40 . 2014-12-10 01:31 34304 ----a-w- c:\windows\system32\iernonce.dll
2014-11-22 02:37 . 2014-12-10 01:31 633856 ----a-w- c:\windows\system32\ieui.dll
2014-11-22 02:35 . 2014-12-10 01:31 114688 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-11-22 02:34 . 2014-12-10 01:31 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2014-11-22 02:34 . 2014-12-10 01:31 6039552 ----a-w- c:\windows\system32\jscript9.dll
2014-11-22 02:26 . 2014-12-10 01:31 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-11-22 02:22 . 2014-12-10 01:31 490496 ----a-w- c:\windows\system32\dxtmsft.dll
2014-11-22 02:20 . 2014-12-10 01:31 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14 . 2014-12-10 01:31 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-22 02:09 . 2014-12-10 01:31 199680 ----a-w- c:\windows\system32\msrating.dll
2014-11-22 02:08 . 2014-12-10 01:31 92160 ----a-w- c:\windows\system32\mshtmled.dll
2014-11-22 02:07 . 2014-12-10 01:31 501248 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-11-22 02:07 . 2014-12-10 01:31 62464 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-11-22 02:06 . 2014-12-10 01:31 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05 . 2014-12-10 01:31 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2014-11-22 02:05 . 2014-12-10 01:31 316928 ----a-w- c:\windows\system32\dxtrans.dll
2014-11-22 01:54 . 2014-12-10 01:31 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:49 . 2014-12-10 01:31 718848 ----a-w- c:\windows\system32\ie4uinit.exe
2014-11-22 01:49 . 2014-12-10 01:31 800768 ----a-w- c:\windows\system32\msfeeds.dll
2014-11-22 01:47 . 2014-12-10 01:31 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2014-11-22 01:46 . 2014-12-10 01:31 2125312 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-22 01:43 . 2014-12-10 01:31 14412800 ----a-w- c:\windows\system32\ieframe.dll
2014-11-22 01:40 . 2014-12-10 01:31 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29 . 2014-12-10 01:31 4299264 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-11-22 01:28 . 2014-12-10 01:31 2358272 ----a-w- c:\windows\system32\wininet.dll
2014-11-22 01:22 . 2014-12-10 01:31 2052096 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21 . 2014-12-10 01:31 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:15 . 2014-12-10 01:31 1548288 ----a-w- c:\windows\system32\urlmon.dll
2014-11-22 01:03 . 2014-12-10 01:31 800768 ----a-w- c:\windows\system32\ieapfltr.dll
2014-11-22 01:00 . 2014-12-10 01:31 1888256 ----a-w- c:\windows\SysWow64\wininet.dll
2014-11-21 12:14 . 2014-06-14 02:25 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-11-21 12:14 . 2014-06-14 02:25 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-11-21 12:14 . 2012-09-17 03:13 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-11-20 01:17 . 2014-11-20 01:17 369168 ----a-w- c:\windows\system32\wpcap.dll
2014-11-20 01:17 . 2014-11-20 01:17 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2014-11-20 01:17 . 2014-11-20 01:17 106000 ----a-w- c:\windows\system32\packet.dll
2014-11-11 03:09 . 2014-12-10 01:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-11-11 03:08 . 2014-11-20 06:29 241152 ----a-w- c:\windows\system32\pku2u.dll
2014-11-11 03:08 . 2014-11-20 06:29 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-11-11 02:44 . 2014-12-10 01:32 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44 . 2014-11-20 06:29 186880 ----a-w- c:\windows\SysWow64\pku2u.dll
2014-11-11 02:44 . 2014-11-20 06:29 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-11-11 01:46 . 2014-12-10 01:30 119296 ----a-w- c:\windows\system32\drivers\tdx.sys
2014-11-08 03:16 . 2014-12-10 01:30 2048 ----a-w- c:\windows\system32\tzres.dll
2014-11-08 02:45 . 2014-12-10 01:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-10-30 02:03 . 2014-12-10 01:30 165888 ----a-w- c:\windows\system32\charmap.exe
2014-10-30 01:45 . 2014-12-10 01:30 155136 ----a-w- c:\windows\SysWow64\charmap.exe
2014-10-25 01:57 . 2014-11-12 01:45 77824 ----a-w- c:\windows\system32\packager.dll
2014-10-25 01:32 . 2014-11-12 01:45 67584 ----a-w- c:\windows\SysWow64\packager.dll
2010-08-21 05:33 . 2010-08-21 05:33 530432 ----a-w- c:\program files (x86)\Common Files\comctl32.dll
2009-07-14 01:15 . 2009-07-14 01:15 486912 ----a-w- c:\program files (x86)\Common Files\comdlg32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2014-11-06 602880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-07-12 1298816]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe "c:\programdata\Best Buy pc app\Best Buy pc app.application" [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys;c:\program files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20150116.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 N360;Norton 360;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S2 SADP_NPF;Sadp Driver (SADP_NPF);c:\windows\SysWOW64\drivers\sadp_npf64.sys;c:\windows\SysWOW64\drivers\sadp_npf64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2015-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 08:34]
.
2015-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 22:41]
.
2015-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-28 22:41]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.6.0.32;c:\program files (x86)\Norton 360\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2015-01-17  14:12:02 - machine was rebooted
ComboFix-quarantined-files.txt  2015-01-17 20:11
.
Pre-Run: 537,693,593,600 bytes free
Post-Run: 536,949,751,808 bytes free
.
- - End Of File - - 6A92660912407B4B9460A5D912648241

