Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 8 add popups and slow laptop [Solved]


  • This topic is locked This topic is locked

#1
Onfinals

Onfinals

    Member

  • Member
  • PipPip
  • 41 posts
Seriously slow Windows 8 machine with loads of popup adds.

OTL log post :

OTL logfile created on: 12/1/2013 9:14:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Lizel\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.89 Gb Total Physical Memory | 1.79 Gb Available Physical Memory | 46.01% Memory free
12.89 Gb Paging File | 10.54 Gb Available in Paging File | 81.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 584.89 Gb Total Space | 491.98 Gb Free Space | 84.11% Space Free | Partition Type: NTFS
Drive D: | 493.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SNOEKIES | User Name: Lizel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Lizel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\loggingserver.exe ()
PRC - C:\Program Files (x86)\PasswordBox\Application\BgPageServer.exe (PasswordBox, Inc.)
PRC - C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCOPrivacyProtector.exe (USTechSupport, LLC (www.ustechsupport.com))
PRC - C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe (USTechSupport, LLC (www.ustechsupport.com))
PRC - C:\Program Files (x86)\PasswordBox\pbbtnService.exe (PasswordBox, Inc.)
PRC - C:\ProgramData\MTN Online\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
PRC - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
PRC - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69SrchMn.exe (MindSpark)
PRC - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe (COMPANYVERS_NAME)
PRC - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69brmon.exe (VER_COMPANY_NAME)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe (US Tech Support LLC)
PRC - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
PRC - C:\Windows\SysWOW64\WWAHost.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\log4cplusU.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\SiteSafety.dll ()
MOD - C:\Program Files (x86)\USTechSupport\PC Optimizer\sqlite3.dll ()
MOD - C:\Program Files (x86)\USTechSupport\PC Optimizer\asohtm.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (OfficeSvc) -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (TOSHIBA eco Utility Service) -- C:\Program Files\Toshiba\Teco\TecoService.exe (TOSHIBA Corporation)
SRV:64bit: - (THAccelSvc) -- C:\Program Files\Toshiba\HDD Accelerator\THAccelSvc.exe (TOSHIBA CORPORATION)
SRV:64bit: - (TPCHSrv) -- C:\Program Files\Toshiba\TPHM\TPCHSrv.exe (TOSHIBA Corporation)
SRV:64bit: - (TMachInfo) -- C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe (TOSHIBA Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation)
SRV:64bit: - (TODDSrv) -- C:\Windows\SysNative\TODDSrv.exe (TOSHIBA Corporation)
SRV - (vToolbarUpdater17.1.3) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe (AVG Secure Search)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (USTSPCODiskOptimizer) -- C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe (USTechSupport, LLC (www.ustechsupport.com))
SRV - (PasswordBox) -- C:\Program Files (x86)\PasswordBox\pbbtnService.exe (PasswordBox, Inc.)
SRV - (MTN Online. RunOuc) -- C:\Program Files (x86)\MTN Online\UpdateDog\ouc.exe ()
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (PackageTracer_69Service) -- C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe (COMPANYVERS_NAME)
SRV - (ssrang_supportdotcom) -- C:\Program Files (x86)\supportdotcom\rang\ssrangsv.exe (Support.com, Inc.)
SRV - (USTSScheduler) -- C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe (US Tech Support LLC)
SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (PCCUJobMgr) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe (Symantec Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (Intel® -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\Drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\Drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\Drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\Drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\Drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\Drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\Drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\Drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgwfpa) -- C:\Windows\SysNative\Drivers\avgwfpa.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\Drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\Drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\Drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (ssmirrdr) -- C:\Windows\SysNative\Drivers\ssmirrdr.sys (support.com, Inc)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (Avgboota) -- C:\Windows\SysNative\Drivers\avgboota.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\Drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RTWlanE) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\Drivers\rtwlane.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)
DRV:64bit: - (THAccel) -- C:\Windows\SysNative\Drivers\THAccel.sys (TOSHIBA CORPORATION)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Thotkey) -- C:\Windows\SysNative\Drivers\Thotkey.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\rootmdm.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (TVALZ) -- C:\Windows\SysNative\Drivers\TVALZ_O.SYS (TOSHIBA Corporation)
DRV:64bit: - (tdcmdpst) -- C:\Windows\SysNative\Drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV:64bit: - (TVALZFL) -- C:\Windows\SysNative\Drivers\TVALZFL.sys (TOSHIBA Corporation)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C63x64.sys (Qualcomm Atheros Co., Ltd.)
DRV:64bit: - (FwLnk) -- C:\Windows\SysNative\Drivers\FwLnk.sys (TOSHIBA Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (tos_sps64) -- C:\Windows\SysNative\Drivers\tos_sps64.sys (TOSHIBA Corporation)
DRV:64bit: - (RSUSBVSTOR) -- C:\Windows\SysNative\Drivers\RtsUVStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\Drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\Drivers\RimSerial_AMD64.sys (Research in Motion Ltd)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0845EB3D-1B14-4F03-B079-870CB72D54E2}
IE:64bit: - HKLM\..\SearchScopes\{0845EB3D-1B14-4F03-B079-870CB72D54E2}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0845EB3D-1B14-4F03-B079-870CB72D54E2}
IE - HKLM\..\SearchScopes\{0845EB3D-1B14-4F03-B079-870CB72D54E2}: "URL" = http://www.bing.com/...E10TR&pc=MATBJS
IE - HKLM\..\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}: "URL" = http://search.mywebs...r={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsea...CFVSe4AodZnUAfA
IE - HKCU\..\URLSearchHook: {97ef77e6-97be-4204-a890-2485903c5624} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....pr&d=2013-08-14 10:11:43&v=17.1.3.3&pid=safeguard&sg=51&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\17.1.3\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@PackageTracer_69.com/Plugin: C:\Program Files (x86)\PackageTracer_69\bar\1.bin\NP69Stub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]_69.com: C:\Program Files (x86)\PackageTracer_69\bar\1.bin [2013/06/18 07:42:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/06 08:53:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lizel\AppData\Roaming\mozilla\Extensions
[2013/09/27 01:26:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lizel\AppData\Roaming\mozilla\Firefox\Profiles\ol4ybaur.default\extensions
[2013/11/18 07:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/18 07:36:20 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (PasswordBox Helper) - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (Toolbar BHO) - {87011c4e-fcde-4476-9348-ecf16134fc1f} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll (MindSpark)
O2 - BHO: (Search Assistant BHO) - {87eab57c-d0b7-4ca9-8e26-191bfc989e26} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69SrcAs.dll (MindSpark)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\17.1.3.3\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (PackageTracer) - {ff343558-d5a5-454a-bdd8-c5c81e179fed} - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69bar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PackageTracer Home Page Guard 64 bit] C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator64.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SRS Premium Sound HD] C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe (SRS Labs, Inc.)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TecoResident] C:\Program Files\Toshiba\Teco\TecoResident.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TODDMain] C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe ()
O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TSleepSrv] C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [PackageTracer Search Scope Monitor] C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69SrchMn.exe (MindSpark)
O4 - HKLM..\Run: [PackageTracer_69 Browser Plugin Loader] C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69brmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [ShopAtHomeUpdater] C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe (ShopAtHome.com)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe (ShopAtHome.com)
O4 - HKLM..\Run: [ToshibaAppPlace] C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe (Toshiba)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\Lizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A4E30D2C-AE95-4092-AA43-5140C89F8E91}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CED9B41E-55C4-4AE6-B2C5-77E22D612566}: NameServer = 209.212.96.1 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F31363A3-F321-421D-BC6A-7B5BF98DEF68}: DhcpNameServer = 10.0.0.2
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.3\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/06 01:22:30 | 000,000,178 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1aa9ad7d-273f-11e3-bea4-008cfa387ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa9ad7d-273f-11e3-bea4-008cfa387ed2}\Shell\AutoRun\command - "" = "E:\AutoRun.exe"
O33 - MountPoints2\{1aa9adc9-273f-11e3-bea4-008cfa387ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{1aa9adc9-273f-11e3-bea4-008cfa387ed2}\Shell\AutoRun\command - "" = "E:\AutoRun.exe"
O33 - MountPoints2\{6e6f6eeb-97fa-11e2-be72-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6e6f6eeb-97fa-11e2-be72-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Msetup4.exe -- [2007/02/09 04:12:24 | 000,071,248 | R--- | M] (CANON INC.)
O33 - MountPoints2\{be29932d-0464-11e3-be99-008cfa387ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{be29932d-0464-11e3-be99-008cfa387ed2}\Shell\AutoRun\command - "" = "E:\ToolLauncher-Bootstrap.exe"
O33 - MountPoints2\{c13d318b-dde3-11e2-be8e-008cfa387ed2}\Shell - "" = AutoRun
O33 - MountPoints2\{c13d318b-dde3-11e2-be8e-008cfa387ed2}\Shell\AutoRun\command - "" = "E:\LaunchU3.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/01 21:11:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Lizel\Desktop\OTL.exe
[2013/12/01 20:31:01 | 000,000,000 | ---D | C] -- C:\windows\Repair
[2013/12/01 20:25:04 | 000,000,000 | ---D | C] -- C:\Users\Lizel\AppData\Roaming\supportdotcom
[2013/12/01 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\supportdotcom
[2013/12/01 20:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\supportdotcom
[2013/12/01 19:57:40 | 000,000,000 | ---D | C] -- C:\Users\Lizel\AppData\Roaming\USTechSupport
[2013/12/01 19:57:25 | 000,019,760 | ---- | C] (CyberDefender, (www.cyberdefender.com)) -- C:\windows\SysNative\roboot64.exe
[2013/12/01 19:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyCleanPC
[2013/12/01 19:57:15 | 000,000,000 | ---D | C] -- C:\Config.msi
[2013/12/01 19:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\USTechSupport
[2013/12/01 19:57:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\USTechSupport
[2013/12/01 19:54:03 | 000,000,000 | ---D | C] -- C:\ProgramData\USTechSupport
[2013/11/26 11:43:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PasswordBox
[2013/11/18 07:35:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/09 02:58:27 | 000,000,000 | ---D | C] -- C:\Users\Lizel\AppData\Roaming\Canon
[2013/11/07 00:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series User Registration
[2013/11/07 00:30:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2013/11/07 00:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2013/11/07 00:28:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2013/11/07 00:27:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series Manual
[2013/11/07 00:26:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2013/11/07 00:26:23 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2013/11/07 00:26:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series
[2013/11/07 00:24:45 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2013/11/07 00:23:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2013/11/06 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Lizel\AppData\Local\ElevatedDiagnostics
[2013/11/06 15:26:19 | 000,000,000 | ---D | C] -- C:\Users\Lizel\AppData\Local\DriverTuner
[2013/11/06 15:25:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2013/11/06 15:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DriverTuner
[18 C:\Users\Lizel\Documents\*.tmp files -> C:\Users\Lizel\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/01 21:11:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Lizel\Desktop\OTL.exe
[2013/12/01 19:57:42 | 000,000,472 | ---- | M] () -- C:\windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2013/12/01 19:57:22 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2013/12/01 19:57:13 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2013/12/01 19:49:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/01 08:35:17 | 3338,846,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/01 08:35:17 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/28 21:22:55 | 000,848,230 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/11/28 21:22:55 | 000,719,418 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/11/28 21:22:55 | 000,132,748 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/11/26 11:42:40 | 000,450,808 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/21 10:35:15 | 000,046,368 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2013/11/15 07:50:34 | 000,019,760 | ---- | M] (CyberDefender, (www.cyberdefender.com)) -- C:\windows\SysNative\roboot64.exe
[2013/11/07 00:31:54 | 000,002,069 | ---- | M] () -- C:\Users\Public\Desktop\Canon MX310 series User Registration.LNK
[2013/11/07 00:29:53 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\My Printer.lnk
[2013/11/07 00:29:38 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2013/11/07 00:29:25 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2013/11/07 00:28:05 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2013/11/07 00:27:17 | 000,002,348 | ---- | M] () -- C:\Users\Public\Desktop\MX310 series On-screen Manual.lnk
[2013/11/06 15:31:24 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[18 C:\Users\Lizel\Documents\*.tmp files -> C:\Users\Lizel\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/01 19:57:41 | 000,000,472 | ---- | C] () -- C:\windows\tasks\USTSPCO-USTSPCOOneClickCare.job
[2013/12/01 19:57:22 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
[2013/12/01 19:57:13 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Live PC Help.lnk
[2013/11/26 11:42:21 | 000,450,808 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/11/07 00:31:53 | 000,002,069 | ---- | C] () -- C:\Users\Public\Desktop\Canon MX310 series User Registration.LNK
[2013/11/07 00:29:52 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\My Printer.lnk
[2013/11/07 00:29:38 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu.lnk
[2013/11/07 00:29:24 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
[2013/11/07 00:28:04 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
[2013/11/07 00:27:17 | 000,002,348 | ---- | C] () -- C:\Users\Public\Desktop\MX310 series On-screen Manual.lnk
[2013/11/07 00:24:55 | 000,003,584 | ---- | C] () -- C:\windows\SysNative\CNCFLdNL.DLL
[2013/11/06 15:25:59 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2013/09/13 10:48:51 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/08/22 08:32:41 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\pool.bin
[2013/05/24 19:35:13 | 000,000,581 | ---- | C] () -- C:\Users\Lizel\AppData\Local\cookies.ini
[2013/04/13 21:55:04 | 000,762,622 | ---- | C] () -- C:\Users\Lizel\Jefferson Point Lease Contract.pdf
[2013/04/02 12:44:58 | 000,616,690 | ---- | C] () -- C:\Users\Lizel\dl-901-signed- ID Card.pdf
[2013/01/22 10:24:28 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2012/08/06 09:36:22 | 000,598,780 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/08/06 09:36:08 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/08/06 09:36:06 | 000,755,048 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2012/04/20 16:59:44 | 000,001,536 | ---- | C] () -- C:\windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/08/02 01:28:20 | 019,758,080 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/08/02 00:08:10 | 017,561,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/09 07:39:57 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\AVG2013
[2013/08/14 17:43:36 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\Book Place
[2013/11/09 02:59:44 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\Canon
[2013/05/08 22:19:56 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\OpenOffice.org
[2013/05/16 07:17:02 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\PCCUStubInstaller
[2013/08/22 08:32:34 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\Research In Motion
[2013/08/03 16:47:09 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\ShopAtHome
[2013/12/01 20:25:04 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\supportdotcom
[2013/04/09 07:38:23 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\TuneUp Software
[2013/12/01 19:57:40 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\USTechSupport
[2013/04/02 12:49:25 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\WildTangent
[2013/03/28 18:00:56 | 000,000,000 | ---D | M] -- C:\Users\Lizel\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Onfinals