 

 

AdwCleaner:

 

# AdwCleaner v4.108 - Report created 17/01/2015 at 14:32:16
# Updated 17/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : owner - SONNIER
# Running from : C:\Users\owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

*************************

AdwCleaner[R0].txt - [706 octets] - [17/01/2015 14:22:11]
AdwCleaner[s0].txt - [628 octets] - [17/01/2015 14:32:16]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [687 octets] ##########

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by owner on Sat 01/17/2015 at 15:06:15.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\Users\owner\appdata\local\best buy pc app"
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0036F699-01AC-4712-83E1-936724953325}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0040E385-B6B9-4BD8-A4C0-9F224604D5DF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{01637B23-09C6-4EF6-8B03-DE39FFD24522}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{01CAE49C-23AF-434B-86D1-DFFFC4381130}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{033392BD-EB88-4513-A0AC-42298A435DB5}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{03677033-827C-464F-85F3-B4B5937A436F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{04583546-749B-44C0-B23A-27F41085C6F4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{04678191-F3CA-45B6-973F-9C39BC111429}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{04C5C790-38A2-4DF6-807B-04CD6E36D264}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{051DB0B8-B73C-4932-A1CF-68EB0B7D29FF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{08783646-F8AB-4904-B71D-D15960EED99B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0999F428-0BE5-444F-9D98-E674B979F44A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0A527807-1982-4CB7-98BD-45BEE967C59C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0B370FFD-99D5-4997-9E2C-75FACB9BF44A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0C0D00B3-EE1D-4CB0-A769-8D70A2B1EF17}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0C57C668-57EE-4F19-948E-F558004F11B2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0C9BFF96-0CC3-49B3-8B57-39D39A91CADD}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0E555C02-2F88-495C-801B-098C4AC17B80}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0F2F7C02-A614-403B-B30E-27C4D4A13096}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0F79365B-FA7A-4F0D-A634-B9C05E913D5F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{0FFE073C-C2DB-4A79-B5BF-71D6CD18A279}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{10BC5CB9-A0F3-4EC3-A0F0-DD3B4ACF87A4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{11613027-D121-44C5-AF72-60861446049D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{12193DF3-1314-40E4-B124-142D8E5846B8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1261EC15-48F9-4EDB-9D82-7BAF45C24408}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1266F087-65DE-4A15-83D3-45267D7BB251}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{12A65C61-24D7-4E23-946F-B2C96CE0D966}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{131CD5EE-9868-480E-8CE2-003DB5D17E4D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{141E4AB9-65DF-4158-B1EB-786A5C5D4731}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{143072C6-35A8-4D69-BD9A-5C4409632291}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{166631DC-5E00-4B72-A7E2-9D2D998281F4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{16780E34-DEA5-4831-9AD8-F5B662D0E257}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1758321E-4F76-4A8D-BB77-88E4D31C9D73}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{175CEC0A-CE43-4C8F-AB07-E801BEE617BB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{18455982-A46B-4087-9F58-5C1A4526699A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{18CA61F2-92B7-4C81-AD13-B05EB2C6F0B8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{18F9A01C-120E-4997-8BBF-00FA5C0D02A7}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1AA6DA30-E699-436A-A82C-4556E43D9E07}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1C25F027-071F-4B87-9814-0DCA0B9EF05C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1E3EA296-F8F6-416F-8E77-49A212185DF4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{1EB9C0C3-3CD9-466F-95EF-DA1DB1706388}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{212C13D5-54B3-47E4-9819-16D33D274E99}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{21543B25-47DD-4107-B3C5-6AB9FBCEB3EF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2177F158-B5FA-40B2-838D-6C3E0C509E0E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{218568A0-9ED3-4C7C-A79B-022040932746}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{237D50D8-5761-43CA-9BAB-C3A99AA39AFB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{23BEEB3B-64B6-43B6-81B2-128641BB9C2C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{27C3AFA3-37EF-40EF-8C50-E92840E1F5E9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28204948-AA0E-447F-9AFB-ACF335740C1A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28529FD3-2813-46AE-A1ED-FF8A23D08F7A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{287D0AA6-856C-4B5C-9818-23D2DC7DB3F6}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28A2AFB0-089D-472E-8B6A-5EFC5537CA24}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{28E86F72-43F3-414A-8665-970F3E4F39DC}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{295EE394-7E9F-4D44-AA0F-78A62B2FF3C0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{29E63EE6-2495-48B8-9D77-C9A95EDBF2B8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2A360E00-B25A-4986-BC6E-814DA4B1AC64}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2A5D56BE-2435-4DE5-9DF7-BBA69B5A02DA