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!


  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

When they are complete let me have the two reports and let me know how things are running.

Gringo
  • 0

#3
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thanks, Gringo!

ADW log:

# AdwCleaner v3.014 - Report created 01/12/2013 at 21:54:56
# Updated 01/12/2013 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Lizel - SNOEKIES
# Running from : C:\Users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FR0IU56B\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Junkware removal log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 8 x64
Ran by Lizel on Sun 12/01/2013 at 22:08:25.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Failed to stop: [Service] ustspcodiskoptimizer
Failed to stop: [Service] ustsscheduler



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\ustechsupport
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\ustechsupport
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87EAB57C-D0B7-4CA9-8E26-191BFC989E26}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{66516A07-F617-488A-90CF-4E690CFB3C5F}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{87EAB57C-D0B7-4CA9-8E26-191BFC989E26}
Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{f5827716-9540-492e-9e9a-9f18bb2e7912}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\ustechsupport"
Successfully deleted: [Folder] "C:\Users\Lizel\AppData\Roaming\ustechsupport"
Successfully deleted: [Folder] "C:\Users\Lizel\appdata\local\packagetracer_69"
Successfully deleted: [Folder] "C:\Users\Lizel\appdata\locallow\packagetracer_69"
Failed to delete: [Folder] "C:\Program Files (x86)\packagetracer_69"
Failed to delete: [Folder] "C:\Program Files (x86)\ustechsupport"
Failed to delete: [Folder] "C:\Program Files (x86)\Common Files\ustechsupport"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mycleanpc"



~~~ FireFox

Emptied folder: C:\Users\Lizel\AppData\Roaming\mozilla\firefox\profiles\ol4ybaur.default\minidumps [2 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/01/2013 at 22:12:51.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Folder Deleted : C:\ProgramData\AVG SafeGuard toolbar
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Users\Lizel\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Lizel\AppData\LocalLow\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Lizel\AppData\LocalLow\iac
Folder Deleted : C:\Users\Lizel\AppData\Roaming\pccustubinstaller
File Deleted : C:\windows\System32\roboot64.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PackageTracer Search Scope Monitor]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [PackageTracer_69 Browser Plugin Loader]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{13119113-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33119133-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG SafeGuard toolbar
Key Deleted : HKLM\Software\AVG Security Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Secondary Start Pages]

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Lizel\AppData\Roaming\Mozilla\Firefox\Profiles\ol4ybaur.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13856 octets] - [01/12/2013 21:53:41]
AdwCleaner[S0].txt - [13566 octets] - [01/12/2013 21:54:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13627 octets] ##########
  • 0

#4
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
she seems a little faster, but do you see anything that still needs to be ripped off?
  • 0

#5
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Onfinals

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#6
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
I so wish I understood all of this, it seems like this was written by someone that REALLY knows windows OS in and out!

The PC ran the tool completely, produced the text file, and after closing .txt file it just froze. I had to manually restart it twice to then finally get to a log in screen. I though I have lost the boot files for a second. Anyway, here it is now.

Machine faster now!

ComboFix 13-12-01.01 - Lizel 12/02/2013 19:50:34.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3980.2592 [GMT -5:00]
Running from: c:\users\Lizel\Downloads\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG update module *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{0A014777-DE0E-47F2-9A60-DE9327A455BB}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2A997DC7-41A5-4501-8A36-0FE703EA3574}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5708E7EA-A568-443D-825C-717D8C8FC292}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5D559CA4-A3A7-4595-98B1-377F3C7F0821}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8F155E0E-93D0-4F5C-AB6F-3121DF76CA07}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ADD38B2F-4017-4B89-93A2-AA30218F6E08}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B06D608D-2FF4-4105-B344-5D2405D18592}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E2979C7F-BD3B-4879-9620-1F0CBD9C811A}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E5056134-FE78-48C4-8822-E4F37A360653}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1397101-9A7B-44B3-8D8B-28B32B304E1E}.xps
c:\users\Lizel\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FF22C2DD-910D-4B95-B0D3-1490043701F2}.xps
c:\users\Lizel\Documents\~WRL0004.tmp
c:\users\Lizel\Documents\~WRL0005.tmp
c:\users\Lizel\Documents\~WRL0006.tmp
c:\users\Lizel\Documents\~WRL0007.tmp
c:\users\Lizel\Documents\~WRL0008.tmp
c:\users\Lizel\Documents\~WRL0009.tmp
c:\users\Lizel\Documents\~WRL0693.tmp
c:\users\Lizel\Documents\~WRL1715.tmp
c:\users\Lizel\Documents\~WRL2062.tmp
c:\users\Lizel\Documents\~WRL2182.tmp
c:\users\Lizel\Documents\~WRL2856.tmp
c:\users\Lizel\Documents\~WRL3299.tmp
c:\users\Lizel\Documents\~WRL3391.tmp
c:\users\Lizel\Documents\~WRL3478.tmp
c:\users\Lizel\Documents\~WRL3539.tmp
c:\users\Lizel\Documents\~WRL3657.tmp
c:\users\Lizel\Documents\~WRL4089.tmp
c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 00:57 . 2013-12-03 00:57 -------- d-----w- c:\users\Lizel\AppData\Local\temp
2013-12-03 00:57 . 2013-12-03 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 03:08 . 2013-12-02 03:08 -------- d-----w- c:\windows\ERUNT
2013-12-02 02:53 . 2013-12-02 02:55 -------- d-----w- C:\AdwCleaner
2013-12-02 01:31 . 2013-12-02 01:31 -------- d-----w- c:\windows\Repair
2013-12-02 01:25 . 2013-12-02 01:25 -------- d-----w- c:\users\Lizel\AppData\Roaming\supportdotcom
2013-12-02 01:24 . 2013-12-02 02:58 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom
2013-12-02 00:57 . 2013-12-02 00:57 -------- d-----w- c:\program files (x86)\USTechSupport
2013-12-02 00:57 . 2013-12-02 00:57 -------- d-----w- c:\program files (x86)\Common Files\USTechSupport
2013-12-02 00:54 . 2013-12-02 03:09 -------- d-----w- c:\programdata\USTechSupport
2013-11-26 16:43 . 2013-11-26 16:45 -------- d-----w- c:\program files (x86)\PasswordBox
2013-11-24 11:24 . 2013-11-24 11:24 280752 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-14 16:58 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2013-11-14 16:58 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-14 16:57 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-14 16:57 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-13 20:52 . 2013-10-02 23:25 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 20:52 . 2013-10-01 22:22 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 20:52 . 2013-09-04 03:11 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-13 20:52 . 2013-10-10 09:21 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 20:51 . 2013-10-10 11:53 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-11-13 20:51 . 2013-10-10 09:20 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-11-13 20:51 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-11-13 20:51 . 2013-07-24 23:10 10799104 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll
2013-11-13 20:51 . 2013-09-13 22:33 3279360 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-13 20:51 . 2013-08-30 05:20 1173504 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-11-13 20:51 . 2013-08-29 23:48 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2013-11-09 07:58 . 2013-11-09 07:59 -------- d-----w- c:\users\Lizel\AppData\Roaming\Canon
2013-11-07 05:30 . 2013-11-07 05:30 -------- d-----w- c:\program files\Common Files\CANON
2013-11-07 05:29 . 2013-11-07 05:29 -------- d-----w- c:\program files\Canon
2013-11-07 05:26 . 2013-11-07 05:26 -------- d--h--w- c:\programdata\CanonBJ
2013-11-07 05:26 . 2007-04-15 20:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP8Z.DLL
2013-11-07 05:26 . 2007-04-15 20:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD8Z.DLL
2013-11-07 05:26 . 2013-11-07 05:26 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-11-07 05:25 . 2007-04-15 20:00 258560 ----a-w- c:\windows\system32\CNMLM8Z.DLL
2013-11-07 05:25 . 2007-03-15 05:13 229888 ----a-w- c:\windows\system32\CNC310O.DLL
2013-11-07 05:25 . 2007-03-23 07:32 92672 ----a-w- c:\windows\system32\CNC310I.DLL
2013-11-07 05:25 . 2007-03-19 01:40 246784 ----a-w- c:\windows\system32\CNC310L.DLL
2013-11-07 05:25 . 2007-03-23 07:33 1439744 ----a-w- c:\windows\system32\CNC310C.DLL
2013-11-07 05:23 . 2013-11-07 05:31 -------- d-----w- c:\program files (x86)\Canon
2013-11-06 20:29 . 2013-11-06 20:29 -------- d-----w- c:\users\Lizel\AppData\Local\ElevatedDiagnostics
2013-11-06 20:26 . 2013-11-06 20:26 -------- d-----w- c:\users\Lizel\AppData\Local\DriverTuner
2013-11-06 20:25 . 2013-11-06 20:31 -------- d-----w- c:\program files (x86)\DriverTuner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-21 15:35 . 2013-04-09 12:38 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-18 12:35 . 2013-04-09 12:26 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-14 17:39 . 2013-04-01 12:40 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-05 22:58 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-03 11:10 . 2013-10-03 11:11 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-10-03 11:10 . 2013-10-03 11:11 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-10-03 11:10 . 2013-10-03 11:11 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-10-03 11:10 . 2013-10-03 11:11 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-10-03 11:10 . 2013-10-03 11:11 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-10-03 11:10 . 2013-10-03 11:11 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-10-03 11:10 . 2013-10-03 11:11 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-10-03 11:10 . 2013-10-03 11:11 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-10-03 11:10 . 2013-10-03 11:11 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-10-03 11:10 . 2013-10-03 11:11 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-10-03 11:10 . 2013-10-03 11:11 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-10-03 11:10 . 2013-10-03 11:11 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-10-03 11:10 . 2013-10-03 11:11 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-10-03 11:10 . 2013-10-03 11:11 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
2013-08-01 23:41 2572944 ----a-w- c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{87011c4e-fcde-4476-9348-ecf16134fc1f}]
2013-06-18 12:42 708168 ----a-w- c:\progra~2\PACKAG~2\bar\1.bin\69bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{87eab57c-d0b7-4ca9-8e26-191bfc989e26}]
2013-06-18 12:42 62864 ----a-w- c:\program files (x86)\PackageTracer_69\bar\1.bin\69SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ff343558-d5a5-454a-bdd8-c5c81e179fed}"= "c:\program files (x86)\PackageTracer_69\bar\1.bin\69bar.dll" [2013-06-18 708168]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2013-08-01 2572944]
.
[HKEY_CLASSES_ROOT\clsid\{ff343558-d5a5-454a-bdd8-c5c81e179fed}]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-09 12:32 220632 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-09 12:32 220632 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-09 12:32 220632 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]
"ShopAtHomeWatcher"="c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2013-08-01 140944]
"ShopAtHomeUpdater"="c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe" [2013-08-01 179856]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
.
c:\users\Lizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 MTN Online. RunOuc;MTN Online. OUC;c:\program files (x86)\MTN Online\UpdateDog\ouc.exe;c:\program files (x86)\MTN Online\UpdateDog\ouc.exe [x]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\System32\drivers\ssadbus.sys;c:\windows\SYSNATIVE\drivers\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 THAccel;THAccel;c:\windows\system32\DRIVERS\THAccel.sys;c:\windows\SYSNATIVE\DRIVERS\THAccel.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\System32\drivers\tos_sps64.sys;c:\windows\SYSNATIVE\drivers\tos_sps64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PackageTracer_69Service;PackageTracerService;c:\progra~2\PACKAG~2\bar\1.bin\69barsvc.exe;c:\progra~2\PACKAG~2\bar\1.bin\69barsvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [x]
S2 THAccelSvc;TOSHIBA HDD Accelerator Service;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\Toshiba\Teco\TecoService.exe;c:\program files\Toshiba\Teco\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 USTSPCODiskOptimizer;USTSPCODiskOptimizer;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [x]
S2 USTSScheduler;US Tech Support Scheduling Service;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys;c:\windows\SYSNATIVE\drivers\FwLnk.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-02 c:\windows\Tasks\USTSPCO-USTSPCOOneClickCare.job
- c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCO.exe [2013-12-02 12:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-09 12:32 244696 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-09 12:32 244696 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-09 12:32 244696 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-18 12:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-18 12:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-18 12:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-14 12936848]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-08-20 2170784]
"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2012-08-14 169896]
"TSleepSrv"="c:\program files (x86)\TOSHIBA\System Setting\TSleepSrv.exe" [2012-08-04 1548952]
"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136]
"PackageTracer Home Page Guard 64 bit"="c:\progra~2\PACKAG~2\bar\1.bin\AppIntegrator64.exe" [2013-06-18 548936]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Internet Explorer provided by TOSHIBA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CED9B41E-55C4-4AE6-B2C5-77E22D612566}: NameServer = 209.212.96.1 208.67.220.220
FF - ProfilePath - c:\users\Lizel\AppData\Roaming\Mozilla\Firefox\Profiles\ol4ybaur.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-12-02 19:59:24
ComboFix-quarantined-files.txt 2013-12-03 00:59
.
Pre-Run: 528,328,237,056 bytes free
Post-Run: 528,631,947,264 bytes free
.
- - End Of File - - FA8BF7B917FB84AB5F6886F2DADA75E8
  • 0

#7
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Onfinals

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::



Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

  • 0

#8
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Will test machine for a bit now...

ComboFix 13-12-01.01 - Lizel 12/02/2013 23:21:15.2.4 - x64
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3980.2291 [GMT -5:00]
Running from: c:\users\Lizel\Desktop\ComboFix.exe
Command switches used :: c:\users\Lizel\Desktop\cfscript.txt
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG update module *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-03 to 2013-12-03 )))))))))))))))))))))))))))))))
.
.
2013-12-03 04:25 . 2013-12-03 04:25 -------- d-----w- c:\users\Lizel\AppData\Local\temp
2013-12-03 04:25 . 2013-12-03 04:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-02 03:08 . 2013-12-02 03:08 -------- d-----w- c:\windows\ERUNT
2013-12-02 02:53 . 2013-12-02 02:55 -------- d-----w- C:\AdwCleaner
2013-12-02 01:31 . 2013-12-02 01:31 -------- d-----w- c:\windows\Repair
2013-12-02 01:25 . 2013-12-02 01:25 -------- d-----w- c:\users\Lizel\AppData\Roaming\supportdotcom
2013-12-02 01:24 . 2013-12-02 02:58 -------- d-----w- c:\program files (x86)\Common Files\supportdotcom
2013-12-02 00:57 . 2013-12-02 00:57 -------- d-----w- c:\program files (x86)\USTechSupport
2013-12-02 00:57 . 2013-12-02 00:57 -------- d-----w- c:\program files (x86)\Common Files\USTechSupport
2013-12-02 00:54 . 2013-12-02 03:09 -------- d-----w- c:\programdata\USTechSupport
2013-11-26 16:43 . 2013-11-26 16:45 -------- d-----w- c:\program files (x86)\PasswordBox
2013-11-24 11:24 . 2013-11-24 11:24 280752 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10226.bin
2013-11-14 16:58 . 2013-08-23 07:22 2062848 ----a-w- c:\windows\system32\d3d11.dll
2013-11-14 16:58 . 2013-08-23 01:44 1711616 ----a-w- c:\windows\SysWow64\d3d11.dll
2013-11-14 16:57 . 2013-10-01 23:37 2035712 ----a-w- c:\windows\SysWow64\authui.dll
2013-11-14 16:57 . 2013-10-01 23:26 2304512 ----a-w- c:\windows\system32\authui.dll
2013-11-13 20:52 . 2013-10-02 23:25 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 20:52 . 2013-10-01 22:22 1022976 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 20:52 . 2013-09-04 03:11 576512 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-13 20:52 . 2013-10-10 09:21 1160192 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 20:51 . 2013-10-10 11:53 96600 ----a-w- c:\windows\system32\drivers\wfplwfs.sys
2013-11-13 20:51 . 2013-10-10 09:20 723968 ----a-w- c:\windows\system32\BFE.DLL
2013-11-13 20:51 . 2013-07-24 23:07 13661696 ----a-w- c:\windows\system32\Windows.UI.Xaml.dll
2013-11-13 20:51 . 2013-07-24 23:10 10799104 ----a-w- c:\windows\SysWow64\Windows.UI.Xaml.dll
2013-11-13 20:51 . 2013-09-13 22:33 3279360 ----a-w- c:\windows\system32\wuaueng.dll
2013-11-13 20:51 . 2013-08-30 05:20 1173504 ----a-w- c:\windows\system32\UIAutomationCore.dll
2013-11-13 20:51 . 2013-08-29 23:48 914432 ----a-w- c:\windows\SysWow64\UIAutomationCore.dll
2013-11-09 07:58 . 2013-11-09 07:59 -------- d-----w- c:\users\Lizel\AppData\Roaming\Canon
2013-11-07 05:30 . 2013-11-07 05:30 -------- d-----w- c:\program files\Common Files\CANON
2013-11-07 05:29 . 2013-11-07 05:29 -------- d-----w- c:\program files\Canon