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2A6CCC62-0394-4114-A3BC-742C07C15269}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2B2C2605-59D7-4206-B85A-F22E8ECE2F51}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2BDF0EB6-955C-4027-A6C5-F45A2C6DDD3F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2BE700CD-4A4B-41C2-80C1-BA8B69A287D2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2C57A2A4-3616-4C07-ACC4-671856064128}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2D64FC22-8757-433F-ACD8-19545B232C37}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{2E533B90-85BC-4311-823B-04E35DB2283A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{302EB446-DD58-4799-9042-08D699010061}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{34300467-0B64-43C2-B6D4-FB367E470678}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{34B3B5BB-9058-4E07-B9DC-1468BBA6FE47}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{351017EB-DD48-4F03-BB52-CCFF450C9368}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{36633CED-9602-4D40-8822-43F76F50E3F0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{36F3B961-A502-45FC-9AB0-FD3A5A3BC217}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{37B31CE9-AE66-458E-96BA-0108D4FF57F4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3885E606-A7B6-4CF2-B879-9302444C738F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{38A90F99-8EE5-48FF-B3AD-1281E5F92920}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{38BEC6C8-C6C2-41C4-B0E7-30D42782F801}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{39F8D5BA-2BC9-481E-88BF-6AA2B53BD56A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3A87CD51-11A8-4961-A4DC-5B4BDF4C5054}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3A8AA0BB-E073-44BD-AE1A-FC6E63BC5EFD}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3AAE4D68-532C-456A-99C2-D308B41664D9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3AF590F5-9296-48BB-B46A-F68863DC89AC}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3B45F0CE-FED7-4566-9F52-33CD8E6EAE3C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3B6D5F7A-D204-492B-AF26-28E54AEA7C20}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3CD6C051-7A45-444A-9AFB-7589720095B3}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3D9B842C-8A8F-463B-A13F-5CCE6E2E244F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3DD415E3-CAC0-4CB6-905B-B8FCA7B116BD}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3F614A39-780D-420E-88AD-F75C1F6F3BDA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{3F737CF3-6CCF-4CD2-B836-DD8A9C24D8E8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{40080FBD-4CCF-496E-9754-49A026B3AB49}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{400DD77E-0492-43E8-B6DF-AED4DC864E56}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{404AB243-60B6-4DB0-A7E7-5C53BCC23D91}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4170E80E-E459-4CD5-BED0-9FB8E4E97F63}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{432F1F58-B590-4B42-BDAB-B61312862330}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{442040D1-CD3C-4535-8EF0-B779E53C67C0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{46CFF9F0-7EBF-49CB-9C6B-9DD4A8C03CB0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{47B5205C-5355-4198-B931-6426F09B76A9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4948F7B9-6726-46FA-92DF-C1A61205DC43}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4A5E4544-0B9A-46EA-B10D-D4A63A871649}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4DDC5D13-4296-4E83-9A60-4AC736E56A09}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{4E2DB701-FC22-4BAD-82C9-D8DD6B04D9AF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{50D467CE-F7A6-48BD-BFB7-F57F1C12C25E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{51BA2605-F7FC-449F-B2E9-B83BB52D2314}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{520D7206-0C4B-4F21-A0F6-125EEC999750}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{539F067F-4F71-45BC-BF2A-F16333AE41A3}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{53CDDC86-F9E3-4B91-B781-873388396472}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{542AF7D1-C855-40D8-A055-54001A4CD60E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{548CAC0C-E59F-4CE2-952D-42C97D277BF8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{54E6728E-02D9-4485-BB56-4433FAEF71DB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{55DD9FE5-F65D-4BC3-8503-4DC955A37AC2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{56D53A1D-87FD-4AC1-9F74-052CD8BF9E28}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{57DD1A76-E17B-4FB7-9CCE-E4E004081FBA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{582D5238-66AA-4482-9927-D28C72351BAF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{59F500FA-9899-4374-B45C-2AE1CEE85D04}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{59FBC708-7BBE-41C9-8597-94A3F4439ABC}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5A9BFCF5-0AC6-4404-9BD8-C1E4FB2176A0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5AEB9CCC-4458-4EBA-AFF7-B26DF6B09305}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5B1D8AEC-15C2-47A6-8C66-BEBA630AEAAF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5BD3D8C5-6781-4587-9D9A-5C108BDC189E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5CE2EE93-5472-43C2-9492-BA7149D649EA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5E4C0704-862A-488F-98CF-4003F1D0E7C9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5F231FAB-D47B-478E-BB85-60978DEBCD75}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{5FC7066F-7A55-4E0E-8C37-61C6F5190223}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{61E7BE34-46AD-4355-86FC-FE7B8220A2A6}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{61EE2E4D-4FC5-4874-A311-B2D3C3BBF22C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{622FC696-B480-4FC9-B16B-CA7EC3D02429}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{63BC9088-9B88-478D-BD0D-1389696332CB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{65D95C8E-CEDB-4366-A57E-8542CA93F498}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{665E2E09-C22C-4CFF-9010-9EF9C475C942}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{681F2DEE-1BC6-408B-9113-7E10573D3D7E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6855E796-26B3-4962-9169-164CB4BB774F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6900255D-41D9-4AE1-BDDD-7711FF1BB6A6}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6919845E-25F4-4173-B4FC-A422479E2EA4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{69265F43-9454-48CB-8A6E-C1F93C598C51}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{69A4A029-FC19-4680-9B89-90C661A5F1F6}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6A215270-9009-43D6-9268-D5841A231A7D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6B180E14-F99B-41F9-832D-ABAE07ACB85D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6B3E25F9-3E6A-4EED-953B-2E7C819CB945}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6BA0014A-0C3D-459C-B2CF-B00A38CD68A8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6BBEA172-C3CE-4BFB-B440-B08146AA89A5}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6C31E3C1-A075-4C53-B04C-3AE44F7CE399}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6C45F7C5-F302-4BB9-88DC-5042C1D84DBD}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6CB9CE1D-A132-42FD-BF6B-7804E9230544}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6D1DF47F-4356-4EBD-8AC1-AF88B49DB4C0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6D53BBEC-6B8D-46EE-BE44-6E6601096E61}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6E23F2B7-4869-40B8-8FA7-8975B6F91C2E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{6FC5D534-F3DA-43E9-9FBC-890A217858E5}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{704B1FF9-CAD6-4CCF-8F3B-1C320FD171FC}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{70B2F660-1D6C-4068-B761-0206F334C53D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{70BBD47F-CF25-40B2-859A-22C4FF711C10}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{73261FF4-E134-4241-888C-D5F0CE1E7DE7}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{73532D3A-F8E9-4FF5-B979-6973FE9CE6A9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{73C88AC4-0215-4275-B670-F4FA555DBFEA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7587E8EE-060B-4504-ACB1-DB99A4C36E8C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{763B8FA5-04B1-4E82-927C-C7571AEFD2A9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{763CCEA2-CB2E-4166-ADC6-1F42740108CF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{77BBCCFF-29EA-40E8-B201-09A5BF397406}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7995FE65-D368-4921-B055-2E203BB33F46}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7A02FF9F-CE74-40DD-9AB4-C3F4A2C8F8F9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7A0D4A88-80B9-42F3-85EA-24DE49CAAC43}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7AAAED59-2BCA-45CF-A428-8694D4E8485F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7B813099-E5EC-4CD0-9F73-592A51DF752C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7C4BBF4B-01E9-41C0-8644-9F0DB193C96B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7C78525D-245E-4C19-9FE8-B234A0070B8C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7CC90395-FA33-48A6-93E2-88CB00B9994C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7E868932-2376-475B-B37B-77D295DD8CFA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{7FD7D303-797B-434D-AAE8-535C8AA9EAA9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{809175F7-9E5A-4F7E-9343-680BB9D4BE56}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{814BD2B4-7B85-4E33-827D-C2CAF7DEFEA4}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{82295A12-396A-44AA-8729-A19609CEA094}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{82CD70F8-5010-457D-B777-D790F1AEB4F0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{82D1EE6C-BCD5-4969-9987-EED2F5A2FB1E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8305F39C-33F6-461A-9FE2-07EFB7930A4A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{832EC801-98BF-4D84-8D4B-5FDF12D87C90}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{832F6DC6-8E84-4388-84F5-E8CC47729B78}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{833EF53F-76B5-4FA6-AEA5-0C648B8DF178}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{85716B05-DE14-4C5E-A3BE-9B75D5CCED68}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8629D3C2-05EC-4A41-BDFC-E11D72E8E1AB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{87940ED9-72B3-4549-9F0F-5BA8FB3DA790}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{88360286-83BC-4748-AC81-B42F316F667C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{88EFC75A-370F-4379-90E6-F58EDA51A8A1}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8A107ADD-3A23-4F21-82F2-718BA4FD1EB7}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8A3309A6-096D-4CC9-A3C4-9F7E577693F5}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8B643A89-0174-43D8-A973-203A2332AFB2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8BD22B80-9549-46F6-8676-0273EC1EEA52}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8C317A75-C21A-4714-BE62-FB401CCF8E48}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8C94DD59-BC75-47B3-B4AB-A0593A278B0D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8F7252C8-AFAD-41D9-9488-BC9A7AD081E9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{8F9C6993-481C-4305-A31D-868260D2B618