2013-11-07 05:26 . 2013-11-07 05:26 -------- d--h--w- c:\programdata\CanonBJ
2013-11-07 05:26 . 2007-04-15 20:00 82944 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPP8Z.DLL
2013-11-07 05:26 . 2007-04-15 20:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPD8Z.DLL
2013-11-07 05:26 . 2013-11-07 05:26 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2013-11-07 05:25 . 2007-04-15 20:00 258560 ----a-w- c:\windows\system32\CNMLM8Z.DLL
2013-11-07 05:25 . 2007-03-15 05:13 229888 ----a-w- c:\windows\system32\CNC310O.DLL
2013-11-07 05:25 . 2007-03-23 07:32 92672 ----a-w- c:\windows\system32\CNC310I.DLL
2013-11-07 05:25 . 2007-03-19 01:40 246784 ----a-w- c:\windows\system32\CNC310L.DLL
2013-11-07 05:25 . 2007-03-23 07:33 1439744 ----a-w- c:\windows\system32\CNC310C.DLL
2013-11-07 05:23 . 2013-11-07 05:31 -------- d-----w- c:\program files (x86)\Canon
2013-11-06 20:29 . 2013-11-06 20:29 -------- d-----w- c:\users\Lizel\AppData\Local\ElevatedDiagnostics
2013-11-06 20:26 . 2013-11-06 20:26 -------- d-----w- c:\users\Lizel\AppData\Local\DriverTuner
2013-11-06 20:25 . 2013-11-06 20:31 -------- d-----w- c:\program files (x86)\DriverTuner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-21 15:35 . 2013-04-09 12:38 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-11-18 12:35 . 2013-04-09 12:26 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-11-14 17:39 . 2013-04-01 12:40 82896128 ----a-w- c:\windows\system32\MRT.exe
2013-11-05 22:58 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-03 11:10 . 2013-10-03 11:11 98816 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys
2013-10-03 11:10 . 2013-10-03 11:11 86016 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys
2013-10-03 11:10 . 2013-10-03 11:11 69632 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys
2013-10-03 11:10 . 2013-10-03 11:11 421376 ----a-w- c:\windows\system32\drivers\ewusbwwan.sys
2013-10-03 11:10 . 2013-10-03 11:11 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2013-10-03 11:10 . 2013-10-03 11:11 28672 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys
2013-10-03 11:10 . 2013-10-03 11:11 222464 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2013-10-03 11:10 . 2013-10-03 11:11 22016 ----a-w- c:\windows\system32\drivers\ew_hwupgrade.sys
2013-10-03 11:10 . 2013-10-03 11:11 212992 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys
2013-10-03 11:10 . 2013-10-03 11:11 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2013-10-03 11:10 . 2013-10-03 11:11 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll
2013-10-03 11:10 . 2013-10-03 11:11 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys
2013-10-03 11:10 . 2013-10-03 11:11 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys
2013-10-03 11:10 . 2013-10-03 11:11 1001472 ----a-w- c:\windows\system32\drivers\mod7700.sys
2013-09-05 05:43 . 2013-09-05 05:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{66516A07-F617-488A-90CF-4E690CFB3C5F}]
2013-08-01 23:41 2572944 ----a-w- c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{87011c4e-fcde-4476-9348-ecf16134fc1f}]
2013-06-18 12:42 708168 ----a-w- c:\progra~2\PACKAG~2\bar\1.bin\69bar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{87eab57c-d0b7-4ca9-8e26-191bfc989e26}]
2013-06-18 12:42 62864 ----a-w- c:\program files (x86)\PackageTracer_69\bar\1.bin\69SrcAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{ff343558-d5a5-454a-bdd8-c5c81e179fed}"= "c:\program files (x86)\PackageTracer_69\bar\1.bin\69bar.dll" [2013-06-18 708168]
"{311B58DC-A4DC-4B04-B1B5-60299AD3D803}"= "c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll" [2013-08-01 2572944]
.
[HKEY_CLASSES_ROOT\clsid\{ff343558-d5a5-454a-bdd8-c5c81e179fed}]
.
[HKEY_CLASSES_ROOT\clsid\{311b58dc-a4dc-4b04-b1b5-60299ad3d803}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\ShopAtHome.ShopAtHome]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-09 12:32 220632 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-09 12:32 220632 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-09 12:32 220632 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2013-04-05 59720]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ToshibaAppPlace"="c:\program files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe" [2010-09-23 552960]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-09-23 4411952]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-11-05 377800]
"ShopAtHomeWatcher"="c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe" [2013-08-01 140944]
"ShopAtHomeUpdater"="c:\users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe" [2013-08-01 179856]
"BlackBerryAutoUpdate"="c:\program files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2009-11-20 623960]
.
c:\users\Lizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Desktop Manager.lnk - c:\program files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe [2009-11-19 1807704]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ %I
.
R0 Avgboota;AVG Early Launch Anti-Malware Driver;c:\windows\system32\DRIVERS\avgboota.sys;c:\windows\SYSNATIVE\DRIVERS\avgboota.sys [x]
R2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe;c:\program files (x86)\AVG\AVG2013\avgfws.exe [x]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]
R2 MTN Online. RunOuc;MTN Online. OUC;c:\program files (x86)\MTN Online\UpdateDog\ouc.exe;c:\program files (x86)\MTN Online\UpdateDog\ouc.exe [x]
R2 USTSScheduler;US Tech Support Scheduling Service;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe;c:\program files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [x]
R2 vToolbarUpdater17.1.3;vToolbarUpdater17.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\System32\drivers\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\drivers\ew_usbenumfilter.sys [x]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbwwan.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\System32\drivers\ssadbus.sys;c:\windows\SYSNATIVE\drivers\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 THAccel;THAccel;c:\windows\system32\DRIVERS\THAccel.sys;c:\windows\SYSNATIVE\DRIVERS\THAccel.sys [x]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\System32\drivers\tos_sps64.sys;c:\windows\SYSNATIVE\drivers\tos_sps64.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys;c:\windows\SYSNATIVE\DRIVERS\avgfwd6a.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgwfpa;AVG Firewall Driver;c:\windows\system32\DRIVERS\avgwfpa.sys;c:\windows\SYSNATIVE\DRIVERS\avgwfpa.sys [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PackageTracer_69Service;PackageTracerService;c:\progra~2\PACKAG~2\bar\1.bin\69barsvc.exe;c:\progra~2\PACKAG~2\bar\1.bin\69barsvc.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe;c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [x]
S2 THAccelSvc;TOSHIBA HDD Accelerator Service;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe;c:\program files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [x]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\Toshiba\Teco\TecoService.exe;c:\program files\Toshiba\Teco\TecoService.exe [x]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 USTSPCODiskOptimizer;USTSPCODiskOptimizer;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe;c:\program files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\System32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
S3 FwLnk;FwLnk Driver;c:\windows\System32\drivers\FwLnk.sys;c:\windows\SYSNATIVE\drivers\FwLnk.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C63x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C63x64.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;c:\windows\system32\DRIVERS\rtwlane.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlane.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 TMachInfo;TMachInfo;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe;c:\program files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [x]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-04-09 12:32 244696 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-04-09 12:32 244696 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-04-09 12:32 244696 ----a-w- c:\users\Lizel\AppData\Local\Microsoft\SkyDrive\16.4.6012.0828\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-11-18 12:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-11-18 12:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-11-18 12:39 2328776 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-07-14 12936848]
"SRS Premium Sound HD"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-08-20 2170784]
"TCrdMain"="c:\program files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe" [BU]
"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2012-08-14 169896]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TSleepSrv"="c:\program files (x86)\TOSHIBA\System Setting\TSleepSrv.exe" [2012-08-04 1548952]
"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136]
"PackageTracer Home Page Guard 64 bit"="c:\progra~2\PACKAG~2\bar\1.bin\AppIntegrator64.exe" [2013-06-18 548936]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1840720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://toshiba13.msn.com
mStart Page = hxxp://toshiba13.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Internet Explorer provided by TOSHIBA
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CED9B41E-55C4-4AE6-B2C5-77E22D612566}: NameServer = 209.212.96.1 208.67.220.220
FF - ProfilePath - c:\users\Lizel\AppData\Roaming\Mozilla\Firefox\Profiles\ol4ybaur.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr]
"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.18.15\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2013-12-02 23:27:13
ComboFix-quarantined-files.txt 2013-12-03 04:27
ComboFix2.txt 2013-12-03 00:59
.
Pre-Run: 529,668,575,232 bytes free
Post-Run: 529,628,712,960 bytes free
.
- - End Of File - - A4DFF19F35EFA3AFB76081A20E085FC6
  • 0

#9
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Onfinals

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#10
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Laptop will not boot now.

After running last program, and after closing text file with log, simply stopped on blue screen. After 10 mins I restarted manually but it stops on black screen after Toshiba load screen. Every third attempt it progresses to the blue Windows 8 screen where you have the option to go through trouble shooting and machine reset. THis process carries on for at least and hour and then stops on a black screen. When you hard restart, it says 'undoing changes' and starts reset again.

I am now going to recover files using puppy linux before we loosed anything. I know I should have made a backup before the steps, but there you go. Gotta do this now!

Thanks

L
  • 0

Advertisements


#11
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
With some googling and playing with BIOS I finally bot puppy going, and copied files over from laptop to external HDD.

Good forum here!: http://puppylinux.or...ing Started.htm
  • 0

#12
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Onfinals

That is very strange as it had been awhile since we had removed anything

download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.

[*]First Press the Scan button.
[*]It will make a log (FRST.txt)
[/list]
I want you to poste the FRST.txt report into your reply to me

Gringo
  • 0

#13
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Success!

FRST.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-12-2013
Ran by SYSTEM on MININT-1MDFTKQ on 04-12-2013 21:53:30
Running from G:\
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12936848 2012-07-13] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip [223242 2012-08-19] ()
HKLM\...\Run: [TCrdMain] - C:\Program Files\Toshiba\Hotkey\TCrdMain_Win8.exe [2608040 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] - C:\Program Files\Toshiba\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\Toshiba\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\Toshiba\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\Toshiba\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [PackageTracer Home Page Guard 64 bit] - C:\Program Files (x86)\PackageTracer_69\bar\1.bin\AppIntegrator64.exe [548936 2013-06-18] ()
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [1840720 2007-04-03] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] - C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-09-22] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM-x32\...\Run: [AgentMonitor] - C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
HKLM-x32\...\Run: [ShopAtHomeWatcher] - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe [140944 2013-08-01] (ShopAtHome.com)
HKLM-x32\...\Run: [ShopAtHomeUpdater] - C:\Users\Lizel\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeUpdater.exe [179856 2013-08-01] (ShopAtHome.com)
HKLM-x32\...\Run: [BlackBerryAutoUpdate] - C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [623960 2009-11-19] (Research In Motion Limited)
HKU\Lizel\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-04-05] (Apple Inc.)
HKU\Lizel\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-04-05] (Apple Inc.)
Lsa: [Authentication Packages] %I
Startup: C:\Users\Lizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files (x86)\AVG\AVG2013\avgfws.exe [1432080 2013-09-04] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
S2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MTN Online. RunOuc; C:\Program Files (x86)\MTN Online\UpdateDog\ouc.exe [246112 2013-10-03] ()
S2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-09-17] (Microsoft Corporation)
S2 PackageTracer_69Service; C:\Program Files (x86)\PackageTracer_69\bar\1.bin\69barsvc.exe [42504 2013-06-18] (COMPANYVERS_NAME)
S2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2013-11-01] (PasswordBox, Inc.)
S2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.18.15\ccSvcHst.exe [126392 2012-07-23] (Symantec Corporation)
S2 THAccelSvc; C:\Program Files\TOSHIBA\HDD Accelerator\THAccelSvc.exe [214488 2012-08-10] (TOSHIBA CORPORATION)
S2 USTSPCODiskOptimizer; C:\Program Files (x86)\USTechSupport\PC Optimizer\USTSPCODefragSrv64.exe [283952 2013-11-15] (USTechSupport, LLC (www.ustechsupport.com))
S2 USTSScheduler; C:\Program Files (x86)\USTechSupport\SchedulerService\SchedulerService.exe [737600 2013-01-17] (US Tech Support LLC)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
S2 vToolbarUpdater17.1.3; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.3\ToolbarUpdater.exe [x]

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
S1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-17] (AVG Technologies CZ, s.r.o.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
S3 RimVSerPort; C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RTL8192Ce; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [1498256 2012-08-29] (Realtek Semiconductor Corporation )
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated)
S3 ssmirrdr; C:\Windows\system32\DRIVERS\ssmirrdr.sys [10112 2013-04-29] (support.com, Inc)
S0 THAccel; C:\Windows\System32\DRIVERS\THAccel.sys [131520 2012-08-10] (TOSHIBA CORPORATION)
S3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 RimUsb; \SystemRoot\System32\Drivers\RimUsb_AMD64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-04 21:53 - 2013-12-04 21:53 - 00000000 ____D C:\FRST
2013-12-03 06:09 - 2013-12-03 06:46 - 00000000 ___HD C:\$SysReset
2013-12-03 06:08 - 2013-12-03 06:46 - 00000000 _____ C:\Recovery.txt
2013-12-02 23:43 - 2013-12-02 23:43 - 00262144 _____ C:\Windows\System32\config\userdiff
2013-12-02 20:27 - 2013-12-02 20:27 - 00024936 _____ C:\ComboFix.txt
2013-12-02 16:49 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-02 16:49 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-02 16:49 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-02 16:49 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-02 16:49 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-02 16:49 - 2000-08-30 16:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-12-02 16:49 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-02 16:49 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-02 16:49 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-02 16:48 - 2013-12-02 20:27 - 00000000 ____D C:\Qoobox
2013-12-02 16:48 - 2013-12-02 16:57 - 00000000 ____D C:\Windows\erdnt
2013-12-02 16:36 - 2013-12-02 16:37 - 05151572 ____R (Swearware) C:\Users\Lizel\Desktop\ComboFix.exe
2013-12-01 19:12 - 2013-12-01 19:12 - 00002675 _____ C:\Users\Lizel\Desktop\JRT.txt
2013-12-01 19:08 - 2013-12-01 19:08 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 19:07 - 2013-12-01 19:07 - 01034531 _____ (Thisisu) C:\Users\Lizel\Desktop\JRT.exe
2013-12-01 18:53 - 2013-12-01 18:55 - 00000000 ____D C:\AdwCleaner
2013-12-01 18:52 - 2013-12-01 18:52 - 00002454 _____ C:\Users\Lizel\Desktop\steps.txt
2013-12-01 18:22 - 2013-12-01 18:22 - 00070798 _____ C:\Users\Lizel\Desktop\Extras.Txt
2013-12-01 18:21 - 2013-12-01 18:21 - 00102210 _____ C:\Users\Lizel\Desktop\OTL.Txt
2013-12-01 18:11 - 2013-12-01 18:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lizel\Desktop\OTL.exe
2013-12-01 17:31 - 2013-12-01 17:31 - 00000000 ____D C:\Windows\Repair
2013-12-01 17:26 - 2013-12-01 17:26 - 00623259 _____ C:\Users\Lizel\Downloads\USTech Support Diagnostic.exe
2013-12-01 17:25 - 2013-12-01 17:25 - 00000000 ____D C:\Users\Lizel\AppData\Roaming\supportdotcom
2013-12-01 17:24 - 2013-12-01 17:24 - 00809504 _____ C:\Users\Lizel\Downloads\Nexus_57.0.15.0.com
2013-12-01 16:57 - 2013-12-01 16:57 - 00002986 _____ C:\Windows\System32\Tasks\LAUNCH CDPCO
2013-12-01 16:57 - 2013-12-01 16:57 - 00001872 _____ C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
2013-12-01 16:57 - 2013-12-01 16:57 - 00001188 _____ C:\Users\Public\Desktop\Live PC Help.lnk
2013-12-01 16:57 - 2013-12-01 16:57 - 00000000 ____D C:\Program Files (x86)\USTechSupport
2013-12-01 16:54 - 2013-12-01 19:09 - 00000000 ____D C:\ProgramData\USTechSupport
2013-11-26 11:47 - 2013-11-26 11:47 - 00020480 ___SH C:\Users\Lizel\Documents\Thumbs.db