}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{91BD3E1D-7645-4CEF-9497-2218A7DAC20A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9306D461-9582-442C-8F22-DE02E721236A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{933F2A92-6C5F-4F3A-884D-FB943287993E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{93BF7B9F-2F89-4ABA-94F0-37A7F3E10FFB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{950D9A57-59AF-436F-8A5C-E1EF9C106027}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{956B1718-3201-4895-B707-1D710816BA17}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{97C6C1B0-76CC-461E-A1D8-385510FB1E74}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9933C639-7A04-4F00-B59D-D1DE66A83C71}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9948474E-A09F-4896-8609-6B0C6B3E24B3}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{999E9C9E-D576-4FDB-B510-3FD601A6C405}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{99BDED72-555E-4A6C-856F-FC33D9A5818D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9AF745E6-FC25-4C55-AA8E-B959B0802F4B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9D48F677-BE34-4BC9-8AD0-FADBA3CA277F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{9D55EC3F-EEC5-483B-B458-99A2FBEA9387}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A03A1E77-B01A-413A-9BE6-E1927EC0384B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A1F5AEA9-245C-41D0-98F6-067D9E6F5CAF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A220171C-B9AA-455C-AF9C-8B5E2EFF9819}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A2995728-D910-4617-9423-5EB0A29C0BF1}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A2B5B3C5-2FFB-47AD-97C7-64EAB5A5AB8B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A2EB2E12-E544-41C6-84D8-5E433856AB5B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A3AA1482-1C27-4392-B28E-6213E300AE8B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A415433C-5477-4A3B-9A44-C978E1369AC7}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A430C18F-256E-47A6-8FC8-6D6DC8381EE6}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A4B52E9F-00CF-4C7B-A211-0A40AD365017}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A4D05C37-3D85-4873-9C61-AC40063ADF4A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A4E17A13-8FB9-40E9-B78D-282AB8ECC6B1}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A64BB64F-D25B-477F-BF00-22261EAD46AF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A72DAAFC-95A4-40DD-AB38-C69615E4E2E8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A7B0C29F-B407-48E5-8A1B-53B9229B5CF2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A8D2148E-E193-4825-AEC9-20FC47886BB2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{A9F56199-FD13-4D3E-8EDD-951225E8ACE6}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AAC53A54-BFD7-4875-BB31-3BB8B9EE3DFB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AAF13611-16DB-4FB4-901F-D83848B94B90}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AB99D950-778E-4F8A-B80C-9809B34493C9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AC83167D-33FD-4867-99E3-42963B2FDB50}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AC886539-0877-4060-AAC1-C57F1FFBA58C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AC8CD5E6-BE27-4AE6-AB17-AE2C304EB812}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{ACAF7CDE-BA1D-490E-8E99-AD8702B42C36}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{AD326B19-E982-428E-BDA3-8C87A211E36D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B08FF9C5-7F28-4BC3-9785-DAC56B6B44BD}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B1C48FF5-BF86-406F-9C1B-7D520C8F48DA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B236A92B-25E1-49AB-B271-38377F73D2E2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B363F0E6-63BD-450C-B001-C9E03747F667}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B427F47F-D34A-4D5D-8C42-657303A17EEE}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B544F982-3CE8-4A8A-B3E5-6DBE2DA254B5}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B5508769-CF78-4784-8CDC-5439E115C00D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B6601802-F7CE-44B4-9F18-95BCC71134E9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B660FD29-E4C1-40A6-86DF-FFDDDB55461D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{B7CCCCD4-A085-4E57-9B11-E8B29D15A212}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BAA325D4-3E17-4410-835A-155CBD4598B2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BC42BB5D-2A0D-4FDC-BC9E-D1BDFF976C04}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BC5BAE89-AE6E-4DEF-9B34-D62211464EDC}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BCF6D3D9-D98E-42F3-84DA-FB3D9DA6C319}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BD7E4565-BE12-4954-A44A-83EA3B852DB5}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BE10ADAE-20E1-424D-A13D-BB2FA59209EB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BE1E6736-5A42-4FDB-9BAC-DCFEBCC7E23B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BE7CE8D6-3088-410D-B145-2424D5A4A0DD}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BECB2F9F-58A6-4B99-B3F2-0CAC78987CA2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BF572A02-FD5B-4D47-A4A3-14E82E4D6C35}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BF5C0383-48D4-4A42-92FE-69A47BDD53BA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BFA7F402-D3A8-47B3-A0B7-C89D17E5D47E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{BFAE6AC6-48B9-4E74-8B45-72CB19331900}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C11573AE-C62E-4118-95ED-C06E11B20C6B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C1193DA4-707E-4EC7-BBA4-A5261FBDC275}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C1EB0423-FAFA-4589-BC3D-455C7076B940}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C21D89EC-70F9-4278-A661-8984C265F14A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C388C11D-D7F0-4056-845B-A913985D2391}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C4E02959-6C1F-4C5B-86E0-0538C559644A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C5771727-E9F5-4DE0-8374-176328E13815}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C5B41C18-1261-46DE-B503-5721711516FD}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C5B651C6-BFD6-44FD-AB87-EAD708EC2716}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C6047521-69CC-4378-9D54-5D781F179917}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C66A2A12-B076-4953-AC8F-943CC72BA3A9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C7995446-0688-4520-BF07-7D0CB76354CB}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C80332C5-D001-44DB-88DC-B42A9830CD10}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{C8A91CFB-DBC3-41BE-B262-F26395E1D960}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{CAF26FDF-2A4D-4709-86EF-5283902316DE}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{CF09E833-B67C-48E4-B46E-00C30E1CEC74}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D0179D55-6891-4A35-99F3-062ADD4CBA25}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D179CBEF-B853-4C2C-BEB9-8FC5B801D855}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D1B04BD0-30D2-4867-ADD7-5D1096320A98}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D23CB6D3-54A0-4D5A-BF1D-22EE32389E0C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D2E47C59-5C39-42EE-93FC-72AEA37BD8A3}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D3E03CF8-7177-4C46-8D38-8FD38840F2F3}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D7412AD5-598D-4D9E-A5A6-BE764D064A39}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D8E3AF4C-0960-4DCB-9956-0499F4215886}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{D924923C-49D8-4903-AAFE-380CE3B09C33}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DE66D9CC-A750-4DB1-854E-C68FDB370EC0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DF092280-E254-4447-B6F4-D0166848D254}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DF348699-4F59-4DDE-9B94-D13160CCA208}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{DFB0F169-AFA4-4313-A2FD-2012FB2E9F08}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E18FFEDE-76B0-4068-8E45-FA9297EB3558}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E1FED2DE-5572-4C17-BC79-03D03693E082}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E5A14973-AF21-4CF4-9EC4-4817BAAE1145}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E6D88542-AD84-4DBD-8CBD-A90D2F7FF582}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E7D5EFBB-422D-4093-A3E1-571387E0F2BF}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E8226253-8585-4601-90BA-1C010539E1FA}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E85E5589-E70E-44DD-8287-0C1AAB1ACFA8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E9F5ECA0-2742-4912-A265-36781391C373}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{E9F5EF8C-7C75-41E9-8190-698A1451745F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EA2B1853-3F2B-474B-BC52-17D8D99238F7}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EA7DDC6A-D4CB-4008-9479-955D0C334231}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EB237E09-45D8-4390-85F6-E00B8D4E62B9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EB2C8807-A0E7-47E5-BC32-B32167F4A52D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EC328F42-2270-4CF1-9079-CEF5968EB34A}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EC8E726D-9552-4C11-8560-393627801B41}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EDD6A4A9-277D-4E41-A32F-87AF0BE3C85F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EDFFE151-DDF9-4A34-9D0D-A8C094382129}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EE222FD6-7210-450C-A1F5-9368E75ED93B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EE388A7A-AC67-479C-B622-976D7C20C52D}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EEF50D63-7227-48F2-AC1D-D91F632FA9C0}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{EFEE0BC1-14C5-4F7F-AD08-77A7F393CB79}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F036E26C-9E29-476E-8A95-511D7989E40E}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F092B6DA-164F-4AE5-8A97-BDC59D827A1C}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F339D18A-217B-4512-B16D-36E7742CAA80}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F37D779A-C4B4-4A38-AC21-D197FE937A01}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F528CF6B-BDCF-46BA-81C4-070B1491B7CE}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F56D368F-54D7-4A9B-82F5-4FA5E255D8B8}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F58A7F29-B505-4C40-BE92-C5D1C2627B33}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F5CEDF28-40F4-452D-B9F3-1B4932E7AE10}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F6C116BB-C283-4C8B-9992-4F51C73DDA5B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F7A14FB9-4D24-4B17-A162-701671757997}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F84DDFEA-941D-4999-A4A0-90C492AD2BF2}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F8910B2A-2E1A-4DD3-9331-CE88A5DB9A9F}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{F93C6CAD-F158-4B34-BA9C-4BED79ECAB66}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FB2AC191-389D-4294-8237-5B3F10F62A9B}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FCE24BA5-7EC5-4CAC-99E5-1274F858C7A1}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FDEE6B1E-8240-490A-8766-C04E457139F9}
Successfully deleted: [Empty Folder] C:\Users\owner\appdata\local\{FF79BBA8-DF23-4CAD-B49F-91F78E771083}