2013-11-26 08:43 - 2013-11-26 08:45 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-11-26 08:42 - 2013-11-26 08:42 - 00450808 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-18 04:35 - 2013-11-18 04:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 08:58 - 2013-08-22 23:22 - 02062848 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-11-14 08:58 - 2013-08-22 17:44 - 01711616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-14 08:57 - 2013-10-01 15:37 - 02035712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 08:57 - 2013-10-01 15:26 - 02304512 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 12:53 - 2013-10-12 00:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-11-13 12:53 - 2013-10-12 00:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-11-13 12:53 - 2013-10-12 00:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-11-13 12:53 - 2013-10-12 00:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-11-13 12:53 - 2013-10-12 00:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-11-13 12:53 - 2013-10-12 00:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-11-13 12:53 - 2013-10-12 00:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-11-13 12:53 - 2013-10-12 00:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-11-13 12:53 - 2013-10-12 00:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-11-13 12:53 - 2013-10-11 23:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 12:53 - 2013-10-11 23:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 12:53 - 2013-10-11 23:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 12:53 - 2013-10-11 23:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 12:53 - 2013-10-11 23:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 12:53 - 2013-10-11 23:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 12:53 - 2013-10-11 23:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 12:53 - 2013-10-11 23:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 12:52 - 2013-10-10 01:21 - 01160192 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 12:52 - 2013-10-02 15:25 - 01300992 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 12:52 - 2013-10-01 14:22 - 01022976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 12:52 - 2013-09-03 19:11 - 00576512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 12:51 - 2013-10-10 03:53 - 00096600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2013-11-13 12:51 - 2013-10-10 01:20 - 00723968 _____ (Microsoft Corporation) C:\Windows\System32\BFE.DLL
2013-11-13 12:51 - 2013-09-13 14:33 - 03279360 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-11-13 12:51 - 2013-08-29 21:20 - 01173504 _____ (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2013-11-13 12:51 - 2013-08-29 15:48 - 00914432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2013-11-13 12:51 - 2013-07-24 15:10 - 10799104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2013-11-13 12:51 - 2013-07-24 15:07 - 13661696 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2013-11-13 12:50 - 2013-10-01 15:37 - 01569280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 12:50 - 2013-10-01 15:26 - 01890816 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 12:50 - 2013-09-23 14:30 - 00419328 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 12:50 - 2013-09-23 14:30 - 00323072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 12:50 - 2013-09-13 17:15 - 00059416 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-11-13 12:50 - 2013-09-13 14:36 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2013-11-13 12:50 - 2013-09-13 14:36 - 00247296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2013-11-13 12:50 - 2013-09-13 14:36 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2013-11-13 12:50 - 2013-09-13 14:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2013-11-13 12:50 - 2013-09-13 14:36 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2013-11-13 12:50 - 2013-09-13 14:34 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-11-13 12:50 - 2013-09-13 14:33 - 01622016 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-11-13 12:50 - 2013-09-13 14:33 - 00773120 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-11-13 12:50 - 2013-09-13 14:33 - 00328192 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2013-11-13 12:50 - 2013-09-13 14:33 - 00252928 _____ (Microsoft Corporation) C:\Windows\System32\WUSettingsProvider.dll
2013-11-13 12:50 - 2013-09-13 14:33 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2013-11-13 12:50 - 2013-09-13 14:33 - 00142848 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-11-13 12:50 - 2013-09-13 14:33 - 00099328 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-11-13 12:50 - 2013-08-29 21:43 - 00061784 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\crashdmp.sys
2013-11-13 12:50 - 2013-08-20 22:39 - 00465240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-11-13 12:50 - 2013-08-09 22:30 - 00151896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tpm.sys
2013-11-13 12:50 - 2013-08-09 21:21 - 00817152 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2013-11-13 12:50 - 2013-08-09 19:58 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-13 12:50 - 2013-07-11 17:38 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\WSDApi.dll
2013-11-13 12:50 - 2013-07-11 17:30 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2013-11-08 23:59 - 2013-11-08 23:59 - 00000000 _____ C:\Users\Lizel\Sti_Trace.log
2013-11-08 23:58 - 2013-11-08 23:59 - 00000000 ____D C:\Users\Lizel\AppData\Roaming\Canon
2013-11-06 21:31 - 2013-11-06 21:31 - 00002069 _____ C:\Users\Public\Desktop\Canon MX310 series User Registration.LNK
2013-11-06 21:30 - 2013-11-06 21:30 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-11-06 21:29 - 2013-11-06 21:29 - 00002108 _____ C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
2013-11-06 21:29 - 2013-11-06 21:29 - 00002054 _____ C:\Users\Public\Desktop\Canon Solution Menu.lnk
2013-11-06 21:29 - 2013-11-06 21:29 - 00001807 _____ C:\Users\Public\Desktop\My Printer.lnk
2013-11-06 21:29 - 2013-11-06 21:29 - 00000000 ____D C:\Program Files\Canon
2013-11-06 21:28 - 2013-11-06 21:28 - 00002110 _____ C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
2013-11-06 21:27 - 2013-11-06 21:27 - 00002348 _____ C:\Users\Public\Desktop\MX310 series On-screen Manual.lnk
2013-11-06 21:26 - 2013-11-06 21:26 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-11-06 21:26 - 2013-11-06 21:26 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-11-06 21:25 - 2007-04-15 12:00 - 00258560 _____ (CANON INC.) C:\Windows\System32\CNMLM8Z.DLL
2013-11-06 21:25 - 2007-03-22 23:33 - 01439744 _____ (CANON INC.) C:\Windows\System32\CNC310C.DLL
2013-11-06 21:25 - 2007-03-22 23:32 - 00092672 _____ (CANON INC.) C:\Windows\System32\CNC310I.DLL
2013-11-06 21:25 - 2007-03-18 17:40 - 00246784 _____ (CANON INC.) C:\Windows\System32\CNC310L.DLL
2013-11-06 21:25 - 2007-03-14 21:13 - 00229888 _____ (Canon Inc.) C:\Windows\System32\CNC310O.DLL
2013-11-06 21:24 - 2013-11-06 21:24 - 00000000 ___HD C:\Program Files\CanonBJ
2013-11-06 21:24 - 2007-05-13 23:09 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdPT.DLL
2013-11-06 21:24 - 2007-05-10 20:46 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdGR.DLL
2013-11-06 21:24 - 2007-05-10 18:31 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdFI.DLL
2013-11-06 21:24 - 2007-05-09 17:42 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdTR.DLL
2013-11-06 21:24 - 2007-05-09 17:41 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdSE.DLL
2013-11-06 21:24 - 2007-05-09 17:41 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdRU.DLL
2013-11-06 21:24 - 2007-05-09 17:41 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdPL.DLL
2013-11-06 21:24 - 2007-05-09 17:41 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdES.DLL
2013-11-06 21:24 - 2007-05-09 17:40 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdNO.DLL
2013-11-06 21:24 - 2007-05-09 17:40 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdIT.DLL
2013-11-06 21:24 - 2007-05-09 17:40 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdHU.DLL
2013-11-06 21:24 - 2007-05-09 17:40 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdDE.DLL
2013-11-06 21:24 - 2007-05-09 17:39 - 00003584 _____ C:\Windows\System32\CNCFLdNL.DLL
2013-11-06 21:24 - 2007-05-09 17:39 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdFR.DLL
2013-11-06 21:24 - 2007-05-09 17:39 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdDK.DLL
2013-11-06 21:24 - 2007-05-09 17:39 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdCZ.DLL
2013-11-06 21:24 - 2007-05-09 17:38 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdAR.DLL
2013-11-06 21:24 - 2007-04-28 15:55 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdID.DLL
2013-11-06 21:24 - 2007-04-27 17:42 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdTH.DLL
2013-11-06 21:24 - 2007-04-27 17:13 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdKR.DLL
2013-11-06 21:24 - 2007-04-27 16:19 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdTW.DLL
2013-11-06 21:24 - 2007-04-27 00:16 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdCN.DLL
2013-11-06 21:24 - 2007-04-25 02:15 - 00183296 _____ (Canon Inc.) C:\Windows\System32\CNCF2Ld.DLL
2013-11-06 21:24 - 2007-04-25 02:10 - 00143360 _____ (Canon Inc.) C:\Windows\System32\CNCFMSd.EXE
2013-11-06 21:24 - 2007-04-25 02:06 - 00003584 _____ (Canon Inc.) C:\Windows\System32\CNCFLdUS.DLL
2013-11-06 21:24 - 2007-04-25 02:06 - 00003072 _____ (Canon Inc.) C:\Windows\System32\CNCFLdJP.DLL
2013-11-06 21:23 - 2013-11-06 21:31 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-06 12:26 - 2013-11-06 12:31 - 00003304 _____ C:\Windows\System32\Tasks\DriverTuner Startup