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 01/17/2015 at 15:10:08.20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Link to post
Share on other sites

Hi Jeremy
 
Please let me know how your PC is performing after completing the steps below. Are there any outstanding issues?
 
STEP 1
mlEX1wH.png RogueKiller

  • Please download RogueKiller (x64) and save the file to your Desktop.
  • Close any running programmes.
  • Right-Click RogueKiller.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Allow the Prescan to complete. Upon completion, a window will open. Click Accept.
  • A browser window may open. Close the browser window.
  • Click jpgUwzp.png. Upon completion, click phPvmc6.png.
  • Close the programme. Do not fix anything!
  • A log (RKreport.txt) will be open. Copy the contents of the log and paste in your next reply.
     

STEP 2
GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

  • Please download ESET Online Scan and save the file to your Desktop.
  • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
  • Double-click esetsmartinstaller_enu.exe to run the programme. 
  • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
  • Agree to the Terms of Use once more and click Start. Allow components to download.
  • Place a checkmark next to Enable detection of potentially unwanted applications.
  • Click Advanced settings. Place a checkmark next to:
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ensure Remove found threats is unchecked.
  • Click Start.
  • Wait for the scan to finish. Please be patient as this can take some time.
  • Upon completion, click esetListThreats.png. If no threats were found, skip the next two bullet points. 
  • Click esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
  • Push the Back button.
  • Place a checkmark next to xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
  • Re-enable your anti-virus software.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • RKreport.txt
  • ESET Online Scan log
  • Are there any outstanding issues?
Link to post
Share on other sites

I have not seen MB and Norton pop back up blocking the zbot or the website that was getting "contacted".....

 

Ok, ran the last 2 programs and the last one Eset did not give me a report. On the finish screen it did say "0 infected files"....here is the log for Rougekiller.

 

RougeKiller:

 

RogueKiller V10.1.2.0 (x64) [Jan  7 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : owner [Administrator]
Mode : Scan -- Date : 01/18/2015  19:38:53

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 22 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 2  -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2485085295-3017701738-1666250531-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[suspicious.Path][File] Best Buy pc app.lnk -- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk [LNK@] C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe "C:\ProgramData\Best Buy pc app\Best Buy pc app.application" -> Found

¤¤¤ Hosts File : 1 ¤¤¤
[C:\windows\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MK6475GSX +++++
--- User ---
[MBR] 6f9d3e58a395f50e6ff2695e646c1792
[bSP] b0c3f2bbbc0fd86d58e9605adc11f0ba : HP MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 593519 MB
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1218600960 | Size: 15460 MB
User = LL1 ... OK
User = LL2 ... OK

Link to post
Share on other sites

Hello Jeremy
 

I have not seen MB and Norton pop back up blocking the zbot or the website that was getting "contacted".....
Ok, ran the last 2 programs and the last one Eset did not give me a report. On the finish screen it did say "0 infected files"

Excellent. 
Lets update your vulnerable software to reduce the risk of reinfection. 
 
STEP 1
CXrghb6.png Update Outdated Software

Outdated software contain security risks that must be patched. Please download and install the latest version of the programmes below.

  • iTeOzi7.png Adobe Air
  • j8JVMVP.jpg Java (watch out for "Optional Offers" or bundled software)
  • u9DsAVv.png Follow these instructions to check for and download the latest Windows Updates.
     

STEP 2
EtQetiM.png Remove Outdated Software

  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search for the following programmes, right-click and click Uninstall one at a time.
  • Note: The programmes below may not be present. If this is the case, please skip to the next step.
    • Java 7 Update 65
    • JavaFX 2.1.1
  • Follow the prompts, and reboot if necessary.
     

STEP 3
zANS9oB.png Disable Java in Your Browser
Due to frequent exploits we recommend you disable Java in your browser.
For information on Java vulnerabilities, please read the following article (point #7).

  • Click the 29Fou9c.jpg Windows Start Button  and type Java Control Panel (or javacpl) in the search bar. 
  • Click on the Java Control Panel. Once opened, click the Security tab.
  • Deselect the check box for Enable Java content in the browser. This will disable the Java plug-in in the browser. 
  • Click Apply. When the AVOiBNU.jpg Windows User Account Control (UAC) appears, allow permissions to make the changes. 
  • Click OK in the Java Plug-in confirmation window.
  • Restart your browser(s) for changes to take effect.
  • More information can be found here and here.
     

STEP 4
oxliOQk.png Security Check

  • Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.
     

======================================================
 
STEP 5
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

  • checkup.txt
  • How is your computer performing? Are there any outstanding issues?
Link to post
Share on other sites

I don't think there are any outstanding issues....haven't seen the blocked website warnings since the 17th (this past Saturday).....

 

 

Ok, here is the latest text file from Security Check

 

Results of screen317's Security Check version 0.99.93 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton 360 Premier Edition  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 8 Update 25 
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.257 
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 5%
````````````````````End of Log``````````````````````

Link to post
Share on other sites

Hi Jeremy, 
 

I don't think there are any outstanding issues

Excellent!
 
Now for the good news. 
 
All Clean!
Congratulations, your computer appears clean! :)
I no longer see signs of malware on your computer, and feel satisfied that our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources and tools that you may find useful
 
My help will always be free. But if you are happy with the help provided, and would like to support my fight against malware and/or buy me a beer, please consider a donation. YSCcjW7.png
 
 
STEP 1
9SN2ePL.png ComboFix Uninstall

  • Press the Windows Key + r on your keyboard at the same time. Type the following text into the Run box:
    ComboFix /Uninstall
  • Click OK.
  • Note: It may appear as if Combofix is installing. This is not the case; the programme is uninstalling. Please do not interrupt the process.
     

STEP 2
AFZxnZc.jpg DelFix

  • Please download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
 
======================================================
 
I have compiled below a list of resources you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.

The following programmes come highly recommended in the security community.

  • xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpg AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • E8I37RF.pngCryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware. 
  • EG85Vjt.png Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpg Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • 3O8r9Uq.png Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secunia PSI will scan your computer for vulnerable software that is outdatedand automatically find the latest update for you.
  • xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.png Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

-- Please feel free to ask if you have any questions or concerns on computer security or the programmes above.
 
======================================================
 
Please confirm you have no outstanding issues, and are happy with the state of your computer. Once I have confirmation things are in order, we can wrap things up and I will close this thread. 
 
Thank you for using Malwarebytes.
 
Safe Surfing. :)    
Adam

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.