2013-11-06 12:26 - 2013-11-06 12:26 - 00000000 ____D C:\Users\Lizel\AppData\Local\DriverTuner
2013-11-06 12:25 - 2013-11-06 12:31 - 00001058 _____ C:\Users\Public\Desktop\DriverTuner.lnk
2013-11-06 12:25 - 2013-11-06 12:31 - 00000000 ____D C:\Program Files (x86)\DriverTuner

==================== One Month Modified Files and Folders =======

2013-12-04 21:53 - 2013-12-04 21:53 - 00000000 ____D C:\FRST
2013-12-03 15:15 - 2013-04-09 04:34 - 00000000 ____D C:\ProgramData\MFAData
2013-12-03 06:46 - 2013-12-03 06:09 - 00000000 ___HD C:\$SysReset
2013-12-03 06:46 - 2013-12-03 06:08 - 00000000 _____ C:\Recovery.txt
2013-12-03 03:49 - 2012-11-12 22:02 - 01255684 _____ C:\Windows\PFRO.log
2013-12-02 23:43 - 2013-12-02 23:43 - 00262144 _____ C:\Windows\System32\config\userdiff
2013-12-02 20:30 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\BBI
2013-12-02 20:27 - 2013-12-02 20:27 - 00024936 _____ C:\ComboFix.txt
2013-12-02 20:27 - 2013-12-02 16:48 - 00000000 ____D C:\Qoobox
2013-12-02 20:25 - 2012-07-25 21:26 - 00000215 _____ C:\Windows\system.ini
2013-12-02 20:19 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-02 20:15 - 2013-04-25 08:04 - 00000000 ____D C:\Users\Lizel\AppData\Local\CrashDumps
2013-12-02 18:00 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\System32\sru
2013-12-02 17:38 - 2013-03-28 14:58 - 01871667 _____ C:\Windows\WindowsUpdate.log
2013-12-02 17:30 - 2013-03-28 15:08 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3809426249-1239727763-2388386071-1001
2013-12-02 17:18 - 2012-07-25 23:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 16:59 - 2012-07-25 21:37 - 00000000 __RHD C:\users\Default
2013-12-02 16:57 - 2013-12-02 16:48 - 00000000 ____D C:\Windows\erdnt
2013-12-02 16:37 - 2013-12-02 16:36 - 05151572 ____R (Swearware) C:\Users\Lizel\Desktop\ComboFix.exe
2013-12-01 19:12 - 2013-12-01 19:12 - 00002675 _____ C:\Users\Lizel\Desktop\JRT.txt
2013-12-01 19:09 - 2013-12-01 16:54 - 00000000 ____D C:\ProgramData\USTechSupport
2013-12-01 19:08 - 2013-12-01 19:08 - 00000000 ____D C:\Windows\ERUNT
2013-12-01 19:07 - 2013-12-01 19:07 - 01034531 _____ (Thisisu) C:\Users\Lizel\Desktop\JRT.exe
2013-12-01 18:55 - 2013-12-01 18:53 - 00000000 ____D C:\AdwCleaner
2013-12-01 18:52 - 2013-12-01 18:52 - 00002454 _____ C:\Users\Lizel\Desktop\steps.txt
2013-12-01 18:22 - 2013-12-01 18:22 - 00070798 _____ C:\Users\Lizel\Desktop\Extras.Txt
2013-12-01 18:21 - 2013-12-01 18:21 - 00102210 _____ C:\Users\Lizel\Desktop\OTL.Txt
2013-12-01 18:11 - 2013-12-01 18:11 - 00602112 _____ (OldTimer Tools) C:\Users\Lizel\Desktop\OTL.exe
2013-12-01 17:31 - 2013-12-01 17:31 - 00000000 ____D C:\Windows\Repair
2013-12-01 17:26 - 2013-12-01 17:26 - 00623259 _____ C:\Users\Lizel\Downloads\USTech Support Diagnostic.exe
2013-12-01 17:25 - 2013-12-01 17:25 - 00000000 ____D C:\Users\Lizel\AppData\Roaming\supportdotcom
2013-12-01 17:24 - 2013-12-01 17:24 - 00809504 _____ C:\Users\Lizel\Downloads\Nexus_57.0.15.0.com
2013-12-01 16:57 - 2013-12-01 16:57 - 00002986 _____ C:\Windows\System32\Tasks\LAUNCH CDPCO
2013-12-01 16:57 - 2013-12-01 16:57 - 00001872 _____ C:\Users\Public\Desktop\MyCleanPC PC Optimizer.lnk
2013-12-01 16:57 - 2013-12-01 16:57 - 00001188 _____ C:\Users\Public\Desktop\Live PC Help.lnk
2013-12-01 16:57 - 2013-12-01 16:57 - 00000000 ____D C:\Program Files (x86)\USTechSupport
2013-12-01 16:55 - 2013-08-22 05:30 - 00000000 ____D C:\ProgramData\Research In Motion
2013-12-01 16:55 - 2013-08-22 05:29 - 00000000 ____D C:\Program Files (x86)\Research In Motion
2013-12-01 05:43 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\AUInstallAgent
2013-12-01 05:33 - 2013-03-28 14:57 - 00000000 ____D C:\users\Lizel
2013-11-28 18:22 - 2012-07-25 23:28 - 00848230 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-28 18:15 - 2012-11-12 22:30 - 00000000 ____D C:\ProgramData\Norton
2013-11-28 18:12 - 2012-07-26 00:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2013-11-28 18:12 - 2012-07-25 21:26 - 00262144 ___SH C:\Windows\System32\config\ELAM
2013-11-26 11:47 - 2013-11-26 11:47 - 00020480 ___SH C:\Users\Lizel\Documents\Thumbs.db
2013-11-26 11:47 - 2013-05-09 16:09 - 00000000 ____D C:\Users\Lizel\Documents\IphonesPics
2013-11-26 09:18 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\rescache
2013-11-26 08:45 - 2013-11-26 08:43 - 00000000 ____D C:\Program Files (x86)\PasswordBox
2013-11-26 08:42 - 2013-11-26 08:42 - 00450808 _____ C:\Windows\System32\FNTCACHE.DAT
2013-11-26 08:42 - 2013-09-06 05:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-24 04:08 - 2013-05-29 12:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-24 04:08 - 2012-07-25 21:26 - 00000167 _____ C:\Windows\win.ini
2013-11-22 01:54 - 2013-04-09 04:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-11-21 07:35 - 2013-04-09 04:38 - 00046368 _____ (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-11-18 08:32 - 2012-07-26 00:12 - 00000000 ____D C:\Windows\WinStore
2013-11-18 08:31 - 2012-07-26 00:12 - 00000000 ___RD C:\Windows\ToastData
2013-11-18 04:36 - 2013-11-18 04:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-14 09:54 - 2013-08-13 23:11 - 00000000 ____D C:\Windows\System32\MRT
2013-11-14 09:39 - 2013-04-01 04:40 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-08 23:59 - 2013-11-08 23:59 - 00000000 _____ C:\Users\Lizel\Sti_Trace.log
2013-11-08 23:59 - 2013-11-08 23:58 - 00000000 ____D C:\Users\Lizel\AppData\Roaming\Canon
2013-11-06 21:31 - 2013-11-06 21:31 - 00002069 _____ C:\Users\Public\Desktop\Canon MX310 series User Registration.LNK
2013-11-06 21:31 - 2013-11-06 21:23 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-06 21:30 - 2013-11-06 21:30 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-11-06 21:30 - 2012-07-26 00:12 - 00000000 __RSD C:\Windows\Media
2013-11-06 21:29 - 2013-11-06 21:29 - 00002108 _____ C:\Users\Public\Desktop\Easy-PhotoPrint EX.lnk
2013-11-06 21:29 - 2013-11-06 21:29 - 00002054 _____ C:\Users\Public\Desktop\Canon Solution Menu.lnk
2013-11-06 21:29 - 2013-11-06 21:29 - 00001807 _____ C:\Users\Public\Desktop\My Printer.lnk
2013-11-06 21:29 - 2013-11-06 21:29 - 00000000 ____D C:\Program Files\Canon
2013-11-06 21:28 - 2013-11-06 21:28 - 00002110 _____ C:\Users\Public\Desktop\MP Navigator EX 1.0.lnk
2013-11-06 21:27 - 2013-11-06 21:27 - 00002348 _____ C:\Users\Public\Desktop\MX310 series On-screen Manual.lnk
2013-11-06 21:26 - 2013-11-06 21:26 - 00000000 ___HD C:\Windows\System32\CanonIJ Uninstaller Information
2013-11-06 21:26 - 2013-11-06 21:26 - 00000000 ___HD C:\ProgramData\CanonBJ
2013-11-06 21:24 - 2013-11-06 21:24 - 00000000 ___HD C:\Program Files\CanonBJ
2013-11-06 12:31 - 2013-11-06 12:26 - 00003304 _____ C:\Windows\System32\Tasks\DriverTuner Startup
2013-11-06 12:31 - 2013-11-06 12:25 - 00001058 _____ C:\Users\Public\Desktop\DriverTuner.lnk
2013-11-06 12:31 - 2013-11-06 12:25 - 00000000 ____D C:\Program Files (x86)\DriverTuner
2013-11-06 12:26 - 2013-11-06 12:26 - 00000000 ____D C:\Users\Lizel\AppData\Local\DriverTuner
2013-11-05 14:58 - 2012-07-26 00:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

4
Restore point made on: 2013-11-22 00:00:35
Restore point made on: 2013-11-28 18:09:43
Restore point made on: 2013-12-01 16:55:29
Restore point made on: 2013-12-02 17:53:15

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 3980.21 MB
Available physical RAM: 3281.77 MB
Total Pagefile: 3980.21 MB
Available Pagefile: 3289 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: (TI10657300D) (Fixed) (Total:584.89 GB) (Free:493.37 GB) NTFS
Drive d: (System) (Fixed) (Total:0.44 GB) (Free:0.13 GB) NTFS
Drive f: (Recovery) (Fixed) (Total:10.46 GB) (Free:0.68 GB) NTFS
Drive g: (UUI) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.11 GB) (Free:0.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 596 GB) (Disk ID: 00000000)

Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: AD92CB57)
Partition 1: (Active) - (Size=4 GB) - (Type=0B)


LastRegBack: 2013-11-29 04:25

==================== End Of Log ============================
  • 0

#14
gringo_pr

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello Onfinals



Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

LastRegBack: 2013-11-29 04:25


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo
  • 0

#15
Onfinals

Onfinals

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi,
Upon restart after running the fix, the Laptop progressed to 'Thoshiba' screen - I guess some sort of firmware - , and started a 'Scanning and repairing drive' scan on (C:). The font of the text looks like Windows 8 related. Does Windows then check disk before the OS starts up completely? After being sutck on 39% for 2 minutes, it jumped to 100% immediately and stayed there for 20 minutes. So I hard shut down (press power button for 5+ seconds), and then restarted...back in windows 8 all the way!

She seems ok.

What would you need to see to ascertain as to whether it is running OK?

Thank you!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-12-2013
Ran by SYSTEM at 2013-12-07 12:08:04 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2013-11-29 04:25
*****************

Could not copy DEFAULT hive.
Could not restore DEFAULT hive from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP